Unit 5 | HTCS 601 Notes | Security Assessment and Risk Analysis Notes | Aktu Notes

Unit 5 | HTCS 601 Notes | Security Assessment and Risk Analysis Notes | Aktu Notes



    Operations Security (OPSEC)

    What is OPSEC?

    OPSEC (Operations Security) is the process of identifying and protecting sensitive information from being leaked or misused, especially by attackers or competitors. It helps an organization figure out what information must be kept secret and how to protect it.

    OPSEC Surveys

    - Purpose: To check if there are any leaks or weak points in how sensitive information is handled.

    - It is like a security check-up where:

    • All types of operations are reviewed.

    • Data or processes that might reveal important information are identified.

    • Example: If staff are discussing confidential data in public places or leaving printed reports on desks.


    OPSEC Planning

    - Once the risks are identified during the survey, a plan is made to reduce or remove those risks.

    - The OPSEC Plan includes:

    1. Identifying what information must be protected.

    2. Figuring out how enemies (like hackers or competitors) could get that info.

    3. Applying proper safeguards like:

    • Password protection
    • Secure communication
    • Staff training

      Example: If a company is launching a new product, the OPSEC plan would ensure no one leaks the design or price before launch.


    INFOSEC (Information Security)

    What is INFOSEC?

    INFOSEC means protecting all forms of information (digital or paper-based) from unauthorized access, change, or destruction. A major part of INFOSEC is Computer Security.


    Computer Security

    This includes:

    - Protecting computers, software, and data.

    - Ensuring confidentiality (no unauthorized access), integrity (data is not changed), and availability (data is available when needed).


    Audit

    - Security auditing is the process of:

    • Checking system logs.
    • Reviewing how data is accessed and used.
    • Making sure security rules are followed.

    - Helps detect misuse, policy violations, or possible attacks.

    - Example: An audit might show that an employee tried to access confidential data without permission.


    Cryptography - Encryption

    Encryption is a method of converting data into a secret code so that unauthorized users can’t understand it.

    There are different types of encryption used in INFOSEC:

    i. Point-to-Point Encryption

    • Data is encrypted at one end (sender) and decrypted only at the other end (receiver).
    • Keeps the data private during transmission.
    • Example: Messages sent on secure messaging apps like WhatsApp.


    ii. Network Encryption

    • Encrypts all data going over a network.
    • Often used in Virtual Private Networks (VPNs) to create secure communication over the internet.
    • Example: When you access a company’s internal network from home using a VPN.


    iii. Link Encryption

    • Every communication link between devices (like routers, switches) is encrypted.
    • Data is decrypted and re-encrypted at every link in the network path.
    • Provides full path security, but more complex.
    • Common in military or government networks where high security is needed.


    No comments:

    Post a Comment