Upgrade to remove ads
Information Assurance Fundamentals (IAF) Training
Terms in this set (23)
What is Information Assurance?
Information Assurance (IA) is defined by the techniques and methods we use to protect and defend automated information and information systems through risk management techniques in order to provide reasonable stratums of availability, integrity, authentication, confidentiality, and non-repudiation.
What is the Army Information Assurance Program?
The Army Information Assurance Program (AIAP) is a unified approach to protect unclassified, sensitive, or classified information stored, processed, accessed, or transmitted by Army ISs, and is established to consolidate and focus Army efforts in securing that information, including its associated systems and resources, to increase the level of trust of this information and the originating source. The AIAP will secure Army ISs through IA requirements, and does not extend access privileges to Special Access Programs (SAPs), classified, or compartmentalized data; neither does it circumvent need-to-know requirements of the data or information transmitted.
What Army Regulations governs the Army Information Assurance Program?
AR 25-2: AR 25-2, para. 1-4a
What is the AIAP is designed to achieve?
The most effective and economical policy possible for all ISs using the risk management approach for implementing security safeguards. To attain an acceptable level of risk, a combination of staff and field actions are necessary to:
Develop local policy and guidance.
Identify problems and resource requirements.
Adequately plan for identified resource requirements.
What do IA BBPs allow?
Through the use of IA best business practices (BBPs) the best ideas, concepts, and methodologies acquired from industry and Army resources will be used to define specific standards, measures, practices, or procedures necessary to meet rapidly changing technology (or IA requirements) in support of Army policy requirements. IA BBPs allow rapid transitional implementation of IA initiatives to integrate technological or procedural changes as required by policy.
What are the Goals of the AIAP?
1. Respond to the Army's widespread use of Information Systems.
2. Respond to increases in risk.
3. Reduce security risks to acceptable levels.
4. Comply with applicable laws and regulations(AR 25-2, Appendix A).
5. Implement a unified approach to protecting information.
6. Consolidate and focus Army efforts.
7. Assure operational continuity.
8. Achieve the most effective and economical policy possible for all Information Systems.
What are Managers of federal information systems responsible for?
Responsible for maintaining a practical level of familiarity and compliance with appropriate legal requirements. It is important to note that laws and regulations do not customarily provide detailed instructions for protecting computer-related assets. Instead they specify broad nonspecific solutions for integrating information assurance activities into your automated information systems.
What is DoD Instruction 5200.01: DoD Information Security Program and Protection of Sensitive Compartmented Information?
It is DoD policy that all national security information shall be classified, declassified, and safeguarded in accordance with national-level policy issuances.
What is DoD Directive 5200.2: DoD Personnel Security Program?
It is DoD policy that the objective of the personnel security program is that military, civilian, and contractor personnel assigned to and retained in sensitive positions, in which they could potentially damage national security, are and remain reliable and trustworthy, and there is no reasonable basis for doubting their allegiance to the United States.
What is DoD Directive 5210.50: Unauthorized Disclosure of Classified Information to the Public?
It is DoD policy that known or suspected instances of unauthorized public disclosure of classified information shall be reported promptly and investigated to decide:
1. The nature and circumstances of the disclosure.
2. The extent of damage to national security.
3. The corrective and disciplinary action to be taken
What is DoD Directive 5230.9: Clearance of DoD Information for Public Release.
This directive establishes policy and assigns responsibilities for the security and policy review and clearance of official DoD information proposed for official public release by the Department of Defense and its employees.
What is DoD Directive 8100.1: Global Information Grid (GIG) Overarching Policy?
Establishes policy and assigns responsibility for GIG configuration management, architecture, and the relationships with the Intelligence Community (IC) and defense intelligence components.
What is DoD Directive 8100.2: Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG)?
This directive establishes policy and assigns responsibilities for the use of commercial wireless devices, services, and technologies in the DoD Global Information Grid (GIG).
1. Commercial wireless networks.
2. Portable Electronic Devices (PED) such as laptop computers with wireless capabilities.
3. Cellular/Personal Communication System (PCS) devices.
4. Audio/Video recording devices.
5. Scanning devices.
6. Remote sensors.
7. Messaging devices.
8. Personal Digital Assistants (PDA).
9. Any other commercial wireless devices capable of storing, processing, or transmitting information
What is Department of Defense Directives 8500 Series?
These directives establish policy and assigns responsibilities to achieve Department of Defense (DoD) Information Assurance through a defense-in-depth approach that integrates the capabilities of personnel, operations, technology, and supports the evolution to network centric warfare.
What are the three DoD mission assurance categories:
MAC I: High Integrity, High Availability for DoD information systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness.
MAC II: High Integrity, Medium Availability for DoD information systems handling information that is important to the support of deployed and contingency forces.
MAC III: Basic Integrity, Basic Availability for DoD information systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short term .
What are the three DoD levels of confidentiality?
High Confidentiality for systems processing classified information.
Medium Confidentiality for systems processing sensitive information as defined in DoD Directive 8500.1.
Basic Confidentiality for systems processing public information as defined in DoD Directive 8500.1.
What are examples of the information-gathering technology?
What is Common Criteria for Information Technology Security Evaluation (CCITSE)?
It is a multinational effort to write a successor to the Trusted Computer System Evaluation Criteria (TCSEC) and Information Technology Security Evaluation Criteria (ITSEC) that combines the best aspects of both.
What is TCSEC
It is a collection of criteria that was previously used to grade or rate the security offered by a computer system product and was known as the Orange Book of the DoD Rainbow Series.
What are ITSEC?
They are European developed criteria. Its aim is to demonstrate conformance of a product or system, referred to as a Target of Evaluation (TOE) against its security target.
What is covered in the Computer Fraud and Abuse Act of 1986?
1. Classified defense or foreign relations information.
2. Records of financial institutions or credit reporting agencies.
3. Government computers.
The Privacy Act means that is it illegal for any U.S. Government agency to release information that it has acquired about you, unless under which conditions.
1. Without your express consent.
2. Unless it is required directly for their job and will not be disclosed publicly
3. Unless requested officially by a court of the jurisdiction
What is the purpose of the USA PATRIOT Act ?
It is to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and other purposes.
This set is often in folders with...
Army SHARP 600-20
AR 600-20 Ch. 7 Sexual Harrasment/Assualt Response…
IERW Daily Questions
You might also like...
SFCP: Information Security
SURG tech 101 OPSEC
ISSEP IA Governance
Other sets by this creator
Security + Exam Review Guide
A+ Practical Review Set 2
A+ Practical Review Set 1
A+ Final Review 2
Other Quizlet sets
1st Eng Run
Embryo Quiz 2 - Week 2&3 development
CLINIC quiz : implants & tobacco