• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/45

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

45 Cards in this Set

  • Front
  • Back
What OPNAV Instruction oulines the Navy Informaiton Assurance Program?
OPNAVINST 5239.1
Information operations that protect and defend
information and information systems by ensuring their
availability, integrity, authentication, confidentiality, and
non-repudiation.
Information Assurance
What are the 5 IA properties?
1. Confidentiality
2. Integrity
3. Authentication
4. Non-repudiation
5. Availability
supports protection of information against unauthorized modification or destruction.
Integrity
Supports timely, reliable access to data and information systems for authorized users, and
precludes denial of service or access.
Availability
Supports verifying the
identity of an individual or entity and the authority to access specific categories of information.
Authentication
Provides assurance to the
sender of data with proof of delivery and to the recipient of the sender's identity, so that neither can later deny having processed the data.
Non-repudiation
Supports the protection of
both sensitive and classified information from unauthorized
disclosure.
Confidentiality
What is the key determinants of information security requirements, the level of effort appropriate to the certification and accreditation of systems.
Mission Criticality
any information the loss, misuse, or unauthorized access to, or modification of which could adversely affect the national interest of Defense personnel, but that has not been specifically authorized to be kept classified.
Sensitive Information
Who directs the implementation of the Navy IA program?
CNO
All Navy information and resources shall be
appropriately safeguarded at all times, to support ____?______-____?______ across Navy and DoD.
Defense-indepth
The principle mission of the CAPER Action
Forum is?
to review, clarify, define and validate certain CNO
sponsored program issues and requirements for the operating
forces of the United States Navy.
Who is responsible for ensuring full implementation and coordination of Navy IA Program?
CNO
Serves as the Navy primary computer incident response capability to provide
assistance in identifying, assessing, containing, and countering incidents that threaten Navy information systems and networks.
The NAVCIRT
Who manages NAVCIRT?
FIWC
What is Joint Vision 2020.
This DoD strategy focuses on the continuing
transformation of America’s Armed Forces
What is the primary puropse of Joint Vision
The primary purpose of those forces has been and
will be to fight and win the Nation’s wars.
What is the purpose of the GIG
the concept of
a Global Information Grid (GIG) to provide the Net-Centric DoD environment required to
achieve information superiority
Who does the GIG support
The GIG supports all DoD, National Security, and related
Intelligence Community mission and functions in war and in peac
True or False
The GIG includes all owned and leased communications and computing
5 Chapter 2
SECNAV M-5239.1
November 2005
systems and services, software, data, security services, and other associated services necessary to
achieve information superiority.
True
What is forcenet
FORCEnet is the U.S. Navy (USN) and U.S. Marine
Corps (USMC) initiative to achieve Net-Centric Operations and Joint Transformation by
providing robust information sharing and collaboration capabilities across the Naval / Joint force
What does FORCEnet provides
FORCEnet provides
a transitional approach to requirements definition, cross-domain solutions, and command and
control. FORCEnet technical requirements match key Joint, Net-Centric, and GIG technical
guideposts
True or False
FORCEnet is a single process that requires one generation
False.
It is not a single process, but a collection of processes such as requirements
generation, architecture and design standards, innovation and experimentation, human system
engineering, certification and compliance, and others, all created under a common vision and
with common authority in the USN and USMC,
What is NMCI(Navy Marine Corps Intranet.)
The Navy Marine Corps Intranet
(NMCI) is both a strategy and a network
Explain how does NMCI work as a network
As a network, it provides a common, secure, enterprise infrastructure capable of
supporting new enterprise-wide applications
What are the IA benefits of NMCI
The IA benefits of NMCI include central
management of the network, configuration management, and improved systems availability.
Most legacy networks will migrate to NMCI, the single DON Enterprise network.
What is DiD
Defense-in-Depth. DiD is the DoD approach for establishing an adequate
IA posture in a shared-risk environment that allows for shared mitigation through: the integration
of people, technology, and operations; the layering of IA controls within and among IT assets;
and the selection of IA solutions based on their relative level of robustness
What is the DoD IA Strategic Plan.
The DoD IA Strategic Plan represents a
