Operations Security (OpSec)
Operations security (OPSEC) is a process used to protect information from unauthorized access and disclosure.
- involves putting security measures in place
- Must identify what to protect and what to protect against
Operations Security Process
The US government operations security process has 5 parts:
- Identification of critical information
- Analysis of threats
- Analysis of vulnerabilities
- Assessment of risks
- Application of countermeasures
See Threats, Vulnerabilities, Risk, and Impact.
Countermeasures are measures put in place to mitigate risk.
Laws of Operations Security
- Kurt Haase distilled the operations security process into three rules
- a former employee of the Nevada Operations Office of the Department of Energy
- called the laws of OPSEC
- “If you don’t know the threat, how do you know you’re secure?”
- “Security is a state of mind”
- Laws:
- Know the threats
- Know what to protect
- Protect the information