Create
Learn
Share

EIDWS 107 Information Assurance

rename
oniisama's version from 2016-04-18 18:52

Section

Question Answer
Purpose of IAProtect and Defend information systems and the data contained in them
CertificationEvaluation of security features of an information system; Established the extend to which it meets security requirements
AccreditationOfficial decision to permit operation of SCIF/IS in a specific environment under certain safegaurds
memorize

Section

Question Answer
DAADesignated Approving Authority; Assume responsibility for operating a system/network at acceptable risk
System Security PlanFormal Documents the describes the planned security tasks required to meet system/network security requirements
memorize

Section

Question Answer
SSAA (Acronym)System Security Authorization Agreement
SSAA (What is it)Document that represents formal agreement regarding security procedures between; DAA; Cert Authority; Program Manager; User Representative
memorize

Section

Question Answer
ATOApproval to Operate; Formal approval of an IS for operation
IATOInterim Approval to Operate; Temporary ATO for IS based on security evaluation; Good for 90 days with possible extension of 90 days
Configuration ManagementManages all changes to a site or IS during it's entire life-cycle
memorize

Section

Question Answer
Moving info from one domain to anotherEnsure a CAO reviews it and submits a help desk ticket
Risk managementProcess of balancing costs to achieve gains in protecting IS's to support an organization's mission
Assessments by Assistant SECDEF on Navy & Marine Corps WebsitesAnnually
memorize

Section

Question Answer
Attributes of IAConfidentiality, Integrity, Availability, Non-Repudiation, Authentication
memorize

Section

Question Answer
CAT IRoot Level Intrusion (most severe)
CAT IIUser Level Intrusion (Incident)
CAT IIIUnsuccessful Activity Attempt (Event)
memorize

Section

Question Answer
CAT IVDenial of Service (Incident)
CAT VNon-Compliance Activity (Event)
CAT VIReconnaissance (Event)
memorize

 

Section

Question Answer
CAT VIIMalicious Logic (Incident)
CAT VIIIInvestigating (Event)
CAT IXExplained Anomalies (Event)
memorize

Section

Question Answer
IAVAInformation Assurance Vulnerability Alert.; Notification when vulnerability may result in an immediate and potentially severe threat to DoD systems and information; Requires corrective action because of severity
IAVBInformation Assurance Vulnerability Bulletin; Addresses new vulnerabilities that do not pose an immediate risk to DON systems but noncompliance with corrective action could elevate risk
IAVTInformation Assurance Technical Advisory; Technical advisories address new vulnerabilities that are low risk to DON systems
memorize

Section

Question Answer
CTOComputer Tasking Order; summary/highlights of computer incidents or addressing immediate threats; issued by NAVCIRT
NTDNavy Telecommunications Directive; Bulletins and advisories issued by COMNAVNETWARCOM
memorize

Section

Question Answer
Service PackCollection of updates, fixes, and/or enchantments to a software program
Vulnerability AssessmentSystematic explanation of an IS's security measures, weaknesses, and adequacy of newly implemented security measures
Vulnerability vs. ThreatVulnerability = Weakness or flaw in software or OS that a threat will try to exploit; Threat = A malicious file or program that exploits a vulnerability
memorize

Section

Question Answer
Responsibilities of the IAMInformation Assurance Manager; Responsible for the IA program within a command, site, or enclave; Creating the site accreditation package; function as the command's focal point for IA matters on behalf of the DAA
memorize