What exactly does OpSec stand for?BySydney Butler-November 14, 2018.877 The clear and unchanging reality here is that technology alone can not protect your privacy. The tools for protection are just those. Just as the best tools mean nothing in the hands of someone who is unfamiliar with how to use them, they need to be implemented through a solid technique.
Step One-What is sensitive information?
.878 Not all of your details can be covered. A lot of this has to be done for living or doing business. Much of it just isn’t so relevant. No-one knows about it and they can’t do anything with it. To develop yourself effective protection you need to focus on the details that really matters.
Step Two Risk Analysis
.879 Now you have to take each category of sensitive information you have selected and then list the types of threats that may be attracted by each. For example, if your mailbox doesn’t have a lock you may be at greater risk of targeting it by a random person. The same holds true for your garbage. If your garbage is not kept in a safe area, somebody could go ahead and rifle it through. Have you confidential details about a device that is connected to your Lan? Someone can access this through hacking your WiFi.
Step Three Finding security holes
.880 Ok so you know two things right now. The next step is to look at the protective measures already in place and determine what kind of vulnerabilities they have. If this is the first OpSec process then clearly no security could be in place at all. Regardless of the status quo, take an objective look at the security measures and list the different ways that you might imagine someone could use to circumvent them. Do not think, for now, that some of them are far-fetched. It’s about being thorough.
Step Four Vulnerability risk assessment
With all this knowledge under your belt, the time has come to plan a series of countermeasures for each vulnerability. Countermeasures take time and money to execute and the countermeasure might not be anything at all for the most far-fetched low risk vulnerabilities. Countermeasures are not just technical, either. This can include things like changing the way your job learns more about detecting things like phishing emails, and rethinking where and how the data is stored. Your countermeasures must be inexpensive and effective in practice, too. It’s quite a balancing act, but your defense becomes more granular and more efficient with each cycle of these five phases.