DOD Cyber Awareness Training

DOD Cyber Awareness Training Flashcards A curated collection of 100 terms >PROTECTION - To protect Controlled Unclassified Information (CUI):? Properly mark all CUI? Store CUI data only on authorized information systems? Don't transmit, store, or process CUI on non-approved systems? Mark, handle, and store CUI properlyo Reduce risk of access during working hours o Store after working hours:? Locked or unlocked containers, desks, cabinets, if security is present? Locked containers, desks, cabinets if no security is present or is deemed inadequate?Follow policy in DoD Instruction 5200.48, "Controlled Unclassified Information (CUI)" for retention or disposal? Comply with the DoD Cyber Regulations outlined in the Defense Federal Acquisition Regulation Supplement (DFARS) for CUI and CTI handling requirements >USE - When using removable media:? Users must properly identify and disclose removable media with local Configuration/Change Management (CM) Control and Property Management authorities?Users shall comply with site CM policies and procedures? Media shall display a label inclusive of maximum classification, date of creation, POC, and CM Control Number >NFC - Exercise caution when using near field communication (NFC):? NFC is wireless technology that enables your electronic devices to establish communications and exchange information when placed next to each other. Smartphones can be enabled to:o Read electronic tag information, such as proximity cards or other objects with embedded NFC tagso Transmit information electronically, such as when making credit card payments with information held on the smartphone? Security risks:o Eavesdropping: an adversary intercepts the signalo Data manipulation or corruption: an adversary intercepts the signal and alters ito Viruses: stored financial or mission information increases potential rewards for hackers? Only use NFC with your Government-furnished device as instructed and permitted by your organization

>RISKS - The risks associated with removable media include:? Introduction of malicious code?Compromise of systems' confidentiality, availability, and/or integrity? Spillage of classified informationPotential consequences:? Shutdown of systems? Compromise of information, systems, programs, and/or assets? Loss of mission? Loss of life >TRAVEL - Use caution when connecting laptops to hotel Internet connections. If you are directed to a login page before you can connect by VPN, the risk of malware loading or data compromise is substantially increased.When traveling overseas with mobile devices, including laptops and cell phones:When traveling overseas with mobile devices: ? Be aware that information sent over public Wi-Fi connections may be exposed to theft, and the device may be exposed to malware?Fake Wi-Fi access points may be used for deception? Use public or free Wi-Fi only with the Government VPNWhen traveling overseas with mobile devices:? Be careful and do not travel with mobile devices, unless absolutely necessary? Report your travel if carrying a device approved under Bring Your Own Approved Device (BYOAD) policy so it can be unenrolled while out of the country? Assume that any electronic transmission you make (voice or data) may be monitoredo Mobile phones carried overseas are often compromised upon exiting the plane?Physical security of mobile devices carried overseas is a major issue? Devices not in your custody or in secure U.S. Government facility storage should be assumed to be compromised >CUI - ControlledUnclassified Information (CUI) is Government information that must be handled using safeguarding or dissemination controls. It includes, but is not limited to, Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, and operational information. It may contain information:? Provided by a confidential source (person, commercial business, or foreign government) on condition it would not be released? Related to contractor proprietary or source selection data? That could compromise Government missions or interestsCUI is NOT classified information and may only be marked as CUI if it belongs to a category established in the DoD CUI Registry.>CPCON The United States Cyber Command (USCYBERCOM) Instruction 5200-13 establishes Cyberspace Protection Conditions (CPCON) for the DoD. CPCON establishes protection priorities for each level during significant cyberspace events, as shown in the table below.Depending on the CPCON level, users may experience disruptions in service or access to physical spaces.

>RESPONSE - 2 If you find classified government data/information not cleared for public release on the internet:Remember that leaked classified or controlled information is still classified/controlled even if it has already been compromised.Do not download leaked classified or controlled information because you are not allowed to have classified information on your computer and downloading it may create a new case of spillageNote any identifying information and the website's URLReport the situation to your security POCRefer any inquiries to your organization's public affairs officeRemember! Any comment by you could be treated as official confirmation by a Government spokesperson.>SOCIAL ENGINEERING EMAILS - JOHN ANDERSON

[REQUIRED PROFILE UPDATE]

Report e-mail >MARKING - When handling SCI:? Mark classified information appropriatelyo Use proper markings, including paragraph portion markingso Use Security Classification Guideso Use Classification Management Tool (CMT) (ICS 500-8) for email and electronic documents? Attach appropriate cover sheets? Take precautions when transporting classified information through unclassified areas? Complete annually required classification trainingA Security Classification Guide:?Provides precise, comprehensive guidance regarding specific program, system, operation, or weapon system elements of information to be classified, including:o Classification levelso Reasons for classificationo Duration of classification? Is approved and signed by the cognizant Original Classification Authority (OCA)? Is an authoritative source for derivative classification?Ensures consistent application of classification to the same information >WHEN IS IT OKAY TO CHARGE A PERSONAL MOBILE DEVICE

USING GOVERNMENT-FURNISHED EQUIPMENT (GFE)?

This is never okay.>WHAT IS THE DANGER OF USING PUBLIC WI-FI

CONNECTIONS?

Both of these

>MALICIOUS CODE - Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Malicious code includes viruses, Trojan horses, worms, macros, and scripts.Malicious code can be spread by e-mail attachments, downloading files, and visiting infected websites.>GPS - Many mobile devices and applications can track your location without your knowledge or consent.Mobile device tracking can:? Geolocate you? Display your location? Record location history? Activate by defaultStop and think before you wear or use a mobile device!>REPORTING - Individuals experiencing stressful situations may be vulnerable to exploitation.To protect against the insider threat, be alert to and report any suspicious activity or behavior or potential security incident in accordance with your agency's insider threat policy to include:? Attempt to access sensitive information without the need-to-know? Unauthorized removal of sensitive information? Unusual request for sensitive information? Bringing an electronic device into prohibited areas? Sudden purchases of high value items/living beyond one's means? Overseas trips for no apparent reason or of short duration ? Alcohol or drug problems? Abrupt changes in personality or workplace behavior? Consistent statements indicative of hostility or anger toward the United States and its policies >WHAT LEVEL OF DAMAGE TO NATIONAL SECURITY CAN

YOU REASONABLY EXPECT TOP SECRET INFORMATION TO

CAUSE IF DISCLOSED?

Exceptionally grave damage >WHAT SHOULD THE PARTICIPANTS IN THIS CONVERSATION

INVOLVING SCI DO DIFFERENTLY?

Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.