Fundamentals of Operations Security
Goals
- Define operations security, including identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of countermeasures
- Detail Haas’s Laws of operations security
- Identify elements of risk management in policies and procedures
- Identify the layers of a defense-in-depth strategy
- Compare the abilities of physical, logical, and administrative controls, and combinations of same, to protect resources
- Categorize cybersecurity principles and defense concepts according to area of impact
- Classify security principles and actions according to the types of attacks they mitigate or eliminate
- Classify attacks according to the cybersecurity concept or principle that was violated
- Identify cybersecurity concepts and principles that protect critical information (e.g., intellectual property, files)
- Identify the types of assets or resources that can be secured
- Categorize security principles and cyber defense concepts according to the type of asset or resource needing protection
- Classify threats and attacks according to what leg of the CIA triad is targeted
- Categorize control mechanisms (i.e., physical, logical, administrative) according to the type of risk they mitigate or eliminate
- Align the four types of attacks (i.e., interception, interruption, modification, and fabrication) to the legs of the CIA triad