0
Computer Security Law
Computer security means protecting the confidentiality, integrity, and availability of information stored on, processed by, and transmitted by computers. In order to achieve this, various governments and organizations have established laws, regulations, and standards for securing computers and the data stored, processed, and transmitted by them. This category is for questions about existing and proposed laws and standards specifically related to computer security including the contents of the laws & regulations, who is legally responsible, who/what the laws/regulations/standards apply to, how the security is evaluated, and how it is documented.
310 Questions
- A. With the consent of the user or file owner, preferably in writing.
- B. While performing system backup and recovery.
- C. While performing anti-virus functions.
- D. As necessary for the continued operation and system integrity of the AIS.
- E. As part of a properly authorized investigation.
- F. All of the Above (Actual Answer)
Both the IAM and the IAO have responsibilities in implementing DIACAP. Table E3.A1.T1 of DoDI 8500.2 states that the System Identification Profile must list the members of the DIACAP team, to wit:
Identify the DIACAP Team (e.g., DAA, the CA, the DoD IS PM or SM, the DoD IS IAM, IAO, and UR.
Note that BOTH the IAM and IAO are listed. The acronym IASO is synonymous with IAO.
The IAM may delegate the actual work to the IAO/IASO but still has ultimate responsibility to see that the work gets done. They do not have sole responsibility however - the other listed team members also share the responsibility.
What Assurance that information is not disclosed to unauthorized recipients?
Confidentiality is the assurance that things are not disclosed to unauthorized recipients.
What is the job description of an IASO?
As far as the ARMY is concerned,
"The main role of the IASO is to provide Information Assurance oversight, guidance and support to the general user in accordance with the requirements of the Command's Information Assurance program.
The IASO must be familiar with IA policy, guidance and training requirements, per AR 25-2,and Best Business Practices (BBP).
The IASO is assigned to the lowest Information Assurance management level."
One of the duties of the IASO is to ensure that all personnel associated with IS receive system-specific and general awareness security training (see AR 25-2, para 3-2f) including:
- IA training and certification
- IA situation and awareness briefing
- Information Assurance Workforce Improvement Program
- Information Assurance Training and Certification Best Business Practice (BBP)
What certifications would satisfy DODI 8570 for IAM level l and IAM level lll?
For IAM level I
GISF
GSLC
Security+
CAP
For IAM level II
GSLC
CSIM
CISSP (or CISSP Associate)
CAP
For IAM level III
GSLC
CISM
CISSP (or CISSP Associate)
What is conclusion of encryption?
The result of encryption of plaintext is cyphertext. When cyphertext is translated back to plaintext, the process is called decryption.
from disa
DIACAP requires you to review your IA posture every?
According to DoD 8510.01 (DIACAP), paragraph 5.16.8, the Program Manager (PM) or System Manager (SM) shall:
"Ensure annual reviews of assigned ISs required by FISMA are conducted."
So reviews must occur at least once a year.
When does DIACAP requires you to review your IA posture?
DIACAP requires that the system owner see that a review of the IA posture of their system be conducted at least annually.
DISA
A Plan of Action and Milestones (POAM) is created to capture corrective actions and track them to completion. Any system receiving an IATO must create this component.
The Principal Accrediting Authority the DAA?
Yes. The Principal Accrediting Authority (PAA) is normally the DAA (designated accrediting authority) or AO (accrediting official/officer).
False
What is allowed by IAW AR 25-27?
AR 25-27 does not currently exist.
Perhaps you are thinking of AR 25-2? Please provide the full name of the document you are referring to.
DIACAP requires you to review your IA posture?
Yes - DIACAP requires you to review your IA posture.
DoDI 8510.2 (DIACAP) and DoDI 8500.2 both require that the IA posture of all systems belonging to an organization must be reviewed at least once a year.
Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least every 3 years.
Levels which are used in the DIACAP?
DoD systems are categorized in two ways: mission assurance category (MAC) and classification level (CL).
