Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
16 Cards in this Set
- Front
- Back
|
Define IA and mission.
|
Information Assurance
protect defend data and info systems by ensuring availability, integrity and authentication |
|
|
certification
|
eval of technical and non technical security features of info system
|
|
|
accreditation
|
official management decision to operate system in specific environment
|
|
|
DAA - and their responsibility
(designated approving authority) |
1. determine acceptable levels of residual risk
2. determines if system meets accreditation requirements |
|
|
System Security Plan
|
agreement to use internet properly
|
|
|
System Security Authorization Agreement
|
describes planned security tasks
|
|
|
ATO
|
authority to operate
NIPERNET 24 months SIPERNET 12 months |
|
|
IATO
|
Interim Approval to Operate, no more that 180 days
|
|
|
Configuration Management
|
accounts for and audits all changes to a site or info system
|
|
|
5 Attributes of IA
|
1) confidentiality
2) integrity 3) availability 4) non redupiation 5) authentication |
|
|
9 categories of computer incidents
|
1) fraud
2) abuse 3) denial service of attack 4) penetration of computer 5)loss or damage of info system 6) intro of computer virus or other malicious codes 7)exploitation of technical vulnerabilities 8)compromise info |
|
|
vulnerability assessment
|
testing of network to find weak areas so correction can be made to that area
|
|
|
difference between vulnerability and threat
|
vulnerability = known possible exploitation
threat= possible intrusion by third party |
|
|
IATO can last no longer than _____ days.
|
180
|
|
|
vulnerability assessment
|
testing of network to find vulnerabilities, so corrections can be made
|
|
|
8 categories of computer incidents
|
1. fraud
2. abuse 3. denial of service or attacks 4. penetration of computer 5. compromise of info 6. loss or damage of property 7. exploitation of technical and admin. vulnerabilities 8. intro. of computer viruses or malicious codes |
