Insider Threat
This term describes an insider who has been secretly recruited or coerced by a Foreign Intelligence Entity (FIE) to steal classified or sensitive national defense information.
What is a mole (or spy/espionage agent)?
This concept dictates that access to sensitive information is granted only if it is explicitly required for personnel to execute specific mission tasks.
What is "need-to-know"?
This document provides the structured scenario and discussion points for a simulated, non-technical walkthrough of an incident response plan.
What is a Tabletop Exercise (TTX) Plan?
This practice is critical because it mitigates vulnerabilities, effectively preventing exploitation by cyber attackers.
What is patch management?
An employee reports their system behaving strangely. How should cybersecurity professionals investigate?
Check system logs, scan for malware, analyze recent updates, and validate user activities.
This term describes the severe threat scenario where two or more insiders secretly work together to bypass security mechanisms, such as the two-person rule.
What is collusion?
This one-way mathematical algorithm generates a fixed-size character string to verify that a file or message has not been altered.
What is a hash function (or hashing)?
This living document maintains a centralized, up-to-date inventory of all hardware, software, and firmware assets currently operating within the mission boundary.
What is a Baseline Configuration (or Asset Inventory)?
Name the difference between hotfixes, patches, and updates
Hotfix: urgent fix for a specific issue
Patch: fixes security vulnerabilities
Update: improves functionality and security
This AI-generated synthetic media replaces a person's likeness or voice in an existing image or video, often used for disinformation.
What is a Deepfake?
This formal acknowledgment, often displayed as a login banner, explicitly informs users that they have no reasonable expectation of privacy and their actions are subject to monitoring.
What is a User Agreement or Warning Banner
These cryptographic tools provide non-repudiation by proving both the identity of the sender and that the message content was not modified in transit.
What are digital signatures?
This structured plan dictates the specific phases—such as containment, eradication, and recovery—for handling a detected cyber attack.
What is an Incident Response Plan (IRP)?
A recent patch caused system instability. What should be done?
Roll back the patch and investigate compatibility issues before reapplying
In Windows, running this specific command-line utility displays all current TCP/IP network configuration values, including your IP address.
What is ipconfig?
This federal law protects employees who report internal waste, fraud, or abuse from retaliation, but it does not authorize the unauthorized disclosure of classified mission data.
What is the Whistleblower Protection Act?
This access control method requires a user to provide two or more different categories of credentials, such as a pin and a CAC.
What is Multi-Factor Authentication (MFA)?
This required tracking document outlines identified security weaknesses in a system, including the resources, milestones, and target dates for mitigating them.
What is a Plan of Action and Milestones (POA&M)?
A company delays patching critical systems due to operational concerns. What risk does this pose?
Increased likelihood of exploit due to known invulnerabilities.
Before discarding old hard drives or sensitive printed CUI, you should run them through this machine to prevent data recovery.
What is a Shredder (or Media Destroyer)?
This specific group of personnel, which includes system and network administrators, poses the highest operational risk because they possess the technical capability to alter logs and bypass security controls.
What are Privileged Users?
This hardware configuration uses multiple redundant disk drives to ensure that data remains accessible even if a single drive fails.
What is RAID (Redundant Array of Independent Disks)?
This tactical document provides step-by-step technical instructions for restoring IT infrastructure, servers, and data after a catastrophic event.
What is a Disaster Recovery Plan (DRP)?
This occurs when a security tool incorrectly flags legitimate, harmless activity as a potential threat.
What is a False Positive?
Operating like the internet's phonebook, this service translates human-readable domain names (like www.army.mil) into numerical IP addresses.
What is DNS (Domain Name System)?