Computer security means protecting the confidentiality, integrity, and availability of information stored on, processed by, and transmitted by computers. In order to achieve this, various governments and organizations have established laws, regulations, and standards for securing computers and the data stored, processed, and transmitted by them. This category is for questions about existing and proposed laws and standards specifically related to computer security including the contents of the laws & regulations, who is legally responsible, who/what the laws/regulations/standards apply to, how the security is evaluated, and how it is documented.
The act requires that data not be disclosed to other partieswithout the consent of the individual whom it is about, unlessthere is legislation or other overriding legitimate reason to sharethe information (for example, the prevention or detection ofcrime). Even residential homes may wind up in...
To a great degree, the Data Protection act of 1998 was passed bythe British Parliament in response to the Directive 95/46/EC of theEuropean Parliament so thatcould be considered the "who" that "invented" the Act. Somewherethere is probably a record of who first introduced the legislationand who...
Most spammers utilize very illegal means to broadcast theirmessages. They usually use bot networks - groups of machines theyhave compromised and turned into "zombies" - to launch theirmassive email barrages. There are several reasons for doing this: 1) since spamming is illegal in many areas, they...
it detects eve's dropping
Is it a violation of the Privacy Act of 1974 if an agency loses paperwork with your personal information?
The answer depends partly on what you mean by "loses". If by "loses" you mean that they can't find your information thenthey might be in violation by failing to be able to provide it toyou when requested - but then again, if they can't find it, thenthere may be difficulty proving that they are...
FISMA is the Federal Information Security Management Act of 2002.It was passed as Title III of the E-Government Act (Public Law107-347) in December 2002. FISMA requires each federal agency todevelop, document, and implement an agency-wide program to provideinformation security for the information...
No - the User Representative cannot also be the DAA.
DIACAP is DoD Instruction 8510.01. In that respect, SOME DoD instructions fall under DIACAP, but most DoD instructions have nothing to do with DIACAP.
The DoD IS has initiated the DITSCAP but does not have a signed Phase One System Security Authorization What is the next step?
C. Continue DITSCAP .This might have been a correct answer to a quiz in the past, but DoDI 5200.40 (DITSCAP) and DoD 8510.1-M (DITSCAP Manual) were cancelled when DoDI 8510.01 (DIACAP) was issued on November 28, 2007. If a system does not have a signed Phase One System Security Authorization...
DIACAP has been in force for more that 3 years so a system with aDITSCAP authorization has an EXPIRED authorization and the DAAshould issue a DATO immediately unless the system owner can providejustifcation for continued operation AND sufficient documentationto allow the CA to evaluate the risk of...
Its all about the safety for your customers and their data, if youhave to ask any information from customers, you have to make surethat their information must not leaked out to anyone , their safetyshould be your priority..
Computer crime, "cyberhacking", is in the news today. Warchive, listen or read for maybe 2 weeks and you will possibly see an article. Right now there are several. North Korea has been implicated in cyberattacks, that later was modified. Great Britain was just hit by "the largest cyber...
As far asthe ARMY is concerned, "The main role of the IASO is to provide Information Assuranceoversight, guidance and support to the general user in accordancewith the requirements of the Command's Information Assuranceprogram..The IASOmust be familiar with IA policy, guidance and...
The roles are listed in DoDI 8510. Usually the names of thosefilling the roles will also be listed in the Certification andAccreditation Plan (C&A Plan)
AR 25-2 does not actually specify password length but the Armypassword requirements (from BBP 04-IA-O-0001 which AR 25-2specifies should be followed) are: .All system-level accounts and privileged-level accounts usingpasswords will be a minimum of 15-characters long and changed every60 days .All...
The DAA has issued an accreditation decision granting a temporary authorization so that testing may be conducted what is the DAA's decision?
The described authorization is call an "Interim Authority to Test" (IATT).
DITSCAP is the outdated version of the DoD process for assessingthe security of DoD information systems. It was replaced by DIACAP.DIACAP is, in turn, being replaced by the RMF process wherecontinuous montoring is to be implemented. DIACAP : .Platform-centric as opposed to system or network...
