Chapter 7 Flashcards
OPSEC
Operations Security
A security and risk management process that prevents sensitive information from getting into the wrong hands
Operations Security (OPSEC)
The five Operations Security Processes
- Identification of Critical Information
- Analysis of Threats
- Analysis of Vulnerabilities
- Assessment of Risks
- Application of Countermeasures
This Operations Security Process is to identify the most critical information assets
Identification of Critical Information
Which Operations Security Process is the most important step?
Identification of Critical Information
Which Operations Security Process is to look at what harm or financial impact might be caused by critical information being exposed, and who might exploit the exposure?
Analysis of Threats
Weaknesses that can be used to harm us
Vulnerabilities
Which Operations Security Process it to look at how you interact with assets and what areas an attacker might target to compromise them?
Analysis of Vulnerabilities
_______ occurs when there is a matching threat and vulnerabilities
Risks
Which Operations Security Process is to decide what issues are needed to be addressed?
Assessment of Risks
Which Operations Security Process is to put measures in place to mitigate risks?
Application of Countermeasures
Who created the Laws of Operations Security?
Kurt Haase
What are the three Laws of Operations Security?
- Know the Threat
- Know What to Protect
- Protect the Information
What is the first law of the Laws of Operations Security?
Know the Threat
If you don’t know the threat, how do you know what to protect?
What is the second law of the Laws of Operations Security?
Know what to Protect
If you don’t know what to protect, how do you know you are protecting it?
