NSTSSI Security Education Standards
3. THREATS AND INCIDENTS a. Definitions (1) define the term "adversary"; and (2) define the term "threat." b. Compromise (1) discuss the impact of a compromise by these definitions: the disclosure of classified data to a$ unauthorized person; an unauthorized disclosure, modification, destruction, or loss of sensitive information; disclosure of a password, or part of a password, to someone not authorized to know, have, or use the password; authorized disclosure or loss of sensitive data; and (2) describe why the common thread among compromise definitions is "an unauthorized disclosure." c. Computer Crime (1) summarize how computer crime can involve either the computer as a tool or the computer as a target; and (2) outline the methods of computer crime: fraud, embezzlement, and unauthorized access. d. Security Incident outline the categories of security incidents: compromise, possible compromise, inadvertent disclosure, deviation, and any adverse event associated with a computer system that is a failure to comply with departmental security regulations or directives. e. Malicious Code (1) define the term "malicious code"; (2) define the term "malicious logic"; and (3) give examples of effects of the following malicious code or logic: logic bomb, time bomb, trap door, trojan horse, virus, worm, back-door, maintenance hook, and spoofing. f. Malicious Actions give example of the effects of the following malicious actions: active attack, wire tapping, browsing, covert channel, jamming, software piracy, passive attack, traffic analysis, and monitoring. g. Non-Specific Concerns discuss the following types of non-specific threats to systems and information: contamination, data contamination, data corruption, and cascading. h. Protection Techniques discuss the effects of the following protection techniques: anti-virus program, audit analysis tools, electronic monitoring, intrusion detection, monitoring (e.g., dataline, sniffer), and traffic analysis. i. Incident Handling (1) explain the role of the DAA in criminal prosecution; (2) explain the importance of evidence acceptability in incident handling; (3) explain the impact of evidence collection and preservation in incident handling; (4) identify responsibilities associated with evidence collection and preservation in incident handling; (5) discuss responsibilities for investigation of security breaches; and (6) explain the DAA role in security violations reporting.