Term
| ADMINISTRATIVE ACCESS REQUIRES THE MOST STRINGENT SECURITY CONTROLS REQUIRES ENCRYPTION ON COMMUNICATION CHANNELS BETWEEN REMOTE USER AND SYSTEM BEING ACCESSED. |
|
Definition
|
|
Term
| WHAT IS A PERSONAL DIGITAL DEVICE |
|
Definition
|
|
Term
| WHAT IS A TEXT MESSAGE DEVICE |
|
Definition
| DEVICE THAT SENDS TWO WAY TXTS |
|
|
Term
| WHAT IS A BLACKBERRY DEVICE |
|
Definition
| DEVICE THAT WIRELESSLY EXCHANGES EMAIL. |
|
|
Term
| PERSONAL ELECTRONIC DEVICE. |
|
Definition
|
|
Term
|
Definition
is an automated protocol to negotiate, create, and manage security associations
etween two computers. |
|
|
Term
|
Definition
| AH, one of the IPSec security protocols, provides integrity protection for packet headers and data, as well as user authentication. It can optionally provide replay protection and access protection. |
|
|
Term
|
Definition
| the second core of ipsec protocol. encrypts payload packet. |
|
|
Term
|
Definition
| negotiates the same security parameters as mainmode through three messages vice six. making it faster |
|
|
Term
|
Definition
| negotiates a shared ipsec policy. derives shared keying secret material |
|
|
Term
| RISK ANALYSIS DETERMINES THE RISK TO THE SYSTEM THE LIKELIHOOD SECURITY CONTROLS AND THE IMPACT. |
|
Definition
|
|
Term
| RISK MANAGEMENT PROCESS INCLUDES? |
|
Definition
|
|
Term
| WHAT PUBLICATION IS THE STANDARD FOR SECURITY CONFIGURATION OF FEDERAL INFORMATION AND INFORMATION SYSTEMS? |
|
Definition
|
|
Term
| WHAT IS HIGH RISK SOFTWARE |
|
Definition
| software that is not authorized unless written approval is granted. |
|
|
Term
| WHAT IS SOLUTION SECURITY ANALYSIS |
|
Definition
|
|
Term
| SF ,706,707,708,710, 711, 712 |
|
Definition
706 - TS LABEL
707 - S
708 - C
710 - U
711 - MAGNETIC MEDIA
712 - CLASSIFIED SCI |
|
|
Term
| WHAT ARE THE ROLES OF AN ISSM |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| IF AUTOMATED AUDITING IS NOT AVAILABLE, THE ISSM/SA MUST GET APPROVL FROM THE ISSPM/SCO TO CONDUCT MANUAL AUDITS. |
|
Definition
|
|
Term
| WHAT DOES THE EVALUATION ASSURANCE LEVELS [EAL] DO? |
|
Definition
|
|
Term
| HOW OFTEN DO YOU NEED TO REACCREDITED AN AN IS |
|
Definition
|
|
Term
| KNOW WHAT CERTIFICATION AND ACCREDITATION IS? |
|
Definition
|
|
Term
| WHAT TYPE OF ACCESS CONTROLS ARE THERE AND WHAT DO EACH OF THEM DO? |
|
Definition
|
|
Term
| HOW MANY LEVELS OF INFOCON ARE THERE AND WHAT ARE THEY? |
|
Definition
|
|
Term
| ALL INFORMATION ARE REPORTED TO THE LOCAL INFORMATION SYSTEMS SECURITY OFFICER, KNOWN AS THE ISSO |
|
Definition
|
|
Term
| KNOW THE DIFFERENCE BETWEEN INCIDENTS AND VIOLATIONS. |
|
Definition
INCIDENTS- ATTEMPTS TO EXPLOIT A SECURITY SYSTEM
VIOLATIONS- FAILURE TO COMPLY WITH POLICIES AND PROCEDURES. |
|
|
Term
| WHAT ARE THE VARIOUS FACTORS OF PROTECTION LEVELS. |
|
Definition
|
|
Term
| WHAT ARE THE ROLES OF AN IAM |
|
Definition
|
|
Term
|
Definition
| HIPPA, federal credit act, and espionage act. |
|
|
Term
|
Definition
|
|
Term
| WHO DO YOU NEED PERMISSION FROM BEFORE MONITORING A INDIVIDUAL. |
|
Definition
| you need permision from the commanding officer with legal representation. |
|
|
Term
| WHAT IS THE PURPOSE OF MONITOR. |
|
Definition
| OBSERVATION OF ILLEGAL SOFTWARE INSTALLATION OR ANYTHING THAT COULD IMPACT A COMPUTER FACILITY. |
|
|
Term
| NAVCIRT ADDRESSES FIVE TYPES OF INCIDENTS |
|
Definition
1: INTRUSIONS
2: MALICIOUS LOGIC INFECTIONS
3: PROBES
4: DOS
5: ATTEMPTED INTRUSIONS |
|
|
Term
| WHAT ARE AUTHORIZED ATTACKS |
|
Definition
|
|
Term
| DISA AGAIN WHAT DO THEY DEVELOP AND PROVIDE. |
|
Definition
| SECURITY CONFIGURATION AND GUIDANCE FOR IA AND IT PRODUCTS |
|
|
Term
| WHAT ARE TWO TYPES OF AUDIENCES |
|
Definition
GENERAL USERS: NEED TO UNDERSTAND GOOD SECURITY PRECAUTIONS.
