107 Information Assurance Flashcards

1
Q

Define IA

A

IA: Information Assurance; information operations that protect/defend data and information systems by ensuring their availability, integrity, authentication, confidentially, and non-repudation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Certification

A

Comprehensive evaluation of the technical and non-technical security features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Accreditation

A

Official management decision to operate an IS in a specified environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define DAO (Designated Approving Official)

A

Official with authority to formally assume responsibility for operating a system at an acceptable level of risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a System Security Plan?

A

Formal document that fully describes planned security tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Deinfe ATO

A

ATO: Authority to Operate; formal declaration by DAO that information system is approved to operate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Definte IATO

A

IATO: Interim Authority to Operate; temporary authorization granted by DAA or SCO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Configuration Management?

A

Identifies, controls, accounts for, and audits all changes to site or IS during its design, development & operational lifecycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Discuss security procedures involved when performing cross-domain transfers

A

Scan all info storage media and e-mail attachments introduced prior to its use on any SCI system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Risk Management?

A

Process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define the 5 attributes of IA

A
  • Confidentiality: assurance that info isn’t disclosed to unauthorized persons, process, or devices
  • Integrity: assurance that info is not modified by unauthorized parties or in an unauthorized manner
  • Availability: assurance of timely, reliable access to data and info systems by authorized users
  • Non-repudiation: assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data
  • Authentication: assurance of identify of a message sender or receiver
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

List and define 9 categories of computer incidents

A
  • Root level intrusion: Unauthorized (administrative) privileged access to a DoD system
  • User level intrusion: Unauthorized non-privileged access to a DoD system
  • Denial of service: Denies, degrades, or disrupts normal functionality of a system/network
  • Malicious logic: Installation of software designed and/or deployed by adversaries with malicious intentions of gaining access to resources or info w/o consent/knowledge of user
  • Unsuccessful activity attempt: Deliberate attempts to gain unauthorized access to DoD system, defeated by normal defensive mechanisms. Attacker FAILS to gain access to system
  • Non-compliance activity: Potentially exposes DoD systems to increased risk as a result of action/inaction of authorized users
  • Reconnaissance: Seeks to gather info used to characterize DoD systems, apps, networks, and users that may be useful in formulating an attack
  • Investigating: Events that are potentially malicious or anomalous activity deemed suspicious and warrant/are undergoing further review
  • Explained Anomaly: Suspicious events that are determined to be non-malicious activity and do not fit criteria for any other categories (MISC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the DoN World Wide Web Security Policy

A

All DoN sites must have a clearly articulated purpose, approved by commander, and support command’s core competency mission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define IAVA

A

IAVA: Information Assurance Vulnerability Alert; an announcement of high risk computer software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define IAVB

A

IAVB: Information Assurance Vulnerability Bulletin; announcement of a medium risk computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define CTO

A

CTO: Communications Tasking Order; DoD-wide instruction that promulgates mandatory changes and how communications are handled

17
Q

Define NTD

A

NTD: Navy Telecommunications Directive; widely disseminated naval message giving an order/direction about a certain IT function that needs to be complied with

18
Q

Define Service Pack

A

A collection of updates, fixes and/or enhancements

19
Q

Define vulnerability assessment

A

Testing process to identify weakness

20
Q

Explain the difference between vulnerability and threat

A

Vulnerability: Actual weakness in an information system
Threat: Malicious actor, circumstance or event with potential to adversely impact organizational operations

21
Q

State the duties/responsibilities of the IAM (Information Assurance Manager)

A
  • Responsible for establishing, implementing & maintaining DoD info system IA program
  • Must be designated in writing
  • Should not be a collateral duty
  • U.S. Citizen
  • Hold highest clearance of highest classification of IS responsible for
  • Attend DAA training
22
Q

Define CCRI

A

Command Cyber Readiness Inspection: formal inspection process that holds commanders accountable for respective security posture

23
Q

State NAVYCYBERFOR’s role in a CCRI

A

Implementing rigorous grading criteria