What is OPSEC?

Viltzu - May 20, 2024 - Opsec
Tags



What is OPSEC?

There are few different definitions for it but because I'm a simple blogger and like to oversimplify things, in my head it meas "to protect something or to keep something safe with certain actions and strategy". Before you point your pitchforks towards me, yes, we are going to check out some better (and comprehensive) defenitions about it. Let's have a look!

I found my favorite longer definition for OPSEC from i2p Rambler forum, where it says:
"Operations Security, or OPSEC, is about minimizing attack surfaces and single points of failure through proper habits and policies. It's a systematic and proven process that we can use to deny adversaries information they need to do us harm or interrupt our plans. It's also a mindset that can be applied to any missions or plan.

Although the term originated in the military, OPSEC is now used for so much more. This includes law enforcement, computer and network security, home safety, travel and so much more.

OPSEC isn't a list of rules, and it's not as simple as using VPN and keeping your mouth shut. It includes elements of INFOSEC, APPSEC, NETSEC, COMSEC (TRANSEC / SIGSEC / EMSEC), PHYSEC (PERSEC), and (CO)INTEL.

The OPSEC Process

- Identify the information you need to protect

- Analyze the threats

- Analyze your vulnerabilities

- Assess the risk

- Apply countermeasures

 

Understand your own risk/threat model: Who is your adversary? What needs protecting?

The OPSEC Two-Step: Know what to protect and know how to protect it."


...That was a lengthy one but, in my opinion summarize everything quite well. There are similar definition with little different explanation in Techtarget, Wikipedia, Fortinet, SANS and NIST if you wish to see and compare how they define OPSEC.

What is common with all the sites mentioned above they agree on that:


- OPSEC comes from a military term "Operational Security" (some sources say "Operations" but "Operational" is more commonly used in my experience)
- It is a method/process that prevents sensitive information getting into the wrong hands
- That there are five steps included in operational security, which are:
1. Identification of critical information
2. Analysis of threats
3. Analysis of vulnerabilities
4. Assessment of risks
5. Application of appropriate countermeasures

Wording varies a little but principle and the goal is the same: Know what (sensitive information) to protect and know how to protect it.




Hopefully this helped you understand the meaning of OPSEC. We'll soon discuss about how to apply OPSEC in practice with few examples.

Did this help you understand the definition of OPSEC? Have you heard or used another definition of OPSEC? Let me know in the comments!



Back


Login to like - 0 Likes


Profile picture
Viltzu

OSINT and Cybersecurity enthusiast with thirst for learning more.

| | |



Comments


No Comments yet. Be first to comment