Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
45 Cards in this Set
- Front
- Back
What OPNAV Instruction oulines the Navy Informaiton Assurance Program?
|
OPNAVINST 5239.1
|
|
Information operations that protect and defend
information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. |
Information Assurance
|
|
What are the 5 IA properties?
|
1. Confidentiality
2. Integrity 3. Authentication 4. Non-repudiation 5. Availability |
|
supports protection of information against unauthorized modification or destruction.
|
Integrity
|
|
Supports timely, reliable access to data and information systems for authorized users, and
precludes denial of service or access. |
Availability
|
|
Supports verifying the
identity of an individual or entity and the authority to access specific categories of information. |
Authentication
|
|
Provides assurance to the
sender of data with proof of delivery and to the recipient of the sender's identity, so that neither can later deny having processed the data. |
Non-repudiation
|
|
Supports the protection of
both sensitive and classified information from unauthorized disclosure. |
Confidentiality
|
|
What is the key determinants of information security requirements, the level of effort appropriate to the certification and accreditation of systems.
|
Mission Criticality
|
|
any information the loss, misuse, or unauthorized access to, or modification of which could adversely affect the national interest of Defense personnel, but that has not been specifically authorized to be kept classified.
|
Sensitive Information
|
|
Who directs the implementation of the Navy IA program?
|
CNO
|
|
All Navy information and resources shall be
appropriately safeguarded at all times, to support ____?______-____?______ across Navy and DoD. |
Defense-indepth
|
|
The principle mission of the CAPER Action
Forum is? |
to review, clarify, define and validate certain CNO
sponsored program issues and requirements for the operating forces of the United States Navy. |
|
Who is responsible for ensuring full implementation and coordination of Navy IA Program?
|
CNO
|
|
Serves as the Navy primary computer incident response capability to provide
assistance in identifying, assessing, containing, and countering incidents that threaten Navy information systems and networks. |
The NAVCIRT
|
|
Who manages NAVCIRT?
|
FIWC
|
|
What is Joint Vision 2020.
|
This DoD strategy focuses on the continuing
transformation of America’s Armed Forces |
|
What is the primary puropse of Joint Vision
|
The primary purpose of those forces has been and
will be to fight and win the Nation’s wars. |
|
What is the purpose of the GIG
|
the concept of
a Global Information Grid (GIG) to provide the Net-Centric DoD environment required to achieve information superiority |
|
Who does the GIG support
|
The GIG supports all DoD, National Security, and related
Intelligence Community mission and functions in war and in peac |
|
True or False
The GIG includes all owned and leased communications and computing 5 Chapter 2 SECNAV M-5239.1 November 2005 systems and services, software, data, security services, and other associated services necessary to achieve information superiority. |
True
|
|
What is forcenet
|
FORCEnet is the U.S. Navy (USN) and U.S. Marine
Corps (USMC) initiative to achieve Net-Centric Operations and Joint Transformation by providing robust information sharing and collaboration capabilities across the Naval / Joint force |
|
What does FORCEnet provides
|
FORCEnet provides
a transitional approach to requirements definition, cross-domain solutions, and command and control. FORCEnet technical requirements match key Joint, Net-Centric, and GIG technical guideposts |
|
True or False
FORCEnet is a single process that requires one generation |
False.
It is not a single process, but a collection of processes such as requirements generation, architecture and design standards, innovation and experimentation, human system engineering, certification and compliance, and others, all created under a common vision and with common authority in the USN and USMC, |
|
What is NMCI(Navy Marine Corps Intranet.)
|
The Navy Marine Corps Intranet
(NMCI) is both a strategy and a network |
|
Explain how does NMCI work as a network
|
As a network, it provides a common, secure, enterprise infrastructure capable of
supporting new enterprise-wide applications |
|
What are the IA benefits of NMCI
|
The IA benefits of NMCI include central
management of the network, configuration management, and improved systems availability. Most legacy networks will migrate to NMCI, the single DON Enterprise network. |
|
What is DiD
|
Defense-in-Depth. DiD is the DoD approach for establishing an adequate
IA posture in a shared-risk environment that allows for shared mitigation through: the integration of people, technology, and operations; the layering of IA controls within and among IT assets; and the selection of IA solutions based on their relative level of robustness |
|
What is the DoD IA Strategic Plan.