Program or System Managers (PM or SM) for DoDinformation systems
DoD systems are categorized in two ways: mission assurance category (MAC) and classification level (CL). There are 3 MAC levels: I, II, and III. Refer to DoDI 8500.2 for more details, but in general terms: MAC I systems cannot ever go down - the mission of the organization fails, the war is...
Health Care Industry here all of them 1. Health Care Industry 2. When you are assigning a user's rights, it is dependent upon their job needs . 3. User Accounts applet then change an account and select the account. Then click change the password 4. enter a wrong password 5. Power-On...
"The Sarbanes-Oxley Act of 2002 (SOX), is a United States federal law enacted on July 30, 2002, which set new or enhanced standards for all U.S. public company boards, management and public accounting firms. Compliance to SOX Compliance to SOX is focused specifically on what records need to be...
In accordance with AR 25-2 whose responsibility is it to ensure all users receive initial and annual IA awareness training?
Yes - DIACAP requires you to review your IA posture. .DoDI 8510.2 (DIACAP) and DoDI 8500.2 both require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal...
What determines the degree to which a system complies with assigned IA controls based on validation results and then makes a certification determination to the DAA?
The DIACAP Scorecard conveys compliance with assigned IA Controlsand the IS C&A decision status. The Certifying Authority (CA)has the authority and responsibility for the certification ofinformation systems governed by a DoD Component IA Program.
AR 25-27 does not currently exist. Perhaps you are thinking of AR 25-2? Please provide the full name of the document you are referring to.
The answer depends on what aspect of computer law you want to "do". To actually practice law and litigate on legal matters involving computer usage, software copyrights and patents, etc. you need a law degree in the USA. I'm not sure what is required elsewhere like the UK or India or Japan or South...
The DAA may elect to make an accreditation decision without first receiving a certification determination?
What acts as a liaison between field operations and the DAA to ensure that the user community's needs are met?
That would be the User Representative.
The answer depends a bit on what you mean by "sources of responsibility". DoDI 8510.01, paragraph 5.8.5 states that Heads of the DoD Components Appoint DAAs for DoD ISs under their purview so the DAA derives their authority and responsibility from that appointment. Under paragraph 5.9.1, the...
IASO is to ensure that all personnel associated with IS receivesystem-specific and general awareness security training (see AR25-2, para 3-2f) including: .IA training and certification .IA situation and awareness briefing .Information Assurance Workforce Improvement Program .Information...
DoDI 8500.2 assigns responsibilities to role of the IASO as aDIACAP team member.
Fisma and omb memorandum m-07-16 require federal government organizations to implement policies for handling lost pii?
For both Certified and Uncertified Army personnel assigned as: IAMgmt 1, IA Mgmt 2, IA Mgmt 3 IA Tech 1, IA Tech 2, or IA Tech 3,the IASO course is required.
CISSP or Security+
The Data Protection Act of 1998 ensures that companies andindividuals do everything in their power to ensure that anyinformation held by said company is only kept for as long asreasonably needed, is kept secure and confidential, and is onlyaccessed by authorised persons who have a genuine need to...
Type your answer here... computers are for both business and personal use. we use computers in almost eveyrhing that a human being can do now. we use them to be able to communicate. the whole world is computerized. but the difference between personal and professional use of a computer is what is...
According to paragraph 188.8.131.52.3 of DODI 8500.2, the PM for a system cannot be the DAA for their own system.
Yes. The Principal Accrediting Authority (PAA) is normally the DAA(designated accrediting authority) or AO (accreditingofficial/officer).
The specific requirements will depend on the exact job but they usually fall into just a few categories: Technical .knowledge of how computers work .knowledge of how security appliances like firewalls function .knowledge of how networks work .knowledge of how specific computer hardware...
The status register holds the values of "flags" - bits indicating information about the state of the processor. Usually the bits indicate one of three possible outcomes of an arithmetic function: zero, carry, or overflow. A "Zero" flag means that the result of an operation was "zero" - for example...
The first DIACAP document that lists the team members will usually be a document called the System Identification Profile (SIP).
