Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
22 Cards in this Set
- Front
- Back
Define Information Assurance |
Information Operations that protect and defend data. |
|
Define Certification
|
Evaluation of the technical and non-technical security features of an IS and other safeguards. |
|
Define Accreditation
|
Official decision to permit operation of an IS in a specified environment. |
|
Define Designated Approving Authority
|
DAA. Accredits the system to operate at an acceptable level of risk. |
|
Define System Security Plan |
required to meet system network security requirements. |
|
Define System Security Authorization Agreement
|
Program Manager, and the users. |
|
Define Approval To Operate
|
ATO. Formal declaration by the DAA that a system is approved to operate with specifics. |
|
Define Interim Approval To Operate
|
IATO. Temporary authorization granted by the DAA to process classified material. |
|
What are the 5 attributes of Information Assurance |
2) Integrity 3) Availability 4) Non-repudiation 5) Authentication |
|
Define the computer incident - Root Level Intrusion
|
(Incident). Unauthorized privileged access to a DoD system. **Master Key to a house and everything inside** |
|
Define the computer incident - User Level Intrusion |
**after they get into the house** |
|
Define the computer incident - Denial of Service
|
disrupts normal system functions. **flooding the server** |
|
Define the computer incident - Malicious Logic |
malicious intentions. **embedded code that grants information from the system** |
|
Define the computer incident - Unsuccessful Activity Attempt |
(Event). Attack that fails due to normal defensive mechanisms. |
|
Define the computer incident - Non-Compliance Activity |
systems to an increased risk |
|
Define the computer incident - Reconnaissance |
(Event) Activity that seeks to gather information that can be useful in formulating an attack. |
|
Define the computer incident - Investigating |
(Event) Events that are suspicious and warrant further review. |
|
Define the computer incident - Explained Anomaly |
(Event) Suspicious events that are determined to be non-malicious activity and don't fit in any other category. |
|
Define Information Assurance Vulnerability Alert
|
IAVA. High risk vulnerability alert |
|
Define Information Assurance Vulnerability Bulletin
|
IVAB. Medium risk vulnerability bulletin |
|
Define Information Assurance Vulnerability Technical |
IVAT. Low risk vulnerability advisory
|
|
Explain the difference between vulnerability and threat
|
Threat - potential weakness |