|
The DoD IA Strategic Plan represents a
collaborative, enterprise-wide effort to identify and organize the major goals and objectives of DoD-wide IA efforts |
|
What are the 5 goals of the DOD Strategic plan
|
Goal One - Protect Information
Goal Two - Defend Systems and Networks; Goal Three - Provide Integrated IA Situational Awareness/IA Command and Control; Goal Four - Transform and Enable IA Capabilities; and, Goal Five - Create an IA-empowered Workforce. |
|
What is Risk Management
|
Risk management is the process that allows IT
managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions |
|
Where can you find DON IA roles and responsibilities
|
DON IA roles and responsibilities are set forth in SECNAVINST 5239.3A and SECNAVINST
5430.7N |
|
What is the DON CIO responsibility
|
The DON CIO is responsible for developing and promulgating IA
strategy and policy, coordinating IA within the Department and with DoD components, measuring and evaluating Service and system level IA performance, and reporting to the Secretary of the Navy on the effectiveness of DON IA activities |
|
What is the DON Deputy CIOs responsibility
|
The DON Deputy CIO (Navy) and DON Deputy CIO (Marine
Corps) shall, subject to the authority of the DON CIO, implement and enforce policies, standards, and procedures to ensure that DON complies with applicable statutes, regulations, and directives |
|
what is the CNO responsibility
|
The Chief of Naval Operations (CNO) is responsible
for developing and implementing IA-related programs and controls, ensuring that IA is incorporated throughout the system development lifecycle, assigning designated approval authorities (DAAs), providing enterprise-wide vulnerability mitigation solutions, and providing an incident reporting and response capability. |
|
What is the responsibilty of the Commandant of the Marine Corps
|
. The Commandant is responsible for developing
and implementing IA-related programs and controls, ensuring that IA is incorporated throughout the system development lifecycle, assigning DAAs, providing enterprise-wide vulnerability mitigation solutions, and providing an incident reporting and response capability |
|
What is the DAA responsible for
|
The DAA is the official with the authority to
formally assume responsibility for operating a system at an acceptable level of risk. DAAs accredit IT system security postures throughout the system development lifecycle and in accordance with risk-management principles. |
|
What is the CA
|
The Certification Authority (CA) is the official responsible
for performing the comprehensive evaluation of the technical and non-technical security features and safeguards of an IT system, application, or network |
|
Who is in charge of the program system/application
|
Program Manager
|
|
What are the responsibilities of the Command Information Officers.
|
Navy Echelon II command IOs report to the DON Deputy CIO (Navy) for tactical matters and to
their commanding officer for administrative matters. Marine command IOs report to both the DON Deputy CIO (Marine Corp) and their Major Subordinate Commander |
|
What are the responsibilities of the IA Manager.
|
The Information Assurance Manager (IAM) is responsible for the
information assurance program within a command, site, system, or enclave. The IAM is responsible to the local IA command authority and DAA for ensuring the security of an IT system, and that it is approved, operated, and maintained throughout its life cycle in accordance with IT system security certification and accreditation documentation. Additionally, this individual is responsible for creating the site accreditation package. The IAM functions as the command's focal point for IA matters on behalf of, and principal advisor to, the DAA |
|
What are the responsibilities of the IA Officers.
|
IA Officers. IA Officers (IAOs) are responsible to an IAM for ensuring the
appropriate operational IA posture is maintained for a command, organization, site, system, or enclave. IAOs assist in creating accreditation packages. They implement and enforce systemlevel IA controls in accordance with program and policy guidance |
|
What are the responsibilities of the Commanding Officers/Officers-in-Charge.
|
Commanding Officers/Officers-in-Charge (COs/OICs) are directly responsible for identifying
vulnerabilities in their operational environments and implementing the appropriate countermeasures. COs/OICs are responsible for ensuring that personnel under their command are trained and abide by IA policy. |
|
Privileged Users.
|
Individuals who have access to system control, monitoring, or
administration functions (e.g., system administrator, IAO, system programmers, etc.) are Privileged Users. Privileged Users are responsible for providing IA safeguards and assurances to the data they control as well as their personal authentication mechanisms. |
|
True or False
FISMA places requirements on government agencies and their components, with the goal of improving the security of federal information and information systems. |
True
|