7) Operations Security

Question 1

A formal methodology of operations security.

Answer 1

OPSEC

Question 2

Risk can be higher when ___ services are used for computing operations.

a) competitive intelligence
b) auditing
c) OPSEC
d) cloud computing

Answer 2

d) cloud computing

Question 3

The process we use to protect our information.

Answer 3

OPSEC

Question 4

OPSEC is the process we use to protect our information. What does OPSEC stand for?

Answer 4

Operations security

Question 5

A Chinese military general who lived in the sixth century BC and wrote The Art of War, a text that shows early examples of operations security principles.

Answer 5

Sun Tzu

Question 6

The codename of a study conducted to discover the cause of an information leak during the Vietnam War. It’s now a symbol of OPSEC.

Answer 6

Purple Dragon

Question 7

The process of intelligence gathering and analysis in order to support business decisions.

Answer 7

Competitive intelligence

Question 8

Name the five steps of the operations security process.

Answer 8

1) Identification of critical information
2) Analysis of threats
3) Analysis of vulnerabilities
4) Assessment of risks
5) Application of countermeasures

Question 9

Haas’ Laws of Operations Security: The First Law

Answer 9

If you don’t know the threat, how do you know what to protect?

Question 10

Haas’ Laws of Operations Security: The Second Law

Answer 10

If you don’t know what to protect, how do you know you are protecting it?

Question 11

Haas’ Laws of Operations Security: The Third Law

Answer 11

If you are not protecting it, the dragon wins!

Question 12

Refers to services that are hosted, often over the Internet, for the purpose of delivering easily scaled computing services or resources.

Answer 12

Cloud computing

Question 13

The first step in the OPSEC process, and arguably the most important: to identify the assets that most need protection and will cause us the most harm if exposed.

Answer 13

Identification of critical information

Question 14

The second step in the OPSEC process: to look at the potential harm or financial impact that might be caused by critical information being exposed, and who might exploit that exposure.

Answer 14

Analysis of threats

Question 15

The third step in the OPSEC process: to look at the weakness that can be used to harm us.

Answer 15

Analysis of vulnerabilities

Question 16

The fourth step in the OPSEC process: to determine what issues we really need to be concerned about (areas with matching threats and vulnerabilities.

Answer 16

Assessment of risks

Question 17

The fifth step in the OPSEC process: to put measures in place to mitigate risks.

Answer 17

Application of countermeasures

Question 18

The study that was conducted to discover the cause of the information leak during the Vietnam War was codenamed ___ and is now considered a symbol of OPSEC.

Answer 18

Purple Dragon

Question 19

The process of intelligence gathering and analysis to support business decisions is known as ___.

Answer 19

competitive intelligence

Question 20

Haas’ second law of operations security, “If you don’t know what to protect, how do you know you are protecting it?,” maps to what step in the operations security process.

Answer 20

Identification of critical information

Question 21

You are leaving for an extended vacation and want to take steps to protect your home. You set a timer to turn lights and the TV on and off at various times throughout the day, suspend the mail delivery, and arrange for a neighbor to come in and water the plants. What step in the operations security process do these actions demonstrate?

Answer 21

Application of countermeasures

Question 22

During what phase of the operations security process do we match threats and vulnerabilities?

Answer 22

Assessment of risks