IA/ Cyber Security Flashcards Preview

Second Class Exam > IA/ Cyber Security > Flashcards

Flashcards in IA/ Cyber Security Deck (36)
Loading flashcards...
1

Define IA

information operations that protect and defend information systems

2

Define Cert

the evaluation of a technical and non- technical security features of an information system

3

Define Accreditation

is the official management decision to operate an information system in a specified environment

4

Define DAA

the official who assumes formal responsibility for operating a system

5

Define System Security plan

system security plan is the formal document prepared by the information system owner

6

ATO

authority to operate

7

IATO

interim authourity to operate

8

Risk management

allows IT managers to balance the cost of protective measures while achieving mission capability

9

Five attributes of IA

confidentiality, authentication, availability, non-repudiation, integrity

10

Catagories of computer incidents:

malicious logic, user level intrusion, root level intrusion

11

IAVA

information assurance vulnerability alert

12

IAVB

information assurance vulnerability bulletin

13

IAVT

information assurance vulnerability technical advisory

14

MALICIOUS CODE

ANY CODE THAT IS PART OF A SOFTWARE SYSTEM THAT IS INTENDED TO CAUSE SECURITY BREACHES OR DAMAGE TO A SYSTEM

15

ZOMBIE

A COMPUTER THAT HAS BEEN COMPROMISED AND USED TO PERFORM MALICIOUS TASKS UNDER REMOTE DIRECTION

16

BOT

USED TO SPREAD EMAIL SPAM AND LAUNCH DENIAL-OF-SERVICE ATTACKS. SOFTWARE APPLICATION THAT RUN AUTOMATIC TASKS OVER THE INTERNET

17

BOTNET

COLLECTION OF ZOMBIE WORKSTATIONS RUNNING BOTS (SOFTWARE APPLICATIONS THAT RUN AUTOMATIC TASKS OVER THE INTERNET) TO SPREAD EMAIL SPAM AND LAUNCH DOS

18

ZERO DAY EXPLOIT

THREAT OR ATTACK THAT EXPLOITS A PREVIOUSLY UNKNOWN VULNERABILITY IN A COMPUTER APPLICATION OR OPERATING SYSTEM THAT DEVELEPORS HAVE NOT HAD TIME TO ADDRESS AND PATCH.

19

SPYWARE

SOFTWARE THAT AIDS IN GATHERING INFORMATION ABOUT A PERSON OR ORGANIZATION WITHOUT THEIR KNOWLEDGE. SENDS INFORMATION TO OTHER ENITITES.

20

LOGIC BOMB

A CODE INTENTIONALLY INSERTED INTO A SOFTWARE SYSTEM THAT WILL SET OFF A MALICIOUS FUNCTION WHEN SPECIFIC CONDITIONS ARE MET.

21

KEYLOGGERS

SOFTWARE THAT LOGS EVERY KEYSTROKE AND WRITES IT TO A FILE.

22

PRIVELAGE ESCALATORS

USER WHO GAINS ELEVATED ACCESS TO RESOURCES THAT ARE NORMALLY PROTECTED FROM AN APPLICATION OR USE.

23

DENIAL-OF-SERVICE

AN ATTEMPT TO MAKE A MACHINE OR NETWORK RESOURCE UNAVAILABLE TO ITS INTENDED USERS. PING OF DEATH.

24

DISTRIBUTED-DENIAL-OF-SERVICE

LARGE SCALE DENIAL OF SERVICE

25

EXPLOIT

SOFTWARE THAT TAKES ADVANTAGE OF A BUG, GLITCH, OR VULNERABILITY. CAUSES UNINTENDED BEHAVIOUR.

26

GLOBAL INFORMATION GRID

AN ALL ENCOMPASSING COMMUNICATION PROJECT OF THE UNITED STATES DoD

27

IAM

IN CHARGE OF IA PROGRAM. OVERSEE ALL IAO’S, IAVA’S, SECURITY MEASURES, EVALUATIONS AND ACCREDITATIONS.

ENSURES SECURITY INTRUCTIONS, GUIDANCE AND SOP’S ARE MAINTAINED AND IMPLEMENTED

28

IAO

APPLIES EVERYTHING (IN TO EFFECT) THAT THE IAM OVERSEES.

29

NCDOC (NAVY CYBER DEFENSE OPERATIONS COMMAND)

IN CHARGE OF INCIDENTS, MONITORS NETWORK ACTIVITY FOR MALICIOUS EVENTS.

30

BLUE TEAM

PROTECT FROM THE INSIDE. TEAM COMES TO THE SHIP AND SCANS THE ENTIRE NETWORK LOOKING FOR VULNERABILITIES. ONCE IDENTIFIED THEY INFORM THE COMMAND, AND THE COMMAND IS RESPONSIBLE FOR FIXING THE DISCREPANCIES. CTN’S