• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/27

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

27 Cards in this Set

  • Front
  • Back
DEFINE IA
INFORMATION OPERATIONS THAT PROTECT AND DEFEND DATA AND INFORMATION SYSTEMS
DEFINE CERTIFICATION
THE EVALUATION OF THE TECHNICAL AND NON TECHNICAL SECURITY FEATURES OF AN INFORMATION SYSTEM.
DEFINE ACCREDITATION
IS THE OFFICAL MANAGMENT DECISION TO OPERATE AN INFORMATION SYSTEM IN A SPECIFIED ENVIORNMENT.
DEFINE DAA (DESIGNATED ACCREDITING AUTHORITY)
THE OFFICIAL WHO ASSUMES FORMAL RESPONSIBILITY FOR OPERATING A SYSTEM AT AN ACCEPTABLE LEVEL OF RISK.
DEFINE SYSTEM SECURITY PLAN
SUBMITTED WITH THE SYSTEM SECURITY AUTHORIZATION AGREEMENT
DEFINE SYSTEM SECURITY AUTHORIZATION AGREEMENT
DESCRIBES THE PLANNED SECURITY TASKS REQUIRED TO MEET SYSTEM OR NETWORK SECURITY REQUIREMENTS
DEFINE ATO (AUTHORITY TO OPERATE)
GRANTED AFTER SUCCESSFUL CERTIFICATION AND ACCREDITATION OR TO PERMIT A MAJOR CONVERSION OF A SYSTEM. GOOD FOR 3 YEARS.
DEFINE IATO
INTERIM APPROVAL TO OPERATE
CAN BE GRANTED FOR UP TO 180 DAYS
DEFINE CONFIGURATION MANAGEMENT
ACCOUNTS FOR ALL CHANGES TO A SITE OR INFORMATION SYSTEM DURING ITS DESIGN, DEVELOPMENT AND OPERATION CYCLE.
DISCUSS SECURITY PROCEDURES INVOLVED WHEN PERFORMING CROSS DOMAIN TRANSFERS
REVIEW THE SECURITY ATTRIBUTES OF EACH SYSTEM TO DETERMINE ADDITIONAL SECURITY REQUIREMENTS TO BE IMPLEMENTED. DOCUMENT THE REQUIREMENTS AS PART OF THE ACCREDITATION.
DISCUSS RISK MANAGMENT
ALLOWS IT MANAGERS TO BALANCE THE COST OF PROTECTIVE MEASURES WHILE ACHIEVING GAINS IN MISSON CAPABILITY
NAME THE FIVE ATTRIBUTES OF IA
CONFIDENTIALITY
AUTHENTICATION
AVAILABILITY
NON REPUDIATION
INTEGRITY
WHAT IS CONFIDENTIALITY
ASSURANCE THAT INFO IS NOT DISCLOSED TO UNAUTHORIZED PERSONS, PROCESSES OR DEVICES.
WHAT IS INTEGRITY
ASSURANCE THAT INFORMATION IS NOT MODIFIED BY UNAUTHORIZED PARTIES IN AN UNAUTHORIZED MANNER.
WHAT IS AVAILABILITY
ASSURANCE OF TIMLEY, RELIABLE ACCESS TO DATA AND INFORMATION SYSTEMS BY AUTHORIZED USERS
WHAT IS NON-REPUDIATION
ASSURANCE THAT THE SENDER OF DATA IS PROVIDED WITH PROOF OF DELIVERY AND THE RECIPIENT IS PROVIDED WITH PROOF OF SENDERS IDENTITY.
WHAT IS AUTHENTICATION
ASSURANCE OF THE IDENTITY OF AN EMAIL MESSAGE SENDER OR RECEIVER.
LIST THE NINE CATEGORIES OF COMPUTER INCIDENTS
MALICIOUS LOGIC
USER LEVEL INTRUSION
ROOT LEVEL INTRUSION
DENIAL OF SERVICE
EXPLAINED ANOMALY
RECONNAISSANCE
UNSUCCESSFUL ACTIVITY ATTEMPT
NON COMPLIANCE ACTIVITY
INVESTIGATING
EXPLAIN THE DOD WORLD WIDE WEB SECURITY POLICY
ALL WEBSITES MUST BE REGISTERED THROUGH THE NAVY WEB SITE REGISTRATION SYSTEM.
DEFINE IAVA
INFORMATION ASSURANCE VULNERABILITY ALERT
ADDRESSES SEVERE NETWORK VULNERABILITIES THAT POSE IMMEDIATE AND SEVERE THREATS TO DOD SYSTEMS
DEFINE IAVB
INFORMATION ASSURANCE VULNERABILITY BULLETIN
ADDRESSES NEW VULNERABILITIES THAT DO NOT POSE AN IMMEDIATE RISK TO DOD SYSTEMS
DEFINE IAVT
INFORMATION ASSURANCE VULNERABILITY TECHNOLOGY ADVISORY
VULNERABILITIES PRESENTED IN A TECHNICAL ADVISARY POSE A LOW RISK TO DOD SYSTEMS AND ACTION IS RECOMMENDED BUT NOT REQUIRED.
DEFINE CTO
COMPUTER TASKING ORDER
CHANGE TO A POLICY OF INFORMATION SYSTEMS
DEFINE NTD (NAVY TELECOMMUNICATION DIRECTIVE)
A DIRECTIVE UPDATING POLICY AND GUIDANCE ON A NETWORK
DEFINE SERVICE PACK
A COLLECTION OF UPDATES, FIXES OR ENHANCEMENTS TO A SOFTWARE PROGRAM DELIVERED IN THE FORM OF A SINGLE INSTALLABLE PACKAGE.
DEFINE VULNERABILITY ASSESSMENT
EXAMINATION OF AN INFORMATION SYSTEM OR PRODUCT TO DETERMINE THE EFFICIENCY OF SECURITY MEASURES.
STATE THE DUTIES OF AN IAM
INFORMATION ASSURANCE MANAGER
OVERSEAS ALL IAO'S, ENSURES SECURITY INSTRUCTIONS, GUIDANCE AND SOPS ARE MAINTAINED AND IMPLEMENTED. OVERSEAS ALL IAVA'S, SECURITY MEASUES, EVALUATIONS, AND ACCREDITATION.