Unit 5 Listen and Read:
Operational security
OPSEC (operational security) is an analytical process that classifies information assets and determines the controls required to protect these assets. OPSEC originated as a military term that described strategies to prevent potential adversaries from discovering critical operations-related data. As information management and protection has become important to success in the private sector, OPSEC processes are now common in business operations. Security is critical for enterprises and organizations of all sizes and in all industries. Weak security can result in compromised systems or data by a malicious threat actor. Common countermeasures include application firewalls, encryption programs, patch management and biometric authentication systems. When it comes to risk management, OPSEC encourages managers to view operations or projects from the outside-in, or from the perspective of competitors (or enemies) in order to identify weaknesses. If an organization can easily extract their own information while acting as an outsider, odds are adversaries outside the organization can as well. Completing regular risk assessments and OPSEC is key to identifying vulnerabilities.