Why OPSEC Is For Everyone, Not Just For People With Something To Hide – Part III

Why OPSEC Is For Everyone, Not Just For People With Something To Hide – Part III
In this final part of the series, I discuss why everyone should consider reviewing their OPSEC (Operations Security), not just those with something to hide.If you haven’t read the previous articles then please check them out first (Part I & Part II), as they provide key background information about the techniques discussed in this post.The processes described are designed for both technical and non-technical people, especially those who are concerned about their digital footprint and how it might be abused.As this is the last article in the series I asked the wider infosec community for their views on OPSEC, and their quotes are highlighted throughout this article.In the last article, we covered how to “Discover” information about yourself, in this one we will detail how to “Analyse” your information to uncover any potential risks and then provide actions for “Denying” and disrupting “the attacker”.The ultimate objective of OPSEC is to prevent sensitive (referred to in this article as confidential), information from falling into the hands of an adversary, primarily by denying them from uncovering and gaining unauthorised access to your data. But there are other use cases, such as:Preventing an adversary from identifying you, or attributing your actionsPreventing an adversary knowing your movements or locationPreventing an adversary from uncovering information about a “secret” project/operationPreventing an adversary learning about the systems and controls we have in place, especially how robust (or not), they are.So once you have discovered (identified), your information the next step of the process is to Analyse this for any risks.Analyse“From one thing, know ten thousand things” – Miyamoto Musashi 1584-1645So you’ve d ..

Support the originator by clicking the read the rest link below.