Which diacap package component is created only when an accreditation decision includes corrective actions?
A Plan of Action and Milestones (POAM) is created to capture corrective actions and track them to completion. Any system receiving an IATO must create this component.
Your source for DIACAP resources and knowledge services can be discovered through your relationship and support from?
Who is responsible to ensure all users receive initial and annual ia awareness training according to ar 25-2?
Which of the following is allowed iaw ar 25-2 installation of software configuration of an is or connecting any iss to a distributed computing environment with prior approval?
Installation of software, configuration of an IS or connecting any ISs to a distributed computing environment with prior approval.
Who is responsible for ensuring that each assigned DoD information system has a designated Information Assurance Manager with the support authority and resources to satisfy the responsibilities?
According to DODI 8510.01: .5.16 . The Program Manager (PM) or System Manager (SM) for DoD ISs shall: 5.16.1 . Ensure that each assigned DoD IS has a designated IA manager (IAM) with the support, authority, and resources to satisfy the responsibilities established in Reference (d) and this...
DAA, CA, SIAO, PM, IAM, and IAO (or IASO) www.lunarline.com - best in the biz
According to DODI 8500.2, the "DIACAP team members" are defined as: .E2.25. DIACAP Team. Comprised of the individuals responsible for implementing the DIACAP for a specific DoD IS. At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the...
Yes - At each state of the process, the IASO must be notified.
In a Defense in Depth strategy what could be done to help prevent a system from booting into an alternate operating system?
all of the above
DIACAP requires that the system owner see that a review of the IA posture of their system be conducted at least annually.
Is the IASO responsible for enforcing policy guidance and training requirements such as providing annual user awareness training?
According to AR 25-2, the IASO is responsible for enforcing policy guidance and training requirements.
NAT overload and PAT.
Does AR 25-2 allow installation of software configuration of an IS or connecting any ISs to a distributed computing environment with prior approval?
According to section 1-5, paragraph a), AR 25-2 applies to distributed computing environments (DCEs). Software may be installed and configured to allow connection of an IS to a DCE if AR 25-2 is followed and prior approval is granted.
What is your source for DIACAP resources and knowledge services can be discovered through your relationship and support from?
source for DIACAP resources and knowledge services
Failure to use a base64 password, allowing the admin to seamlessly integrate authentication protocols
These may be waived under severe complications. You would have totalk to your local office to see if they apply to you.
The secure class of a system to make sure it is protected and secure from other nations.
International Association for the Study of Obesity
What circumstances can the DAA waive the certification requirements for the army training and certification BBP?
In accordance with the army training and BBP certification, the DAA can waive the certification requirements for the army and training due to several operational and personnel constraints.
Logoff their computers at the end of the work day
Encrypting hard drives
Within six months of appointment.
There are no mistakes list to determine which are mistakes. To makesure no mistakes are committed consult a professional.
Within 6 Months
What DIACAP package component is considered to be the central certification document and contains the accreditation decision?
According to DoD 8510.01 (DIACAP), paragraph 5.16.8, the Program Manager (PM) or System Manager (SM) shall: "Ensure annual reviews of assigned ISs required by FISMA are conducted.".So reviews must occur at least once a year.
Source for DIACAP resources and knowledge services can be discovered through your relationship and support from?
As per Section 4-5, paragraph a.(8)(a): All users must receive IA awareness trainingtailored to the system and information accessible before issuanceof a password for network access. The training will include thefollowing: .Threats, vulnerabilities, and risks associated with the system.This...
In accordance with the army training and certification bbp under what circumstances can the daa waive the certification requirements?
DAA may waive the certification requirement under severe operational or personnel constraints
Logoff their computers at the end of the work day
We consider scheduling problems in parallel and distributed settings in which we need to schedule jobs on a system offering a certain amount of some resource. Each job requires a particular amount of the resource for its execution. The total amount of the resource offered by the system is different...
The result of encryption of plaintext is cyphertext. When cyphertext is translated back to plaintext, the process is called decryption.
