How OPSEC Can Improve Enterprise Security

1 - How OPSEC Can Improve Enterprise Security
2 - Overcoming Adversary OPSEC Starts With Detection
3 - Identification of Critical Information
4 - Analysis of Threats
5 - Analysis of Vulnerabilities
6 - Assessment of Risks
7 - Application of Appropriate Countermeasures
8 - NIST Also Provides Guidance to Follow
1 of 8

How OPSEC Can Improve Enterprise Security

Operational security is a way to help organizations of all sizes understand and organize the processes necessary to protect their networks and data.

2 of 8

Overcoming Adversary OPSEC Starts With Detection

A primary goal of most attackers is to avoid detection while maintaining the availability of their attack infrastructure. For defenders, overcoming adversary OPSEC starts with detection and involves efforts to disrupt, contain and minimize the impact of attacks.

3 of 8

Identification of Critical Information

For defenders, benefiting from OPSEC starts with a five-step process. The first step is to identify critical information, which provides a baseline for what needs to be defended.

4 of 8

Analysis of Threats

The second step in a defender OPSEC program is to analyze potential threats to understand fully what the threats are and how they could impact the protection of critical information.

5 of 8

Analysis of Vulnerabilities

It's also critically important for organizations to perform a vulnerability analysis that looks at both technology and people within an enterprise as potential vulnerabilities.

6 of 8

Assessment of Risks

After gaining an understanding of what external threats and internal vulnerabilities exist within an organization, the next step is to fully assess all the risks.

7 of 8

Application of Appropriate Countermeasures

With the risk assessment done, enterprises then must apply the right technologies, people and processes to provide operational security that mitigates potential threats and vulnerabilities and protects critical information.

8 of 8

NIST Also Provides Guidance to Follow

The Digital Shadows report also suggests that organizations look at the NIST (National Institute of Standards and Technology) recommendations in NIST 800-30, "Guide for Conducting Risks Assessments."

Top White Papers and Webcasts