Introduction to OPSEC?
Operation Security (OPSEC) is a process in which it is made sure that no information of an organization is revealed i.e., OPSEC is used to remove all the loopholes that could be used by someone to steal confidential information related to an office, firm, or organization. It can use both the analytical and strategical approach to remove risk of someone stealing your useful information.
In 1966, during the Vietnam war United States Admiral Ulysses established a security team to investigate failure of certain operations. This team was handled by NATIONAL SECURITY AGENCY and DEPARTMENT OF DEFENSE and this operation was named as purple dragon and this purple dragon was further code named as operational security. In 1988 president RONALD REAGON renamed this name was again modified and was renamed as OPSEC.
Later this concept moved from military to other parts of U.S government and the department of defense and to nanny companies to protect secrets and customer data.
OPSEC Five Step Process :
OPSEC works in five steps in order to find the risks and find out which information requires protection and various measures needed to protect them:
- What information needs to be protected –
This includes the sensitive information that needs to be protected
- Who are my enemy –
Second step includes finding the enemy. This enemy can be hackers or other organizations or firms that need to steal your information.
- System Vulnerability –
In this step, the focus is made in finding the drawbacks we might have.
- Threat Level –
Here the threat level on the system is found whether it is low medium or high.
- Elimination of threat –
The last step includes the various methods that can be employed to remove these threats.
Golden Rule of OPSEC :
Now let us look at some of the golden rules that can help you remain anonymous and help secure your data online.
- Trust no one
- Never share your identities like emails, IP addresses, cookies, etc with anyone
- Do not visit to risky areas like the dark web, etc.
- Do not send data without encryption.
- Avoid revealing personal information or stories about yourself.
- Be professional.