ADVANCED USERS: |
|
|
Term
| HOW CAN YOU MAKE TRAINING MORE EFFECTIVE |
|
Definition
|
|
Term
| WHAT ARE THE RESPONSIBILITIES OF THE ISSM |
|
Definition
- To schedule periodic security testing
- To grant approval for systems to operate
- To implement disaster recovery plans
- To conduct contingency planning |
|
|
Term
| ISSM AND CONTINGENCY PLANNING |
|
Definition
- To ensure that management realizes some services may not be provided or otherwise available during an emergency
- To obtain management agreement on the assumptions which the plan is based, including dependence on other organizations for assistance
- To communicate to management the existence of a plan and obtain approval of the plan |
|
|
Term
|
Definition
| A disaster is a power outage, hardware failure, vandalism, fire, or natural disaster. |
|
|
Term
| WHAT ARE THE STEPS IN A RESTORATION PLAN FOR THE ISSM |
|
Definition
| CONDUCT A SECURITY RISK ASSESMENT |
|
|
Term
| KNOW THE DIFFERENCE BETWEEN CONTINGENCY PLAN AND RESTORATION PLAN |
|
Definition
|
|
Term
| PROCEDURES FOR DOCUMENT RESTORATION MUST BE DEVELOPED AND TESTED PERIODICALLY AT LEAST ANNUALLY |
|
Definition
|
|
Term
| HOW DO YOU ANNOTATE A CHANGE IN THE CONTINGENCY PLAN. |
|
Definition
|
|
Term
| WHAT IS CLIPPING LEVEL AND WHAT HAPPENS IF YOU EXCEED IT |
|
Definition
|
|
Term
| WHICH AUTOMATED TOOL CAN BE USED BY APPLICATIONS TO LOOK FOR EVIDENCE OF DATA TAMPERING |
|
Definition
|
|
Term
| USE OF ALARMS SIGNALS AND REPORTS BY DOD |
|
Definition
|
|
Term
| WHERE DO YOU REMOVE A VIRUS FROM |
|
Definition
| Eradication entails removing the cause of the incident. In the case of a virus incident, eradication simply requires removal of the virus from all systems and media. Anti-viral software usually does this. |
|
|
Term
|
Definition
| U.S. government codename for a set of standards, for limiting electric or electromagnetic radiation emanations from electronic equipment such as microchips, monitors or printers. It is a counter-intelligence measure aimed at the prevention of radiation espionage. |
|
|
Term
| WHAT IS THE WEB-BASED APPLICATION USED TO TRACK IAVAS FOR DISA |
|
Definition
|
|
Term
| WHO HAS OVERALL RESPONSIBILITY FOR FOR THE IAVA PROGRAM |
|
Definition
|
|
Term
|
Definition
| Combatant commands, Services and agencies (CC/S/As) ensure individual and organization accountability for implementing the IAVM program and protecting information systems. |
|
|
Term
| WHAT ARE THE OBJECTIVES OF ST&E |
|
Definition
1. UNCOVER DESIGN AND OPERATIONAL FLAWS
2. DETERMIN THE ADEQUACY OF SECURITY MEASUREMENTS.
3. ASSESS THE DEGREE OF CONSISTENCY BETWEEN DOCUMENTATION AND IMPLIMENTATION. |
|
|
Term
| KNOW THE SEVERITY OF ALL THE IAVM |
|
Definition
|
|
Term
| WHAT IS THE PURPOSE OF MONITOR. |
|
Definition
| MONITORING ILLEGAL SOFTWARE INSTALLATION OR ANYTHING THAT CAN COMPROMISE A COMPUTER FACILITY |
|
|
Term
| NAVCIRT ADDRESSES FIVE TYPES OF INCIDENTS. |
|
Definition
1. INTRUSION
2. MALICIOUS LOGICAL INFECTIONS
3. NETWORK PROBES
4. DOS
5. ATTEMPTED INTRUSIONS |
|
|
Term
| WHAT IS AN AUTHORIZED ATTACK |
|
Definition
|
|
Term
| DISA AGAIN, WHAT DO THEY DEVELOPE AND PROVIDE |
|
Definition
| SECURITY CONFIGURATION AND GUIDANCE FOR IA AND IT PRODUCTS |
|
|
Term
| HOW CAN YOU MAKE TRAINING MORE EFFECTIVE. |
|
Definition
| Trainers can use actual incidents to illustrate the importance of computer security. |
|
|
Term
| WHAT ARE THE RESPONSIBILITIES OF THE ISSM |
|
Definition
- To schedule periodic security testing
- To identify all critical systems
- To implement disaster recovery plans
- To conduct contingency planning |
|
|
Term
| ISSM AND CONTINGENCY PLANNING |
|
Definition
- To ensure that management realizes some services may not be provided or otherwise available during an emergency
- To obtain management agreement on the assumptions which the plan is based, including dependence on other organizations for assistance
- To communicate to management the existence of a plan and obtain approval of the plan |
|
|
Term
|
Definition
| computer security incident can result from a computer virus, other malicious code, or a system intruder, either an insider or an outsider |
|
|
Term
| WHAT ARE THE STEPS IN A RESTORATION PLAN FOR THE ISSM |
|
Definition
|
|
Term
| PROCEDURES FOR DOCUMENT RESTORATION MUST BE DEVELOPED AND TESTED PERIODICALLY |
|
Definition
|
|
Term
| KNOW THE DIFFERENCE BETWEEN CONTINGENCY PLAN AND RESTORATION PLAN |
|
Definition
|
|
Term
| HOW DO YOU ANNOTATE A CHANGE IN CONTINGINCY PLANNING? |
|
Definition
|
|
Term
| WHAT IS CLIPPING LEVEL AND WHAT HAPPENS WHEN YOU EXCEED IT. |
|
Definition
A clipping level is a baseline of user activity that is considered a routine level of user errors.
When a clipping level is exceeded, a violation record is produced. |
|
|
Term
| WHICH AUTOMATED TOOL CAN BE USED BY APPLICATIONS TO LOOK FOR EVIDE |
|
Definition
|
|
