107 Information Assurance Flashcards
Define IA
Information Assurance- protect and defend data and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation
Certification
meets a set of specified security requirements
Accreditation
Formal declaration that an info system is approved to operate at an acceptable level of risk
DAA
Designated Approval Authority- official with authority to formally assume responsibility for operating a system at an acceptable level of risk
System Security Plan
formal document prepared by the information system owner that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements
System Security Authorization Agreement
a living document that represents the formal agreement between the DAA, the Certification Authority, the Program Manager, and the user representative
ATO
Approval to Operate- authorize operation of an information system and to explicitly accept the residual risk to agency operations
IATO
Interim Approval to Operate- temporary authorization
Configuration Management
identifies, controls, accounts for, and audits all changes to a site or information system during its design, development, and operational lifecycle
Performing cross-domain transfers
Interconnections between DoD information systems of different security domains or with other US Govt system of different security domains shall be employed only to meet compelling operational requirements
Risk Management
Process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting IT systems and data that support their organizations missions
Five attributes of IA
(CIANA) Confidentiality Integrity Availability Non-repudiation Authentication
9 categories of computer incidents
(RUDMUNRIE)
- Root Level Intrusion
- User Level Intrusion
- Denial of Service
- Malicious Code
- Unsuccessful Activity Attempt
- Non-compliance Activity
- Reconnaissance
- Investigating
- Explained Anomaly
Describe the DoN World Wide Web Security Policy
SECNAVINST 5720.47B
IAVA
IA Vulnerability Alerts- address severe network vulnerabilities resulting in immediate and potentially severe threats