procedural security is what we call operational security (OPSEC), it is kind of risk management process that encourages admin to monitor operations from the perspective of an adversary, and draw conclusions to protect sensitive information from falling into the wrong hands.
OPSEC is becoming popular in the private sector though it was used by the military initially. Things that fall under the OPSEC include monitoring behaviors on social media sites as well as discouraging employees from sharing login credentials via email or text message.
The Process to implement Operational Security can be neatly categorized into five steps:
1. Identify your sensitive data,
The data includes customer information, employee information, product research, financial statements, and intellectual property. This will be the data you will need to on protecting.
2. For each category of information that you deem sensitive identify the kind of possible threats. While you should be cautious of third parties stealing your sensitive information, you should also keep an eye on the insider threats, such as disgruntled employees and other similar actors.
3. Analyze vulnerabilities and security holes and. Assess your safeguards and determine if any vulnerability exists that may be exploited to gain access to your data.
4. Make a chart of the findings
Flag the risk, associated with each vulnerability. Rank your vulnerabilities in the order to the extent of damage it can do, and the amount of time you would need to recover. The more likely and damaging an attack is, the more you prioritize mitigating the associated risk.
5. Countermeasures in place
The last step of operational security is to create a plan to eliminate threats and mitigate risks. This means updating your hardware/software, putting in place new policies with regards to sensitive data. Countermeasures should be simple, so the employees should be able to practice it without any formal training.
Best Practices for comprehensive operational security program:
- Change management processes should be Implement in such a way that employees understand when network changes are performed. All changes should be monitored and audited.
- Use the AAA authentication device to restrict access to network devices.
- Give minimum access to your employees to perform their jobs, let there be the least privilege in place.
- Make sure you Implement dual control so that the person working on the network is not the in-charge of the security.
- Automate the tasks to minimize human intervention. This will help in reduced errors and bypass procedures
Have a plan to identify risks because Incident response and disaster recovery planning are crucial components of a sound security posture. This helps you to respond fast and mitigate potential damages.
Operational security forces enable you to dive deeply into operations and figure out places where a breach can take place. The admin can have a good look at the operations from a malicious third-party’s perspective to spot vulnerabilities they may have otherwise missed.
