Cyber Security

Cyber Security Mission

Computing Responsibilities

Availability

The Enemy

Internet

100

This core principle of information security ensures information is available only to authorized persons

What is Confidentiality?

100

These grant access to computers and are never shared.

What are passwords?

100

It is a word or phrase that verifies that you and only you had access to the account.

What is a Password?

100

They are people who traditionally tried to gain access to computers remotely to learn more and for intellectual curiosity. Currently, they only make up 17% of computer intrusions.

Who are hackers?

100

A program that is designed only to read Hyper Text Markup Language (HTML) web pages downloaded from Internet websites. They can have helpers or add-on functions incorporated by using interpreters to read the additional instructions and provide different web content types. Internet Explorer, Firefox and Safari are examples of these.

What is a browser? (or web browser)

200

This core principle of information security ensures information is not accidentally or maliciously changed

What is Integrity?

200

This action can prevent unauthorized access to your computer sessions when you step away.

What is lock before you leave or locking your computer?

200

An identifier that uniquely tracks actions to individuals.

What is an Account? (or Login ID)

200

Is the risk presented to an organization by current or past employees who have knowledge of how the organization works and what and where the most valuable (damaging) information might reside.

What is Insider threat?

200

Easily readable programs that automate or provide extra function on a computer system or in an application or browser. ActiveX and JavaScript are examples of this type of language.

What is Scripting? (or Scripting Code or Scripting Language)

300

This core principle of information security ensures computers and information are effective in supporting the mission.

What is Availability?

300

This can prevent loss of data in case of hard drive failure.

What are backups?

300

The ability to recover, converge or self-heal to restore normal operations after a disruptive event.

What is Resiliency?

300

These are well run groups of crooks who methodically look for computer vulnerabilities to steal large numbers of financial or credit card accounts for financial profit.

Who are organized crime groups?

300

A type of a program that takes scripting language and reads it so it can be acted on by a browser or an application. These are found in almost all operating systems, web browsers and many commercial off the shelf application programs.

What is an Interpreter?

400

This is the process of evaluating vulnerabilities and threats, identifying countermeasures, and applying mitigating actions to reduce risk to an acceptable level based on the value of the information.

What are Risk Management?

400

This means examining links URLs before using them and is also an ORNL Cyber Security slogan

What is "Think Before You Link"?

400

The deployment or provisioning of duplicate devices in critical areas to take over active operation if the primary device or system fails.

What is Redundancy?

400

They are structured groups funded by other governments and dedicated to mapping out the internet addresses for the purpose of espionage and possible computer attacks.

What is state sponsored hacking?

400

The contents of electronic documents that can carry out or trigger actions automatically, on a computer platform, without the intervention of a user. Active content includes built in macro processing, scripting languages, or virtual machines. A significant share of today’s malware involves this type of programs.

What is Active Content?

500

These state that all systems at ORNL must have an Approval to Operate (ATO) prior to becoming operational. The ATO is contingent upon successful documentation and certification that appropriate security measures are in place.

What are DOE Requirements?

500

A necessary process to limit the kinds of hardware and software which minimizes the number of different vulnerabilities and reduces exposure to security weaknesses.

What is Standardization or System Hardening?

500

To apply or maintain permissions to prevent an account from getting information they are not authorized to see while making the information available to those who are authorized.

What is Access Control?

500

The weakest link in every computer system. The one person who can through thoughtlessness, unawareness or accident, cause loss of work products through deletion, corruption or improperly safeguarding data.

Who are you? (Who am I?)

500

A program, script, macro or other portable instruction, that can be shipped unchanged to a variety of platforms and executed with the same result. Some of the most common forms of mobile code are JavaScript, Asynchronous JavaScript and eXtended Markup Language (XML) or AJAX, Java applets, ActiveX, and Flash. It is being adapted to run on cell phones, PDAs, and other devices.

What is Mobile Code?