Card Set Information

2012-01-18 21:17:21

Show Answers:

  1. What is identification as it pertains to information protection?
    proving the subject is what the subject claims to be
  2. What is authentication as it pertains to information protection?
    verifying the eligibility of a subject and the ability of the subject to access certain info
  3. What are the 3 priamary ways to authenticate oneself on the network?
  4. On an AF network, what is your password required to have in it?
  5. Where are biometrics based auth and id generally used, and why?
    Areas that require a very high level of security.
  6. What is the biggest risk with a posession based system for identifying and authenticating yourself?
  7. Why would you use a combination of methods for identifying and authenticating yourself?
    Makes it more difficult for the perp to obtain everything he needs for access
  8. What are the 3 methods of providing strong authentication?
    combo of biometric and posession, encrypted authentication, and one time passwords
  9. Where can you find specific guidance concerning remanence security?
    AFSSI 8580
  10. What is reminance security?
    the use of safeguards and controls to prevent unauthorized reconstruction or disclosure of sensitive or classified information
  11. When something is sanitized, is it automatically declassified?
  12. Until when must you retain classification controls?
    until the media is sanitized, declassified, or destroyed in an approved manner
  13. When does the information owner of storage media declassify the media?
    after the IO provides evidence that no information resides on media, the IO can declass the media
  14. When is destroying storage media not necessary?
    If the media is sanitized and declassed
  15. What must you ensure when you are degaussing storage media?
    That the coercivity strength generated is strong enough to return the magnetic media to its zero state
  16. What AFI governs the AFCAP?
    33-210 AF C&A program
  17. What is the biggest difference between DIACAP and previous processes?
    Cradle to grave, track every IS network from inception to retirement
  18. What are the 5 phases of the DIACAP process?
    Initiate and plan IA C&A, Implement and validate assigned IA controls, Make certification determination and accreditation decision, Maintain authorization to operate and conduct reviews, Decommission
  19. What two pubs provide the basic framework of the C&A process?
    AFI 33-210, and IT lean reengineering process guidebook
  20. What is the SISSU checklist?
    list of requirements covering each of those areas that a program office must adhere to when developing and fielding a system
  21. What are the most common Air Force circuit-enclaves?
    base networks