There are 3 MAC levels: I, II, and III.
Refer to DoDI 8500.2 for more details, but in general terms:
MAC I systems cannot ever go down - the mission of the organization fails, the war is lost, people die - bad, bad stuff happens if the system goes down without another system coming on line immediately to take over for it
MAC II systems cannot be down for very long. When they are down, mission capability is degraded until the capability is restored. A great many DoD systems fall in this category
MAC III systems need to be back up and running as soon as reasonable. They are not critical or vital to operations but do impact day to day operations. Public facing web sites, continuing learning sites, stuff like that are typical MAC III systems
There are 3 CL levels: classified, sensitive, public
Classified includes system handling information with Confidential, Secret, and Top Secret classifications
Sensitive includes systems handling unclassified information that is nevertheless sensitive such as Personal information (PII) like soldiers social security numbers, annual personnel evaluations, etc, as well as information that is FOUO or CUI (controlled unclassified information.
Public includes systems handling information open to the public such as public DoD web sites.
What information do you have about Dana Augustine inc?
Since 1981 Dana Augustine, Inc. has designed, produced, and sold diamond rings of extraordinary quality and style. All of Dana Augustine, Inc.'s stylish mountings are designed and manufactured in its facility and offices in Atlanta, Georgia.
When you compare DAI rings you will find they are of the highest quality and craftsmanship. Each ring is a miniature work of art created from beautiful diamonds, with intricate details, sculpted lines, and substantial weight, all set and finished by the hands of experienced American jewelry craftsmen.
Our rings are all marked with our registered trademark: "DAI" and each is designated based on its gold content at 14K (14 karat), 18K (18 karat), or Plat (Platinum).
Dana Augustine's constant goal is to provide you with jewelry of uncompromising quality at the best value with the assurance that you can rely upon the experience, reputation, and integrity of a company which has done exactly this for over thirty years.
Our jewelry is available to you through fine jewelry retailers nationwide. To meet with one of our design teams to see, try on, and select your own DAI ring, please check with your local fine jeweler and schedule an appointment for our next special diamond and restyling event.
What are the Three levels of confidentiality levels used in the DIACAP?
Classified, Sensitive and Public
What covers DIACAP states that the IA posture of an organization will be reviewed every two years?
DIACAP (DoD 8510.01) requires organizations to abide by DoDI 8500.2. Paragraph 4.9 of 8500.2 states:
4.9. All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing.
Note that it is the IA posture of the SYSTEM that is reviewed rather than the organization and that the review is EVERY YEAR, not just every 2 years.
What are the asset's security requirements in banking?
The question may be asking about asset (as in bookkeeping) and security (as in collateral on a loan) rather than 'computer security'.
From a computer security standpoint, the requirements would include:
- establishing records retention requirements for audit papers - since these can be electronic records, a policy and means to retain them and be able to locate the relevant records is required. Section 802 of the US Sarbanes-Oxley law mandates that companies and their auditors maintain accounting documents and work papers for a minimum of seven years.
- establishing controls to protect the confidentiality of banking records - preventing unauthorized access to them
- establishing controls to protect the availability and reliability of systems handling banking information
- establishing controls to protect the integrity of banking information - no unauthorized changes to the records (think in terms of someone trying to conceal fraud, embezzlement, etc.)
- establishing regular system auditing - to identify security breaches, unauthorized activity, suspicious activity, system failures, etc.
Senior management can't just certify controls ON the system, these controls also have to control the way financial information is generated, accessed, collected, stored, processed, transmitted, and used through the system - this means implementing appropriate controls to ensure the confidentiality, integrity, and availability of banking information
Is diacap established dodi 8510bb?
DODI 8510 bb was the initial release of the DIACAP document. The current version is DODI 8510.01, dated November 29, 2007.
Does ditscap supersedes diacap?
DIACAP replaced DITSCAP as the process for certification and accreditation of DoD information systems. DIACAP supersedes DITSCAP.