Without knowing the context, it's difficult to be sure. .It could be simply a decimal number, 6,245, with leading zeros. .In computer programming, it is customary to write base 8 (octal) numbers with leading zeros. This could be a number in base 8, since it doesn't contain any digits greater...
Does installation of software configuration of an IS or connecting any ISs to a distributed computing environment require prior approval?
If it is a DoD system, then according to DoDI 8510 - yes - it doesrequire prior approval. If it is a commercial system, then the answer will be dependent onthe company policy (but a good company policy WILL require approvalprior to connection).
For IAM level I GISF GSLC Security+ CAP For IAM level II GSLC CSIM CISSP (or CISSP Associate) CAP For IAM level III GSLC CISM CISSP (or CISSP Associate)
Your source for DIACAP resources and knowlege services can be discovered through your relationship and support from?
The Defense Information Systems Agency (DISA).
IASO stands for "Information Assurance Security Officer." In general terms they are responsible for managing and enforcing DoD Information Assurance rules, regulations, policies, and procedures - in particular those of the US Army. According to AR 25-2, section 3-2 f, the responsibilities an IASO...
When an Army organization wishes to establish an external official presence on the Internet they must first contact the appropriate IAM and Privacy Act official who will assess what?
This question cannot be answered without first specifying the activity.
According to DoD 8510.01 (DIACAP), paragraph 4.9: "All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing." And according to...
Information System Security Officer
Jim your organizations iam has been contacted by the program manager to assist in implementing the diacap Jim is not required to assist the pm in this activity and should pass this activity off t?
Both the IAM and the IAO have responsibilities in implementing DIACAP. Table E3.A1.T1 of DoDI 8500.2 states that the System Identification Profile must list the members of the DIACAP team, to wit: .Identify the DIACAP Team (e.g., DAA, the CA, the DoD IS PM or SM, the DoD IS IAM, IAO, and UR. ....
DAA may waive the certification requirement under severe operational or personnel constraints.
Under AR 25-2 regulations a Network or System Administrator is not authorized to view content except?
A. With the consent of the user or file owner, preferably in writing. .B. While performing system backup and recovery. .C. While performing anti-virus functions. .D. As necessary for the continued operation and system integrity of the AIS. .E. As part of a properly authorized investigation. .F....
Does dodd 8510-1m requires the iaso to ensure personnel receive system-specific and annual ia awareness training?
8510.01M was signed in 2000 was written to go with DITSCAP (DoDI 5200.40 - signed in 1997), which has since been superseded by DIACAP (DODI 8510.01 - signed in 2007) Ultimately, responsibility for ensuring the training rests with the IAM, but the IAM can, and often does, delegate the...
From a legal standpoint, it's a group of laws designed to protect the rights (and incomes) of creators. From a moral standpoint, it's essentially the same: protecting the rights of creators. Because copyright violations are so easy and so frequent, law enforcement has no chance of monitoring and...
Since under 8500.2, an ATO cannot be issued for more than 3 years, if a system is operating under a DITSCAP package that is 4 years old, its ATO has expired and the DAA can (and should) issue a DATO (Denial of Authorization To Operate), meaning that the system is immediately denied ATC (Authority To...
"Sharing" and "downloading" seem to have slightly different legalstatuses. If you look into all these lawsuits, at LEAST the VASTmajority are people that are allowing their computers to be used as"supernodes", and I would bet money that ALL of the lawsuits areagainst people that have a shared folder...
DODI 8510.01 (DIACAP) is the current DoD process for IA Certification and Accreditation of DoD systems. It replaced DITSCAP.
DIACAP requires that the security posture of any DoD system be evaluated at least annually. A system must undergo the full DIACAP process prior to being placed into service, whenever a major change occurs, and prior the expiration of the accreditation of the system if it already has an ATO. The DAA...
According to DODI 8510.01 (DIACAP), paragraph 4.9: "All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing." Note that in the case of a...
DAA, CA, SIAO, PM, IAM, and IAO (or IASO)
A DIACAP review has to be executed for every new system, for every major change to an existing system, and at least every 3 years for any currently accredited system.
Indian Services Officer