• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/22

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

22 Cards in this Set

  • Front
  • Back

Define Information Assurance


IA.


Information Operations that protect and defend data.
Define Certification

Evaluation of the technical and non-technical


security features of an IS and other safeguards.
Define Accreditation

Official decision to permit operation of an IS in a specified environment.
Define Designated Approving Authority

DAA. Accredits the system to operate at an acceptable level of risk.

Define System Security Plan


Formal document describing the security tasks


required to meet system network security


requirements.
Define System Security Authorization Agreement


Living document that represents the agreement between the DAA, the Certification Authority,


Program Manager, and the users.
Define Approval To Operate

ATO. Formal declaration by the DAA that a system is approved to operate with specifics.
Define Interim Approval To Operate

IATO. Temporary authorization granted by the DAA to process classified material.

What are the 5 attributes of Information Assurance


1) Confidentiality


2) Integrity


3) Availability


4) Non-repudiation


5) Authentication
Define the computer incident - Root Level Intrusion

(Incident). Unauthorized privileged access to a DoD system.


**Master Key to a house and everything inside**

Define the computer incident - User Level


Intrusion


(Incident). Unauthorized non-privileged access to a DoD system.


**after they get into the house**
Define the computer incident - Denial of Service


(Incident). Activity that denies, degrades, or


disrupts normal system functions.


**flooding the server**

Define the computer incident - Malicious Logic


(Incident). Instillation of software designed with


malicious intentions.


**embedded code that grants information from the system**

Define the computer incident - Unsuccessful


Activity Attempt

(Event). Attack that fails due to normal defensive mechanisms.

Define the computer incident - Non-Compliance Activity


(Event) Activity that potentially exposes DoD


systems to an increased risk

Define the computer incident - Reconnaissance

(Event) Activity that seeks to gather information that can be useful in formulating an attack.

Define the computer incident - Investigating

(Event) Events that are suspicious and warrant further review.

Define the computer incident - Explained Anomaly

(Event) Suspicious events that are determined to be non-malicious activity and don't fit in any other category.
Define Information Assurance Vulnerability Alert

IAVA. High risk vulnerability alert
Define Information Assurance Vulnerability Bulletin

IVAB. Medium risk vulnerability bulletin

Define Information Assurance Vulnerability


Technical
IVAT. Low risk vulnerability advisory
Explain the difference between vulnerability and threat


Vulnerability - real weakness


Threat - potential weakness