Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
28 Cards in this Set
- Front
- Back
Define IA |
Information Assurance is Information Operations that protect and defend data and Information Systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation
|
|
Define the following:
Certification |
The comprehensive evaluation of security features of an I.S. and other safeguards.
|
|
Define the following:
Accreditation DAA |
Decision to operate an I.S. in a specified environment
Designated Approving Authority
|
|
Define the following:
System Security Plan |
Describes the Contractor’s approach to ensuring that the system meets the security standards required by the Project. |
|
Define the following: System Security Authorization Agreement |
Document that represents the formal agreement between the DAA, the Certification Authority, the Program Manager, and the user representative. |
|
Define the following:
ATO |
Authority to Operate: An ATO indicates a DoD IS has implemented all assigned IA controls acceptableto the DAA. May be issued for up to 3 years. |
|
Define the following:
IATO |
Interim Authority to Operate: Provides a limited authorization to operate the information system under specific terms and conditions. |
|
Define the following:
Configuration Management
|
Identifies, controls, accounts for, and audits all changes to a site or information system during its design, development, and operational lifecycle. |
|
Discuss security procedures involved when performing cross-domain transfers |
Conducting datatransfer across security domains must be done accurately to ensure integrity and absolute security of the source information and to prevent spillage incidents. |
|
Discuss risk management |
Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures to achieve mission capability by protecting the IT systems.
|
|
Define the five attributes:]
Confidentiality
|
Information is not disclosed to unauthorized individual.
|
|
Define the five attributes: Non-repudiation |
Assurance the sender is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can deny having processed the data. |
|
Listand define 9 categories of computer incidents:
Cat 1 to Cat 3 |
Cat 1 - Root Level Intrusion (Incident Cat 2 - User Level Intrusion (Incident) Cat 3 - Failed Activity Attempt (Event) |
|
Describe the DON World Wide Web Security Policy |
All DON Web sites must have a clearly articulated purpose, approved by the commander and support the command’s mission. |
|
Define the following:
IAVA |
Information Assurance Vulnerability Alert (IAVA): An announcement of a high risk vulnerability.
|
|
Define the following:
CTO |
Communications Tasking Order (CTO): A DoD-wide instruction that disseminates mandatory changes and standing instructions on how communications are handled. |
|
Define the following:
NTD
|
Navy Telecommunications Directive (NTD): A widely disseminated Naval Message givingan order or direction about a certain IT function that needs to be complied with.
|
|
Define vulnerability assessment |
Vulnerability Assessment: A testing process used to evaluate the network infrastructure, software and users in order to identify known weaknesses. |
|
Explain to difference between vulnerability and threat |
Vulnerability: A realweakness
Threat: Potential weakness |
|
State the duties and responsibilities of the IAM |
Information Assurance Manager (IAM): The person, appointed in writing, who is responsible for establishing, implementing and maintaining the DoD information system IA program |
|
Define the five attributes: Integrity |
Protection against unauthorized modification or destruction of information. |
|
Define the five attributes: Availability
|
Timely and reliable access to data and information services for authorized users. |
|
Define the five attributes: Authentication
|
Security measure designed to verify an individual’s authorization to receive specific categoriesof information. |
|
Define the following:
IAVB |
Information Assurance Vulnerability Bulletin(IAVB): An announcement of a medium vulnerability. |
|
Define the following: IAVT |
Information Assurance VulnerabilityTechnical Advisory (IAVT): An announcement of a low risk vulnerability.
|
|
Define the following: Service Pack |
Collection of updates, fixes and/or enhancements. |
|
Listand define 9 categories of computer incidents:
Cat4 to Cat 6 |
Cat 4 - Denial of Service (Incident) Cat 5 - Non-Compliance Activity (Event) Cat 6 - Reconnaissance (Event) |
|
Listand define 9 categories of computer incidents:
Cat7 to Cat 9 |
Cat 7 - Malicious Logic (Event) Cat 8 – Investigating (Event) Cat 9 – Explained Anomaly (Event) |