Understanding OPSEC and Utilizing Best Practices Discussion
Order ID 53563633773 Type Essay Writer Level Masters Style APA Sources/References 4 Perfect Number of Pages to Order 5-10 Pages
Respond to the following 2 posts with 150 word responses :
“1. In today’s information dominated world, can anyone really practice good OPSEC? Yes or no, and why?
Practicing good OPSEC is still possible despite today’s information dominated world. Understanding OPSEC and utilizing best practices is what makes it possible. OPSEC is a risk management process that aims to limit sensitive information from falling into the hands of adversaries. When I think of OPSEC I automatically relate it to the military, but I’ve noticed it’s becoming increasingly popular in the private sector as well.
Digital Guardian lists five steps to stopping external threats and safeguarding the workplace (identify sensitive data, identify possible threats, analyze security holes and other vulnerabilities, appraise the level of risk associated with each vulnerability, and get countermeasures in place) (Digital Guardian). When identifying sensitive data, organizations need to focus on critical resources that will need to be protected i.e., product research, intellectual property, financial statements, customer information, and employee information. (Digital Guardian). Possible threats can be categorized as information that is deemed sensitive. I think it’s important to note that possible threats aren’t only external but can be internal as well (negligent employees and disgruntled workers). Analyzing vulnerabilities includes assessing safeguards and identifying weaknesses that exist and may be exploited. Appraising the level of risks simply means ranking the organizations vulnerabilities (likelihood a breach or attack were to happen and extent of damage) in order to prioritize mitigating the associated risk. Implementing countermeasures is vital to OPSEC because these are plans (rules, regulations, standard operating procedures) to eliminate and mitigate risks. Examples of countermeasures can be training employees on security practices and company policy, and how to handle sensitive data, etc.
In the military there’s an old adage we use, “Loose lips, sink ships”. This catchphrase along with the picture of Uncle Sam is used in online training, in-person classes, posters, anything and everything you can think of OPSEC related. This adage is used to remind people not to talk about anything in relation to troop movement, deployments, preparation for deployments, timelines, etc. With social media and the prevalence of information sharing today, it is important to put into play these best practices. An adversary can very easily gather bits and pieces of information to process the larger picture which is why maintaining OPSEC is crucial. By choosing carefully how, when, and how much is said, we are amplifying the importance of best practices towards OPSEC. Taking such measures like the ones listed above make it possible whether in the military or outside of it to practice good OPSEC.
“What Is Operational Security? The Five-Step Process, Best Practices, and More.” Digital Guardian, 1 Dec. 2020, digitalguardian.com/blog/what-operational-security-five-step-process-best-practices-and-more.””
2. “In today’s information-dominated world, there are many difficulties in practicing good OPSEC, but it is possible to a point. Any workforce will begin to lose focus and put less of a good effort in keeping information secure after time, especially if they’ve been without a major incident. When this scales up to a large organization/corporation/agency level, then the impact of individual complacency grows. Improving and maintaining OPSEC is a necessity for an organization to keep certain information from becoming public.
Regular engaging training and testing with workers should be part of any OPSEC program. As part of any internal training program of any organization, OPSEC should be an included module. This could range from revealing the recipe for Raising Cane’s Sauce, to the newest features of the next iPhone, or to the nuclear propulsion capabilities of a surface ship. Testing could be performed by internal information auditors, operating essentially as counter-intelligence personnel, planning activities to “fix leaks,” while also setting up further training and education initiatives.
Propaganda posters of “Loose lips sink ships,” aren’t necessarily useful, but basic informational reminders should be regularly integrated within an engaging training program. With a computer in every pocket, or wrist, vehicle, etc., there are many opportunities for information to be released knowingly or not. Many people are not aware of the most basic features of personal accounts, including the privacy options of social media accounts. This type of awareness training is needed, especially for an organizational systems workers are regularly expected to interact with.
Lastly, the best option for OPSEC is a modern age is to separate it when possible. Organizational information should not be intermixed with any personal systems or information. If remote access is needed, a separate secure device should be provided. Organizations should prohibit, when legally allowable, the sharing of work status with the organization (e.g. listing of employers and job responsibilities) on social media. If extreme information sensitive environments, personal devices including paper notebooks, flash drives, cell phones, fitness trackers, or any computer, should be banned completely, or at least be subject to extensive search and seizure. ”