Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
44 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
Information Assurance |
Measures that protect and defend imformation and info systems by ensuring their availability, authentication, confidentiality, non-repudiation. |
5 attributes of IA |
|
|
5 attributes of IA |
Confinendiality Integrity Availability Non-repudiation Authentication |
CIANA |
|
|
Confidentiality |
Authorized restriction on info acess/disclosure. Protecting personal privacy/proprietary info. |
|
|
|
Integrity |
No unauthorized modification of an entity |
|
|
|
Availability |
Accessible and useable by an authorized entity |
|
|
|
Non-repudiation |
Sender and reciever recieve proof of information exchange so neither can deny the information being processed. |
|
|
|
Authentication |
Verifying the identity of the user, process, or device. Prerequisite for access to an information system (IS) |
|
|
|
9 Categories of computer incidents |
Root level intrusion User level intrusion Malicious logic Reconnaissance Unsuccessful activity attempt Investigating Non-compliance activity Explained Anomaly Denial of service (DOS) |
RUMRUINDE |
|
|
Root level intrusion |
Unauthorized privileged (aka. Root/ administrative) access to DOD system. |
|
|
|
User level intrusion |
Unauthorized non-privledged acess |
|
|
|
Malicious logic |
Malware installed with malicous intent by adversaries to gain info without user knowledge |
|
|
|
Reconnaissance |
Activity that gathers information on DOD systems, applications, and networks that may be used to form an attack |
|
|
|
Unsuccessful activity attempt |
Diliberate attempts to gain acess to DOD system |
|
|
|
Investigation |
Events that are potentially malicious/ suspicious / or undergoing further review |
|
|
|
Non-compliance activity |
Activity that potentially exposes dod sys. to increased risk because of unauthorized users |
|
|
|
Explained anomoly |
Suspicious events that are deamed non malicious and don't fit in any other category |
|
|
|
IAVA |
Information Assurance Vulnerability Alert |
|
|
|
Information assurance vulnerability alert (IAVA) |
An IA vulnerability may result in an immediate risk to Dod sys. Corrective action must be made due to the severity/risk |
|
|
|
IAVB |
Information Assurance vulnerability bullitin |
|
|
|
Information Assurance vulnerability bullitin (IAVB) |
New vulnerabilities that if not corrected could increase risk. |
|
|
|
IAVT |
Information Assurance vulnerability Technical Advisory |
|
|
|
Information Assurance vulnerability Technical Advisory (IAVT) |
New vulnerabilities have been identified that do not pose an immediate threat |
|
|
|
CTO |
Communication Tasking Order |
|
|
|
Communication Tasking Order (CTO) |
Urgent order or request concerning DOD comp. Assets from Naval Network command (NNWC) or higher |
|
|
|
NTD |
Navy Telecommunication Directive |
|
|
|
Naval telecommunications Directive |
Widely disseminated navy message givinf order or direction about certain IT functions that need to be compiled with. |
|
|
|
Service Pack |
Collection of updates, fixes and enhancments delivered in a single installable package |
|
|
|
Vulnerability Assessment |
Process of identifying, quantifying, and prioritizing the vulnerabilities in a system |
|
|
|
Vulnerability |
A weakness that could be compromised by a threat. Vulnerabilities can be physical/non-physical |
|
|
|
Vulnerability vs threat |
Vulnerability is a weakness; threat is an event that can adversly impact operations. |
|
|
|
Information Assurance Manager |
Responsible for orgamizations IS (information systems) program |
|
|
|
Responsibilities of the information assurance manager |
1.The IA program within command, site, system, enclave. 2. Responsible to local IA command and DAA for ensuring IT site security throughout its life cycle 3.creating site accreditation package. 4. Focal point for IA advisors on behaf of DAA 5. Principal advisor to the DAA |
|
|
|
CCRI |
Command cyber readiness inspection |
|
|
|
Navcyberfore's role in CCRI |
Red and blue team members test the networks for imternal and external vulnerabilities and disseminate current vulnerabilities with patch/fixes. ATO authority. |
|
|
|
Certification |
Evaluation of technical and non-technical security features of an information system |
|
|
|
Accreditation |
Permission to operate an information system in a specific environment at an acceptable risk level |
|
|
|
Designated accreditation authority |
Official with authority to formally assume responsibility for operating an IS system |
|
|
|
System security plan |
Doc with specs on IS hardware, software, and necessary protections to operate securely |
|
|
|
System security authorization agreement |
Doc that fully discribe security plan |
|
|
|
ATO |
Authorization to Operate |
|
|
|
Authorized to operate |
Given authorization to Operate an IS sys and accept the risk of agreed upon security controls |
|
|
|
DAA |
Designated approving authority |
|
|
|
Interm approval to operate |
Temporary authorization granted for an is to process classified info based on preliminary results of a security evaluation |
|
|
|
Cross domain transfers |
NIPR to SIPR reliavle human review requires two methods of verification, revuew info |
|
