Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
DoD Cyber Incident Category 0 |
Training and Exercises |
|
|
DoD Cyber Incident Category 1
|
Root–Level Intrusions
|
|
|
DoD Cyber Incident Category 2
|
User–Level Intrusions |
|
|
DoD Cyber Incident Category 3
|
Unsuccessful Activity Attempt
|
|
|
DoD Cyber Incident Category 4
|
Denial of Service
|
|
|
DoD Cyber Incident Category 5
|
Non–Compliance Activity
|
|
|
DoD Cyber Incident Category 6
|
Reconnaissance
|
|
|
DoD Cyber Incident Category 7
|
Malicious Code
|
|
|
DoD Cyber Incident Category 8
|
Investigating
|
|
|
DoD Cyber Incident Category 9
|
Explained Anomaly
|
|
|
Operations performed for training purposes and support to exercises.
|
Cyber Incident Definition Category 0: Training and Exercises
|
|
|
Unauthorized privileged access to an IS. Privileged access, often referred to as administrative or root access, provides unrestricted access to the IS. This category includes unauthorized access to information or unauthorized access to account credentials that could be used to perform administrative functions (e.g., domain administrator). If the IS is compromised with malicious code that provides remote interactive control, it will be reported in this category.
|
Cyber Incident Definintion Category 1: Root Level Intrusion (Incident)
|
|
|
Unauthorized non–privileged access to an IS. Non–privileged access, often referred to as user–level access, provides restricted access to the IS based on the privileges granted to the user. This includes unauthorized access to information or unauthorized access to account credentials that could be used to perform user functions such as accessing Web applications, Web portals, or other similar information resources. If the IS is compromised with malicious code that provides remote interactive control, it will be reported in this category.
|
Cyber Incident Definition Category 2: User Level Intrusion (Incident)
|
|
|
Deliberate attempts to gain unauthorized access to an IS that are defeated by normal defensive mechanisms. Attacker fails to gain access to the IS (i.e., attacker attempts valid or potentially valid username and password combinations) and the activity cannot be characterized as exploratory scanning. Reporting of these events is critical for the gathering of useful effects–based metrics for commanders.
Note the above CAT 3 explanation does not cover the “run–of–the-mill” virus that is defeated/deleted by AV software. “Run–of–the-mill” viruses that are defeated/deleted by AV software are not reportable events or incidents and should not be annotated in JIMS. |
Cyber Incident Definition Category 3: Unsuccessful Activity Attempt (Event) |
|
|
Activity that denies, degrades, or disrupts normal functionality of an IS or DoD information network.
|
Cyber Incident Definition Category 4: Denial of Service (Incident)
|
|
|
Activity that potentially exposes ISs to increased risk as a result of the action or inaction of authorized users. This includes administrative and user actions such as failure to apply security patches, connections across security domains, installation of vulnerable applications, and other breaches of existing DoD policy. Reporting of these events is critical for the gathering of useful effects–based metrics for commanders.
|
Cyber Incident Definition Category 5: Non–Compliance Activity (Event) |
|
|
Activity that seeks to gather information used to characterize ISs, applications, DoD information networks, and users that may be useful in formulating an attack. This includes activity such as mapping DoD information networks, IS devices and applications, interconnectivity, and their users or reporting structure. This activity does not directly result in a compromise.
|
Cyber Incident Definition Category 6: Reconnaissance (Event) |
|
|
Installation of software designed and/or deployed by adversaries with malicious intentions for the purpose of gaining access to resources or information without the consent or knowledge of the user. This only includes malicious code that does not provide remote interactive control of the compromised IS. Malicious code that has allowed interactive access should be categorized as Category 1 or Category 2 incidents, not this category. Interactive active access may include automated tools that establish an open channel of communications to and/or from an IS. |
Cyber Incident Definition Category 7: Malicious Logic (Incident) |
|
|
Events that are potentially malicious or anomalous activity deemed suspicious and warrant, or are undergoing, further review. No event will be closed out as this category. This category will be recategorized to Category 1–7 or 9 prior to closure. |
Cyber Incident Definition Category 8: Investigating (Event) |
|
|
Suspicious events that after further investigation are determined to be non–malicious activity and do not fit the criteria for any other categories. This includes events such as IS malfunctions and false alarms. When reporting these events, the reason for which it cannot be otherwise categorized must be clearly specified.
|
Cyber Incident Definition Category 9: Explained Anomaly (Event) |