collaborative, enterprise-wide effort to identify and organize the major goals and objectives of
DoD-wide IA efforts
What are the 5 goals of the DOD Strategic plan
Goal One - Protect Information
Goal Two - Defend Systems and Networks;
Goal Three - Provide Integrated IA Situational Awareness/IA
Command and Control;
Goal Four - Transform and Enable IA Capabilities; and,
Goal Five - Create an IA-empowered Workforce.
What is Risk Management
Risk management is the process that allows IT
managers to balance the operational and economic costs of protective measures and achieve
gains in mission capability by protecting the IT systems and data that support their organizations’
missions
Where can you find DON IA roles and responsibilities
DON IA roles and responsibilities are set forth in SECNAVINST 5239.3A and SECNAVINST
5430.7N
What is the DON CIO responsibility
The DON CIO is responsible for developing and promulgating IA
strategy and policy, coordinating IA within the Department and with DoD components,
measuring and evaluating Service and system level IA performance, and reporting to the
Secretary of the Navy on the effectiveness of DON IA activities
What is the DON Deputy CIOs responsibility
The DON Deputy CIO (Navy) and DON Deputy CIO (Marine
Corps) shall, subject to the authority of the DON CIO, implement and enforce policies,
standards, and procedures to ensure that DON complies with applicable statutes, regulations, and
directives
what is the CNO responsibility
The Chief of Naval Operations (CNO) is responsible
for developing and implementing IA-related programs and controls, ensuring that IA is
incorporated throughout the system development lifecycle, assigning designated approval
authorities (DAAs), providing enterprise-wide vulnerability mitigation solutions, and providing
an incident reporting and response capability.
What is the responsibilty of the Commandant of the Marine Corps
. The Commandant is responsible for developing
and implementing IA-related programs and controls, ensuring that IA is incorporated throughout
the system development lifecycle, assigning DAAs, providing enterprise-wide vulnerability
mitigation solutions, and providing an incident reporting and response capability
What is the DAA responsible for
The DAA is the official with the authority to
formally assume responsibility for operating a system at an acceptable level of risk. DAAs
accredit IT system security postures throughout the system development lifecycle and in
accordance with risk-management principles.
What is the CA
The Certification Authority (CA) is the official responsible
for performing the comprehensive evaluation of the technical and non-technical security features
and safeguards of an IT system, application, or network
Who is in charge of the program system/application
Program Manager
What are the responsibilities of the Command Information Officers.
Navy Echelon II command IOs report to the DON Deputy CIO (Navy) for tactical matters and to
their commanding officer for administrative matters. Marine command IOs report to both the
DON Deputy CIO (Marine Corp) and their Major Subordinate Commander
What are the responsibilities of the IA Manager.
The Information Assurance Manager (IAM) is responsible for the
information assurance program within a command, site, system, or enclave. The IAM is
responsible to the local IA command authority and DAA for ensuring the security of an IT
system, and that it is approved, operated, and maintained throughout its life cycle in accordance
with IT system security certification and accreditation documentation. Additionally, this
individual is responsible for creating the site accreditation package. The IAM functions as the
command's focal point for IA matters on behalf of, and principal advisor to, the DAA
What are the responsibilities of the IA Officers.
IA Officers. IA Officers (IAOs) are responsible to an IAM for ensuring the
appropriate operational IA posture is maintained for a command, organization, site, system, or
enclave. IAOs assist in creating accreditation packages. They implement and enforce systemlevel
IA controls in accordance with program and policy guidance
What are the responsibilities of the Commanding Officers/Officers-in-Charge.
Commanding Officers/Officers-in-Charge (COs/OICs) are directly responsible for identifying
vulnerabilities in their operational environments and implementing the appropriate
countermeasures. COs/OICs are responsible for ensuring that personnel under their command are
trained and abide by IA policy.
Privileged Users.
Individuals who have access to system control, monitoring, or
administration functions (e.g., system administrator, IAO, system programmers, etc.) are
Privileged Users. Privileged Users are responsible for providing IA safeguards and assurances to
the data they control as well as their personal authentication mechanisms.
True or False
FISMA places requirements on government
agencies and their components, with the goal of improving the security of federal information
and information systems.
True