107 Information Assurance Flashcards

1
Q

Define IA

A

Information Assurance- protect and defend data and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Certification

A

meets a set of specified security requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Accreditation

A

Formal declaration that an info system is approved to operate at an acceptable level of risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DAA

A

Designated Approval Authority- official with authority to formally assume responsibility for operating a system at an acceptable level of risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

System Security Plan

A

formal document prepared by the information system owner that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

System Security Authorization Agreement

A

a living document that represents the formal agreement between the DAA, the Certification Authority, the Program Manager, and the user representative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ATO

A

Approval to Operate- authorize operation of an information system and to explicitly accept the residual risk to agency operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IATO

A

Interim Approval to Operate- temporary authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Configuration Management

A

identifies, controls, accounts for, and audits all changes to a site or information system during its design, development, and operational lifecycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Performing cross-domain transfers

A

Interconnections between DoD information systems of different security domains or with other US Govt system of different security domains shall be employed only to meet compelling operational requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Risk Management

A

Process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting IT systems and data that support their organizations missions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Five attributes of IA

A
(CIANA)
Confidentiality
Integrity
Availability
Non-repudiation
Authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

9 categories of computer incidents

A

(RUDMUNRIE)

  1. Root Level Intrusion
  2. User Level Intrusion
  3. Denial of Service
  4. Malicious Code
  5. Unsuccessful Activity Attempt
  6. Non-compliance Activity
  7. Reconnaissance
  8. Investigating
  9. Explained Anomaly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe the DoN World Wide Web Security Policy

A

SECNAVINST 5720.47B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

IAVA

A

IA Vulnerability Alerts- address severe network vulnerabilities resulting in immediate and potentially severe threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IAVB

A

IA Vulnerability Bulletins- address new vulnerabilities that do not pose a immediate risk to DoN systems, but are significant enough that noncompliance with the corrective action could escalate the risk

17
Q

IAVT

A

IA Vulnerability Technical Advisories- address new vulnerabilities that are generally categorized as low risk to DoN systems

18
Q

CTO

A

Communications Tasking Orders- intended to direct the execution of specific actions in order to mitigate security threats to the GIG

19
Q

NTD

A

Navy Telecommunications Directive- issued by COMNAVNETWARCOM to provide policies and guidance on specific security issues within the DoN

20
Q

Service Pack

A

collection of updates, fixes, and/or enhancements to a software program delivered in the form of a single installable package

21
Q

Vulnerability Assessment

A

a testing process used to evaluate the network infrastructure, software and users in order to identify known weaknesses

22
Q

Vulnerability vs. Threat

A

Vulnerability- any weakness, administrative process, or act or physical exposure that makes an information asset susceptible to exploit by threat
Threat- potential cause of an unwanted impact to a system or organization

23
Q

Responsibilities of the IAM

A

Information Assurance Manager- responsible for the IA program within a command, site, system, or enclave

24
Q

Define CCRI

A

Command Cyber Readiness Inspection- improves overall security posture of the GIG through a formal inspection process

25
Q

NAVCYBERFOR’s role in a CCRI

A

Mission is to organize and prioritize manpower, training, modernization and maintenance requirements, and capabilities of command and control architecture and networks