Discussion post to fulfil the case requirement of the syllabus
Describe how you do or could use operations security in your current job
If you are currently unemployed, define the job you are looking to apply for and how you would use operation security in that job position
Operations Security, or OPSEC, is the process by way of which we defend unclassified statistics that can be used against us. OPSEC challenges us to seem at ourselves thru the eyes of an adversary (individuals, groups, countries, organizations). Essentially, each person who can damage people, resources, or mission is an adversary.
OPSEC should be used to guard information, and thereby deny the adversary the potential to act. Nearly 90% of the records accrued come from Open Sources. Any information that can be acquired freely, besides breaking the law, is Open Source. (Harris, S. 2013). It is social community sites, tweets, text messages, blogs, videos, photos, GPS mapping, newsletters, magazine or newspaper articles, your university thesis, or anything else that is publicly available.
Our OPSEC objective is to ensure a protected and impervious environment. OPSEC is great employed every day when making picks about what communications to use, what is written in emails or stated on the phone, postings on social networking web sites and blogs. Any statistics you put in the public domain is additionally handy to your adversaries.
Operational safety five-step process
Operational security typically consists of a five-step iterative process:
1. Identify fundamental information: The first step is to decide precisely what facts would be mainly dangerous to an organization if it was bought by way of an adversary. This includes intellectual property, employees' and/or customers' for my part identifiable data and financial statements.
2. Determine threats: The next step is to determine who represents a chance to the organization's fundamental information. There can also be numerous adversaries that goal distinct pieces of information and businesses must consider any rivals or hackers that may target the data.
3. Analyze vulnerabilities: In the vulnerability evaluation stage, the company examines potential weaknesses among the safeguards in location to defend the quintessential statistics that depart it susceptible to conceivable adversaries. This step includes identifying any doable lapses in physical/electronic methods designed to shield against the predetermined threats, or areas the place lack of security attention education leaves facts open to attack.
4. Assess risks: After vulnerabilities have been determined, the next step is to decide the hazard stage related with each of them. Companies rank the dangers according to factors such as the chances a specific assault will show up and how adverse such an assault would be to operations. The greater the risk, the extra pressing it will be for the agency to put in force risk administration controls. (Andress, J. 2014).
5. Apply terrific countermeasures: The last step consists of enforcing a graph to mitigate the dangers establishing with these that pose the biggest hazard to operations. Potential safety upgrades stemming from the danger mitigation graph include implementing extra hardware and training or developing new statistics governance policies.
Harris, S. (2013). Cissp exam guide. New York: McGraw-Hill.