Operations Security (OpSec) is the process by which we protect unclassified information that can be used against us. It is an analytical process that classifies information assets and determines the controls required to protect these assets. In other words, OpSec challenges us to look at ourselves through the eyes of an adversary. For example:
Vulnerability Assessment and Penetration Testing
- Vulnerability assessment can be used to discover which vulnerabilities are present in a system and where they are located.
- Penetration tests can then be used to exploit the vulnerabilities in a system to determine whether unauthorized access or other malicious activity is possible and identify which flaws pose a threat to the application.
This process gives detailed picture, in advance, of the flaws that exist in a system and the risks associated with those flaws, which can then be used to protect information by applying countermeasures thereby, denying the adversary the ability to act.\
========================================================================
Physical Security
The need to secure physical locations, hardware, and software from threats— arose during World War II when the first mainframes, developed to aid computations for communication code breaking, were put to use. Multiple levels of security were implemented to protect these mainframes and maintain the integrity of their data.
Physical and environmental Threat
- Emergencies
- Service interruptions
- Natural disasters
- Sabotage
Also
- Brownouts
- Fire detection and Suppression
- HVAC
How to protect against these? The answer is Physical Security such as:
- Locks
- Alarm
- CCTVs
- Security Guards
Physical security encompasses
- the design,
- implementation,
- and maintenance of
countermeasures. The countermeasures that help protect the physical resources that control information of an organization while in transmission, processing and storage. Physical Resources includes
- people,
- hardware,
- supporting system elements
Most technology-based controls can be circumvented if an attacker gains physical access to the devices being controlled. For example:
If it is easy to steal mobile phones, tablets, laptops, hard-drive from an organization then the information on those devices is not secure. Therefore, physical security is just as important as logical security to an information security.
===========================================================================The Era of Mobility
In an era of mobility, physical security is of indispensable. Most mobile computing systems such as PDAs (portable digital handhelds), laptops etc. have valuable information stored within them. For example:
- Some devices may be configured to facilitate user access into the organization’s secure computing facilities through VPN.
- While many users keep passwords, locations of files and quick clues about the storage of information in their portable devices.
- Also, many users likes underlying operating systems to remember their usernames and passwords for it provides easier access.
What is the associated problems?
The information and the access control mechanism is lost if the device is lost or stolen.
Solution:
- For maximum security, mobile devices should be secured at all times. If you are traveling, you should have it in your possession at all times.
- For additional security, install new technology to help locate lost or stolen mobile devices.
- During off-hours, lock the mobile devices. Be aware that if device is stolen, automatic logins can make it easy for a thief to send inappropriate messages with your account.
I was tasked with answering a similar or identical question and felt it was such a big question that I did not know where to start. This post has been very helpful.
ReplyDeleteThank you for your feedback.
DeleteHello everyone..
DeleteI'm selling fresh leads. Details in leads are:
Full name
SSN
DOB
Phone Numbers
Address
City
State
Zip
Residential Status
Account Number
DL number
Emails
All leads are genuine, fresh & generated by spaming, I Will provide you samples for checking if u want.
Dealing in almost all types of leads.
SSN Leads
Dead Fullz
Premium Leads
Mortgage Leads
Bank Account Leads
Employee Leads
Business Leads
Home Owners Leads
DL Leads
Emails Leads
Phone Numbers Leads
Each lead will b cost $1.
Also cvv Fullz available track 1 & track 2 with pin.
Interested person contact, scammers stay away, sampling is free of cost.
email > leads.sellers1212@gmail.com
Whatsapp > +923172721122
Telegram > @leadsupplier
ICQ > 752822040
Thanks, great post. I really like your point of view.. please visit once at http://www.qosnetworking.com/
ReplyDeleteThis site is really great. I will definitely recommend my readers to visit this if you are interested in Networking and it Security.
DeleteReally very interesting and very valuable information about the records management system nice work.
ReplyDeleterecords management system
Interesting blog all information are very important for me about the cloud storage and i really need it thank you.
ReplyDeletecloud storage
Interesting blog and very amazing detail about the PMP Bootcamp well done keep it up.
ReplyDeletePMP Bootcamp
Most valuable and fantastic blog I really appreciate your work which you have done about the Nigeria security,many thanks and keep it up.
ReplyDeleteNigeria security
It's very helpful & informative article. Day World
ReplyDeleteNice blog and your all presenting information are very great and it's really good well done.
ReplyDeleteCash your skills
Very helpful & informative Blog & posting. Thanks for sharing.
ReplyDeleteandroidtblets|Technology|kiosksManufacturer|Securitycheck|Securitysystem
Brother Printers Support
ReplyDeleteMalwarebytes Phone Number
Canon Printer Phone Number
HP Printer Customer Care Number
Excellent blog and very intresting content which i always to search in many article but your article is really fantastic.
ReplyDeleteG l o w i t s e l f
Thank you i did really need this topic you share a very nice information.
ReplyDeleteComputer & Technology Services
Thankyou for sharingcustomized purchase software management
ReplyDeleteIn order to get the Office 365 installed on your PC, you need to sign-in to your Office account, click the Install button, click Install button again to download the web-setup, and then run the web-setup of Office 365 on your PC to download Office 365 installation files and get it installed. Why download the Office 365 offline installer?
ReplyDeleteoffice.com/setup
It was a great article,Thanks for sharing this.... you can go throughPhysical Security
ReplyDeleteHello everyone..
ReplyDeleteI'm selling fresh leads. Details in leads are:
Full name
SSN
DOB
Phone Numbers
Address
City
State
Zip
Residential Status
Account Number
DL number
Emails
All leads are genuine, fresh & generated by spaming, I Will provide you samples for checking if u want.
Dealing in almost all types of leads.
SSN Leads
Dead Fullz
Premium Leads
Mortgage Leads
Bank Account Leads
Employee Leads
Business Leads
Home Owners Leads
DL Leads
Emails Leads
Phone Numbers Leads
Each lead will b cost $1.
Also cvv Fullz available track 1 & track 2 with pin.
Interested person contact, scammers stay away, sampling is free of cost.
email > leads.sellers1212@gmail.com
Whatsapp > +923172721122
Telegram > @leadsupplier
ICQ > 752822040
Thankyou for sharing this important information with us
ReplyDeleteThank you for writing such a fascinating blog with basic and important information
ReplyDeleteI have read all the comments and suggestions posted by the visitors for this article are very fine,We will wait for your next article so only.Thanks! Edmonton Security Companies
ReplyDeleteThanks for sharing informative information with us. If want to know about commercial security systems houston so you can visit their.
ReplyDeleteThe content was nice and thanks for the useful content. Waiting for such kind of posts. SIRA-approved CCTV company in Dubai
ReplyDelete