🔹107 Information Assurance Flashcards
🔹5 attributes of IA?
– Confidentiality – integrity – availability – non-repudiation – authentication
🔹Define confidentiality
Assurance that information is not disclosed to unauthorized individuals, processes or devices.
🔹Define Integrity
is assurance that information is not modified by unauthorized parties or in an unauthorized manner. Integrity supports the assurance that information is not accidentally or maliciously manipulated, altered or corrupted. Additionally, integrity implies the ability to detect when information has been altered.
🔹Define Availability
is assurance of timely, reliable access to data and Information systems by authorized users. Availability-focused IA controls protect against degraded capabilities and denial of service conditions.
🔹Define Non-repudiation
Is assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.
🔹Define Authentication
Is assurance of the identity of an e-mail message sender or receiver. Authentication supports the validation of e-mail messages and information system access requests.
🔹List the 9 categories of computer incidents.
1-Root 2-User 3-Unsuccessful Attempt 4-Denial of Service 5-Poor Security 6-Scan/Probe 7-Malicious Logic 8-Investigating 9-Explained Anomaly
🔹What is the difference between a vulnerability and a threat?
Vulnerability - weakness in an IS that could possibly be exploited by a threatening source.
Threat - the potential to adversely affect an IS by unauthorized access, destruction, disclosure, or DoS.
🔹What is an ATO?
An ATO is an “Authority To Operate” issued by the DAA or PAA to authorize operation of information system.
🔹IAVA
IAVA: IA Vulnerability Alerts (IAVA) address severe network vulnerabilities resulting in immediate and potentially severe threats to DON systems and information. Corrective action is of the highest priority due to the severity of the vulnerability risk
🔹IAVB
IAVB: Information Assurance Vulnerability Bulletins (IAVB) address new vulnerabilities that do not pose an immediate risk to DON systems, but are significant enough that noncompliance with the corrective action could escalate the risk.
🔹IAVT
IAVT: Information Assurance Vulnerability Technical Advisory: vulnerability notifications (i.e., alerts, bulletins, and technical advisories/notifications) IAW CJCSM 6510.01. USSTRATCOM may direct corrective actions (which may ultimately include disconnection) of any enclave(s), or affected system(s) on the enclave, not in compliance with IAVM program directives and vulnerability response measures (e.g., tasking order or message). USSTRATCOM will coordinate with CC/S/As and field activities to determine operational impact to DOD before instituting disconnection.
🔹What is a service pack?
A collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package
🔹Define IA
Information Assurance:
Measures that protect and defend information and information systems thru the 5 attributes of IA. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
