Security Policies
The full definition for the CIA Triad.
What is Confidentiality, Integrity, and Availability?
A exploitable flaw in design.
What is a vulnerabilit?
The team which responds to cyber incidents.
Who is the CIRT?
This protects a computer/network on one side from attackers and threats on the other side.
What is a firewall?
The three types of zones on a network.
What is Private, DMZ, and Public?
The requirements to receive classified information.
What is the need to know, signed NDA, proper clearance level, and eligibility?
The intentional intelligent act of an attacker attempting to enter our network.
What is a network attack?
This category deals with investigations……
What is category 8?
The network access controller used on a device via installed software.
What is a agent NAC?
The percentage of cyberattacks that could be stopped if we practices cyber hygiene best practices.
What is 90%!
Legacy information is not remarked or reclassified when transferred into control of this organization.
What is the Department of Defense?
When an bad actor changes records and entities within our system it is known by this name.
What is Data Diddling?!?!
Data captured (being lessons learned, root causes, and other problems) during the postmortem/post-incident analysis goes to these places.
Where is the MAJCOM and UNIT?
The definition of fuzzing as established by professor Tizmo PHD.
What is the process of checking for functionality by inputting random data to check for crashing, leaks, bugs, and vulnerabilities?
This measures our current state of readiness.
What is baselining?
The Air Force specific threat that isn’t malware or unauthorized access.
What is Fraud, Waste, and Abuse?
The social engineering tactic that targets a specific group or person commonly done through social media.
What is spear phishing?
The first steps directly after a Incident occurs, before the CIRT has been activated.
What is containing the affected system, and notifying the CIRT?
XSS uses this type of code to steal all my cookies!
And inject evil code straight into my apps TO STEAL MORE COOKIES!
What is JavaScript?
The old Russian man that steals your copper cables. He did this because you didn‘t secure the cable emanations.
Who is TEMPEST?
All information systems need to be encrypted and secured according to this security policy.
What is COMSEC? (Or COMPUSEC)
Software hidden under from the administrators via an attacker to give them access to our system. Not a Trojan horse!
What is a root kit?
Coordination of cyber incidents should be done with these two agencies.
Who is CORA and AF-DAMO?
A firewall that sits on the edge of our network.
What is a hardware firewall?
The documentation that must be completed during preliminary response actions in accordance with OSI policy.
What is Chain of Custody documentation?