Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
Define IA (Information Assurance)
|
Information operations that protect and defend data and information systems
|
|
Certification
|
Comprehensive evaluation to validate appropriate levels of concern for integrity and availability as per system security
|
|
Accreditation
|
An official management decision to operate an Information System in a specific environment . Designated Approving Authority assumes responsibility
|
|
DAA
|
Designated Approving Authority, assumes responsibility for operating a system
|
|
System Security Plan
|
Formal document that fully describes planned security tasks to meet security requirements
|
|
System Security Authorization Agreement
|
Living document that is a formal agreement between DAA, Cert Authority program manager and user rep
|
|
ATO (Authority to operate)
|
Formal declaration by DAA that info system is approved to operate
|
|
IATO (Interim Authority to operate)
|
Temporary authorization granted by DAA, it is granted for up to 180 days
|
|
Configuration management
|
Identifies, controls, accounts for all changes to site or information system during operational lifecycle
|
|
What security procedures are involved when performing cross-domain transfers
|
All info must be scanned prior to being granted access to any SCI system
|
|
Risk management
|
Process to balance the operational and economic costs of protective measures and achieve gains in mission capability
|
|
Define the five attributes of Information Assurance
|
Confidentiality
Integrity Availability Non-repudiation Authentication |
|
LIst the 9 levels of computer incidents
|
Root level Intrusion
User level Intrusion Denial of service Malicious Logic Unsuccessful Activity Non-compliance Reconnaissance Investigation Explained Anomaly |
|
What is the DoN World Wide Web Security Policy
|
Must have a clearly articulated purpose , approved by the commander.
|
|
IAVA (Info Assurance Vulnerability Alert)
|
High Risk
|
|
IAVB (Info Assurance Vulnerability Bulletin)
|
Medium Risk
|
|
IAVT (Info Assurance Vulnerability Technical Advisory)
|
Low Risk
|
|
CTO (Communications Tasking Order)
|
Instruction that promulgates mandatory changes in instructions
|
|
NTD (Navy Telecommunications Directive)
|
An order that needs to be complied with
|