 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
3. THREATS AND INCIDENTS
a. Definitions
(1) define the term "adversary"; and
(2) define the term "threat."
b. Compromise
(1) discuss the impact of a compromise by these definitions: the disclosure of classified data to a$
unauthorized person; an unauthorized disclosure, modification, destruction, or loss of sensitive
information; disclosure of a password, or part of a password, to someone not authorized to know,
have, or use the password; authorized disclosure or loss of sensitive data; and
(2) describe why the common thread among compromise definitions is "an unauthorized disclosure."
c. Computer Crime
(1) summarize how computer crime can involve either the computer as a tool or the computer as a
target; and
(2) outline the methods of computer crime: fraud, embezzlement, and unauthorized access.
d. Security Incident
outline the categories of security incidents: compromise, possible compromise, inadvertent disclosure,
deviation, and any adverse event associated with a computer system that is a failure to comply with
departmental security regulations or directives.
e. Malicious Code
(1) define the term "malicious code";
(2) define the term "malicious logic"; and
(3) give examples of effects of the following malicious code or logic: logic bomb, time bomb, trap
door, trojan horse, virus, worm, back-door, maintenance hook, and spoofing.
f. Malicious Actions
give example of the effects of the following malicious actions: active attack, wire tapping, browsing,
covert channel, jamming, software piracy, passive attack, traffic analysis, and monitoring.
g. Non-Specific Concerns
discuss the following types of non-specific threats to systems and information: contamination, data
contamination, data corruption, and cascading.
h. Protection Techniques
discuss the effects of the following protection techniques: anti-virus program, audit analysis tools,
electronic monitoring, intrusion detection, monitoring (e.g., dataline, sniffer), and traffic analysis.
i. Incident Handling
(1) explain the role of the DAA in criminal prosecution;
(2) explain the importance of evidence acceptability in incident handling;
(3) explain the impact of evidence collection and preservation in incident handling;
(4) identify responsibilities associated with evidence collection and preservation in incident handling;
(5) discuss responsibilities for investigation of security breaches; and
(6) explain the DAA role in security violations reporting.