Studied by 3 people
Information Assurance Component – (IAC)
An application (hardware and/or software) that provides one or more Information Assurance capabilities in support of the overall security and operational objectives of a system.
Information Assurance Manager – (IAM)
See Information Systems Security Manager.
Information Assurance Officer – (IAO)
See Information Systems Security Officer.
Information Assurance (IA) Professional –
Individual who works IA issues and has real-world experience plus appropriate IA training and education commensurate with their level of IA responsibility.
Information Assurance Vulnerability Alert (IAVA) –
Notification that is generated when an Information Assurance vulnerability may result in an immediate and potentially severe threat to DoD systems and information; this alert requires corrective action because of the severity of the vulnerability risk.
Information Domain –
A three-part concept for information sharing, independent of, and across information systems and security domains that 1) identifies information sharing participants as individual members, 2) contains shared information objects, and 3) provides a security policy that identifies the roles and privileges of the members and the protections required for the information objects.
Information Environment –
Aggregate of individuals, organizations, and/or systems that collect, process, or disseminate information, also included is the information itself.
Information Flow Control –
Procedure to ensure that information transfers within an information system are not made in violation of the security policy.
Information Management –
The planning, budgeting, manipulating, and controlling of information throughout its life cycle.
Information Operations (IO) –
The integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial human and automated decision-making process, information, and information systems while protecting our own.
Information Owner –
Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. See Information Steward. Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, classification, collection, processing, dissemination, and disposal.
Information Resources –
Information and related resources, such as personnel, equipment, funds, and information technology.
Information Resources Management (IRM) –
The planning, budgeting, organizing, directing, training, controlling, and management activities associated with the burden, collection, creation, use, and dissemination of information by agencies.
Information Security –
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Information Security –
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide— 1) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; 2) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and 3) availability, which means ensuring timely and reliable access to and use of information.
Information Security Architect –
Individual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.
Information Security Architecture –
An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.
Information Security Continuous Monitoring (ISCM) –
Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. [Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.]
Information Security Continuous Monitoring (ISCM) Process –
A process to: • Define an ISCM strategy; • Establish an ISCM program; • Implement an ISCM program; • Analyze data and Report findings; • Respond to findings; and • Review and Update the ISCM strategy and program.
Information Security Continuous Monitoring (ISCM) Program –
A program established to collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls.
Note 
Flashcard (61)