7) Operations Security Flashcards
A formal methodology of operations security.
OPSEC
Risk can be higher when ___ services are used for computing operations.
a) competitive intelligence
b) auditing
c) OPSEC
d) cloud computing
d) cloud computing
The process we use to protect our information.
OPSEC
OPSEC is the process we use to protect our information. What does OPSEC stand for?
Operations security
A Chinese military general who lived in the sixth century BC and wrote The Art of War, a text that shows early examples of operations security principles.
Sun Tzu
The codename of a study conducted to discover the cause of an information leak during the Vietnam War. It’s now a symbol of OPSEC.
Purple Dragon
The process of intelligence gathering and analysis in order to support business decisions.
Competitive intelligence
Name the five steps of the operations security process.
1) Identification of critical information
2) Analysis of threats
3) Analysis of vulnerabilities
4) Assessment of risks
5) Application of countermeasures
Haas’ Laws of Operations Security: The First Law
If you don’t know the threat, how do you know what to protect?
Haas’ Laws of Operations Security: The Second Law
If you don’t know what to protect, how do you know you are protecting it?
Haas’ Laws of Operations Security: The Third Law
If you are not protecting it, the dragon wins!
Refers to services that are hosted, often over the Internet, for the purpose of delivering easily scaled computing services or resources.
Cloud computing
The first step in the OPSEC process, and arguably the most important: to identify the assets that most need protection and will cause us the most harm if exposed.
Identification of critical information
The second step in the OPSEC process: to look at the potential harm or financial impact that might be caused by critical information being exposed, and who might exploit that exposure.
Analysis of threats
The third step in the OPSEC process: to look at the weakness that can be used to harm us.
Analysis of vulnerabilities
The fourth step in the OPSEC process: to determine what issues we really need to be concerned about (areas with matching threats and vulnerabilities.
Assessment of risks
The fifth step in the OPSEC process: to put measures in place to mitigate risks.
Application of countermeasures
The study that was conducted to discover the cause of the information leak during the Vietnam War was codenamed ___ and is now considered a symbol of OPSEC.
Purple Dragon
The process of intelligence gathering and analysis to support business decisions is known as ___.
competitive intelligence
Haas’ second law of operations security, “If you don’t know what to protect, how do you know you are protecting it?,” maps to what step in the operations security process.
Identification of critical information
You are leaving for an extended vacation and want to take steps to protect your home. You set a timer to turn lights and the TV on and off at various times throughout the day, suspend the mail delivery, and arrange for a neighbor to come in and water the plants. What step in the operations security process do these actions demonstrate?
Application of countermeasures
During what phase of the operations security process do we match threats and vulnerabilities?
Assessment of risks
