How OPSEC Can Improve Enterprise Security

Operational security is a way to help organizations of all sizes understand and organize the processes necessary to protect their networks and data.

A primary goal of most attackers is to avoid detection while maintaining the availability of their attack infrastructure. For defenders, overcoming adversary OPSEC starts with detection and involves efforts to disrupt, contain and minimize the impact of attacks.

For defenders, benefiting from OPSEC starts with a five-step process. The first step is to identify critical information, which provides a baseline for what needs to be defended.

The second step in a defender OPSEC program is to analyze potential threats to understand fully what the threats are and how they could impact the protection of critical information.

It’s also critically important for organizations to perform a vulnerability analysis that looks at both technology and people within an enterprise as potential vulnerabilities.

After gaining an understanding of what external threats and internal vulnerabilities exist within an organization, the next step is to fully assess all the risks.

With the risk assessment done, enterprises then must apply the right technologies, people and processes to provide operational security that mitigates potential threats and vulnerabilities and protects critical information.

The Digital Shadows report also suggests that organizations look at the NIST (National Institute of Standards and Technology) recommendations in NIST 800-30, “Guide for Conducting Risks Assessments.”