Help
Options
Question
This Manual provides information security policy guidance, procedures, and processes for implementation of the Information Assurance (IA) program.
click to flip
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't know
Question
The ____________ establishes comprehensive and uniform Information Technology (IT) security policies for the United States Coast Guard (CG).
Remaining cards (31)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
COMDTINST 5500.13B
INFORMATION ASSURANCE MANUAL
| Question | Answer |
|---|---|
| This Manual provides information security policy guidance, procedures, and processes for implementation of the Information Assurance (IA) program. | COMMANDANT INSTRUCTION M5500.13B |
| The ____________ establishes comprehensive and uniform Information Technology (IT) security policies for the United States Coast Guard (CG). | The Information Assurance (IA) program |
| The ____________ utilizes multiple disciplines such as Information Security (INFOSEC), Operations Security (OPSEC), Communications Security (COMSEC), Physical Security, Personnel Security, Risk Management, etc... | The Information Assurance (IA) program |
| The IA program requirements and guidance are applicable to all Information Systems (IS) owned by or operated on behalf of the ________. | Coast Guard |
| The CG IT systems that support other government agency missions are also subject to the security requirements as identified by the specific organization via a ___________. | Memorandum of Agreement |
| Policies in the INFORMATION ASSURANCE Manual are subdivided into three major control areas: | management, operational, and technical. |
| This policy focuses on management of the information system and the management of system risk. These controls consist of techniques and implementation of processes that are normally addressed as a function of management. | Management Controls |
| This policy addresses security methods of the mechanisms primarily implemented and executed by people. These controls improve the security of a group, a particular system, or a group of systems. | Operational Controls |
| focuses on security controls that a computer system executes. These controls can provide automated protection for unauthorized access or misuse, facilitate detection of security violations, and support security requirements for applications and data. | Technical Controls policy |
| The IA program is designed to comply with: | Federal, DHS, Department of Defense (DoD), and CG regulations and policies. |
| This type of information relates to the capabilities, intentions, and activities of foreign powers, organizations, or persons, but does not include counterintelligence except for information on international terrorist activities. | Foreign Intelligence Information |
| Information is ______ if it has been determined pursuant to E.O. 12958 or any predecessor order or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its _________ status. | classified |
| an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. | General Support System (GSS) |
| operations that protect and defend information and information systems by ensuring confidentiality, integrity, availability,authenticity, and nonrepudiation. | Information Assurance (IA) |
| Information System (IS) - includes all GSS and major applications, and Information Technology (IT) that is: | a. Owned, leased, or operated by an information user, program sponsor, or an organizational command thereof; or b. Operated by a contractor on behalf of the CG. |
| Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange,... | Information Technology (IT) |
| A ________ requires special attention to security because of the potential for risk and the magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the ________. | major application |
| A classified IT is operating in the ________ mode of operation when each user with access to the system: has a valid personnel security clearance for access and a valid need-to-know for all classified information contained within the system. | Dedicated Mode of Operation |
| A classified IT is operating in the _______ mode of operation when some users with direct or indirect access to the system, do not have a valid personnel security clearance for access to all classified information on the system. | Multilevel Mode of Operation |
| A classified IT is operating in the _______ mode of operation user have access to the system,has a valid personnel security clearance while The need-to-know is based on approval given to the user by an appropriate authority. | System-High Mode of Operation |
| This type of information may be disclosed to the public without restriction but requires protection against erroneous manipulation or alteration | Public Information |
| Information, the loss, misuse, or unauthorized access to or modification of, which could adversely affect the national interest or the conduct of federal programs. | Sensitive Information |
| Coast Guard Freedom of Information and Privacy Acts Manual | COMDTINST M5260.3 (series) |
| Exceptions and waivers from the requirements of the policies described in this COMDTINST 5500.13B or associated IA policy documents, require written approval from the: | Require written approval from the CIO |
| INFORMATION SENSITIVITY CATEGORIES: LEVEL 1 | Classified - Classified information including Confidential, Secret, Top Secret, and higher according to Executive Order 12356, important to National Security. |
| INFORMATION SENSITIVITY CATEGORIES: LEVEL 2 | (1) Privacy Act, (2) Unclassified national security related information, (3) FOUO, (4) Other FOUO, (5) Sensitive Security Information (SSI), (6) Other |
| INFORMATION SENSITIVITY CATEGORIES: LEVEL 3 | Non-sensitive - Information that does not warrant a higher designation. |
| Four categories of criticality are defined, although an IS may have components that fit more than one category: | Mission Critical, Category 1, Mission Critical, Category 2, Mission Support, Administrative. |
| What MISSION CRITICAL SYSTEMS Category includes:(1) Intelligence activities. (2) Cryptology activities related to national security. (3) Command and control of military forces. (4) Integral to a weapon or weapons system. (5) System critical to mission | Mission Critical, Category 1 |
| MISSION CRITICAL SYSTEMS: systems handling information determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of content and timeliness that are not National Security Systems information. | Mission Critical, Category 1 and 2. |
| What MISSION CRITICAL SYSTEMS Category includes:systems handling information that is important to the support of deployed and/or contingency forces. | Mission Support |
| What MISSION CRITICAL SYSTEMS Category includes: systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed forces or the readiness of contingency forces in the short term. | Administrative |
Created by:
trentonknight