Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
27 Cards in this Set
- Front
- Back
DEFINE IA
|
INFORMATION OPERATIONS THAT PROTECT AND DEFEND DATA AND INFORMATION SYSTEMS
|
|
DEFINE CERTIFICATION
|
THE EVALUATION OF THE TECHNICAL AND NON TECHNICAL SECURITY FEATURES OF AN INFORMATION SYSTEM.
|
|
DEFINE ACCREDITATION
|
IS THE OFFICAL MANAGMENT DECISION TO OPERATE AN INFORMATION SYSTEM IN A SPECIFIED ENVIORNMENT.
|
|
DEFINE DAA (DESIGNATED ACCREDITING AUTHORITY)
|
THE OFFICIAL WHO ASSUMES FORMAL RESPONSIBILITY FOR OPERATING A SYSTEM AT AN ACCEPTABLE LEVEL OF RISK.
|
|
DEFINE SYSTEM SECURITY PLAN
|
SUBMITTED WITH THE SYSTEM SECURITY AUTHORIZATION AGREEMENT
|
|
DEFINE SYSTEM SECURITY AUTHORIZATION AGREEMENT
|
DESCRIBES THE PLANNED SECURITY TASKS REQUIRED TO MEET SYSTEM OR NETWORK SECURITY REQUIREMENTS
|
|
DEFINE ATO (AUTHORITY TO OPERATE)
|
GRANTED AFTER SUCCESSFUL CERTIFICATION AND ACCREDITATION OR TO PERMIT A MAJOR CONVERSION OF A SYSTEM. GOOD FOR 3 YEARS.
|
|
DEFINE IATO
|
INTERIM APPROVAL TO OPERATE
CAN BE GRANTED FOR UP TO 180 DAYS |
|
DEFINE CONFIGURATION MANAGEMENT
|
ACCOUNTS FOR ALL CHANGES TO A SITE OR INFORMATION SYSTEM DURING ITS DESIGN, DEVELOPMENT AND OPERATION CYCLE.
|
|
DISCUSS SECURITY PROCEDURES INVOLVED WHEN PERFORMING CROSS DOMAIN TRANSFERS
|
REVIEW THE SECURITY ATTRIBUTES OF EACH SYSTEM TO DETERMINE ADDITIONAL SECURITY REQUIREMENTS TO BE IMPLEMENTED. DOCUMENT THE REQUIREMENTS AS PART OF THE ACCREDITATION.
|
|
DISCUSS RISK MANAGMENT
|
ALLOWS IT MANAGERS TO BALANCE THE COST OF PROTECTIVE MEASURES WHILE ACHIEVING GAINS IN MISSON CAPABILITY
|
|
NAME THE FIVE ATTRIBUTES OF IA
|
CONFIDENTIALITY
AUTHENTICATION AVAILABILITY NON REPUDIATION INTEGRITY |
|
WHAT IS CONFIDENTIALITY
|
ASSURANCE THAT INFO IS NOT DISCLOSED TO UNAUTHORIZED PERSONS, PROCESSES OR DEVICES.
|
|
WHAT IS INTEGRITY
|
ASSURANCE THAT INFORMATION IS NOT MODIFIED BY UNAUTHORIZED PARTIES IN AN UNAUTHORIZED MANNER.
|
|
WHAT IS AVAILABILITY
|
ASSURANCE OF TIMLEY, RELIABLE ACCESS TO DATA AND INFORMATION SYSTEMS BY AUTHORIZED USERS
|
|
WHAT IS NON-REPUDIATION
|
ASSURANCE THAT THE SENDER OF DATA IS PROVIDED WITH PROOF OF DELIVERY AND THE RECIPIENT IS PROVIDED WITH PROOF OF SENDERS IDENTITY.
|
|
WHAT IS AUTHENTICATION
|
ASSURANCE OF THE IDENTITY OF AN EMAIL MESSAGE SENDER OR RECEIVER.
|
|
LIST THE NINE CATEGORIES OF COMPUTER INCIDENTS
|
MALICIOUS LOGIC
USER LEVEL INTRUSION ROOT LEVEL INTRUSION DENIAL OF SERVICE EXPLAINED ANOMALY RECONNAISSANCE UNSUCCESSFUL ACTIVITY ATTEMPT NON COMPLIANCE ACTIVITY INVESTIGATING |
|
EXPLAIN THE DOD WORLD WIDE WEB SECURITY POLICY
|
ALL WEBSITES MUST BE REGISTERED THROUGH THE NAVY WEB SITE REGISTRATION SYSTEM.
|
|
DEFINE IAVA
|
INFORMATION ASSURANCE VULNERABILITY ALERT
ADDRESSES SEVERE NETWORK VULNERABILITIES THAT POSE IMMEDIATE AND SEVERE THREATS TO DOD SYSTEMS |
|
DEFINE IAVB
|
INFORMATION ASSURANCE VULNERABILITY BULLETIN
ADDRESSES NEW VULNERABILITIES THAT DO NOT POSE AN IMMEDIATE RISK TO DOD SYSTEMS |
|
DEFINE IAVT
|
INFORMATION ASSURANCE VULNERABILITY TECHNOLOGY ADVISORY
VULNERABILITIES PRESENTED IN A TECHNICAL ADVISARY POSE A LOW RISK TO DOD SYSTEMS AND ACTION IS RECOMMENDED BUT NOT REQUIRED. |
|
DEFINE CTO
|
COMPUTER TASKING ORDER
CHANGE TO A POLICY OF INFORMATION SYSTEMS |
|
DEFINE NTD (NAVY TELECOMMUNICATION DIRECTIVE)
|
A DIRECTIVE UPDATING POLICY AND GUIDANCE ON A NETWORK
|
|
DEFINE SERVICE PACK
|
A COLLECTION OF UPDATES, FIXES OR ENHANCEMENTS TO A SOFTWARE PROGRAM DELIVERED IN THE FORM OF A SINGLE INSTALLABLE PACKAGE.
|
|
DEFINE VULNERABILITY ASSESSMENT
|
EXAMINATION OF AN INFORMATION SYSTEM OR PRODUCT TO DETERMINE THE EFFICIENCY OF SECURITY MEASURES.
|
|
STATE THE DUTIES OF AN IAM
|
INFORMATION ASSURANCE MANAGER
OVERSEAS ALL IAO'S, ENSURES SECURITY INSTRUCTIONS, GUIDANCE AND SOPS ARE MAINTAINED AND IMPLEMENTED. OVERSEAS ALL IAVA'S, SECURITY MEASUES, EVALUATIONS, AND ACCREDITATION. |