Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

CHAPTER 6 Operations Security > Exercises - Pg. 94

94 The Basics of Information Security what risks we might face. The actual risks that are present are a combination of matching threats and vulnerabilities. When we know what risks we face, we can then plan out the countermeasures we might put in place in order to mitigate our risks. As somewhat of a summarization of the operations security process, we can also look to the Laws of OPSEC, as penned by Kurt Haas. "If you don't know the threat, how do you know what to protect?" "If you don't know what to protect, how do you know you are protecting it?" "If you are not protecting it (the information), ... THE DRAGON WINS!" [5]. These three laws cover some of the high points of the process and point out some of the more important aspects we might want to internalize. In addition to the use of the operations security principles in business and in government, we also make use of such security concepts in our personal lives, even though we may not do so in a formal manner. We often take the steps of identifying our critical information and planning out measures to protect it in the normal course of our lives. Particularly with the sheer volume of our personal information that moves through a variety of systems and networks, it becomes increasingly important for us to take steps to protect it. EXERCISES 1 2 3 4 5 6 7 8 9 10 Why is it important to identify our critical information? What is the first law of OPSEC? What is the function of the IOSS? What part did George Washington play in the origination of operations security? In the operations security process, what is the difference between assessing threats and assessing vulnerabilities? Why might we want to use information classification? When we have cycled through the entire operations security process, are we finished? From where did the first formal OPSEC methodology arise? What is the origin of operations security? Define competitive counterintelligence. Bibliography [1] S. Tzu, S.B. Griffith, B.H. Liddell Hart, The Art of War, Oxford University Press, 1971. ISBN-13: 9780195014761. [2] The Operations Security Professional's Association, The Origin of OPSEC, The Operations Security Professional's Association., 2011 (accessed: February 21, 2011). [3] U.S. Central Intelligence Agency, George Washington, 1789­97, U.S. Central Intelligence Agency, monographs/our-first-line-of-defense-presidential-reflections-on-us-intelligence/washington. html, July 7, 2008 (accessed: January 18, 2011).