C836 Ch.7 Flashcards
Operations security (OPSEC)
The process we use to protect our information
Sun Tzu
A Chinese military general who lived in the sixth century BC and wrote The Art of War, a text that shows early examples of operations security principles
Purple Dragon
The codename of a study conducted to discover the cause of an information leak during the Vietnam War; is now a symbol of OPSEC
Competitive intelligence
The process of intelligence gathering and analysis in order to support business decisions
Name the five steps of the operations security process
- Identification of critical information
- Analysis of threats
- Analysis of vulnerabilities
- Assessment of risks
- Application of countermeasures
Haas’ Laws of Operations Security: The First Law
If you don’t know the threat, how do you know what to protect?
Haas’ Laws of Operations Security: The Second Law
If you don’t know what to protect, how do you know you are protecting it?
Haas’ Laws of Operations Security: The Third Law
If you are not protecting it, the dragon wins!
Cloud computing
Refers to services that are hosted, often over the Internet, for the purposes of delivering easily scaled computing services or resources
Identification of critical information
The first step in the OPSEC process, and arguably the most important: to identify the assets that most need protection and will cause us the most harm if exposed
Analysis of threats
The second step in the OPSEC process: to look at the potential harm or financial impact that might be caused by critical information being exposed, and who might exploit that exposure
Analysis of vulnerabilities
The third step in the OPSEC process: to look at the weaknesses that can be used to harm us
Assessment of risks
The fourth step in the OPSEC process: to determine what issues we really need to be concerned about (areas with matching threats and vulnerabilities)
Application of countermeasures
The fifth step in the OPSEC process: to put measures in place to mitigate risks
