Maintaining our Essential Secrecy During COVID-19
By: Ali Gomulu
Operations security (OPSEC) is an approach and discipline built around identifying critical information to determine if there are ways for adversaries to access intelligence. It determines if the information obtained by those adversaries could be useful to them and how then executes selected measures that address the risks.
OPSEC has been a key part of government agencies cybersecurity posture for decades, but most recently has accelerated at a fevered pitch given the new vulnerabilities exposed by the global pandemic and massive changes to where and how people work, including those who have “clearance” in the U.S. and require access to extremely sensitive information.
During this time of mandated social distancing and unexpected and sudden growth of teleworkers, the most senior military, government, and mission-critical enterprise leaders are investing in strengthening OPSEC programs, as new threats, indicators, and challenges grow.
Leaders, including government commanders, must continually ensure their current OPSEC policies are relevant and are enough, and today are working with experts to develop and implement new measures to prevent what could be major and irreversible damage.
Here are five ways leaders can reduce risk and ensure compliance, so their missions can continue without disruption or disaster:
- Provide specific OPSEC guidance: the global pandemic is not “business as usual,” and rules, policies, and procedures must and will change, based on new intelligence on threat levels and vectors
- Conduct training: training can no longer be a “once a year” effort, but rather an ongoing process where team members are constantly being made aware of shifting conditions and priorities
- Ensure encryption: at the highest level, this is the process that scrambles readable text so it can only be read by the person who has the secret code or decryption key; it helps provide data security for sensitive information and must be applied to every digital system and updated to ensure continual protection
- Follow best practices: a mature OPSEC process includes the following five steps: (1) identify critical information, (2) identify the threat, (3) assess vulnerabilities, (4) analyze the risk, (5) develop and apply countermeasures; leaders can use this as a framework to build and continually improve programs
- Maintain and update their organization’s Critical Information list and end-user policies leveraging advanced PAM: Due to the inherent trust and privilege that exists in many control domains, access control needs to be applied to more than just users in the operational environment – it must address every device and the information associated with every device.
Advanced PAM, which works in multi-cloud environments and was designed to work with mobile as well as fixed assets, is ideal for OPSEC’s evolution, especially during these trying times.
To account for the interconnected nature of control systems, as well as the inherent capabilities that many control devices have, all components need to be considered in developing an access control function of a cyber OPSEC plan.
PAM basics include:
- Managing user access and user responsibility
- Managing business requirements for access control
- Monitoring operating system access control
- Directing device access control
- Controlling mobile computing (include remote location awareness, activities, and behaviors
There is no choice but to automate this, which is where Ironsphere excels.
OPSEC actions play an important role in defending networks and protecting critical information and systems, cloud, premise, hybrid, and multi-cloud.
More and more leaders are getting involved and making an active effort to ensure their organization‘s computer devices are properly configured to send encrypted emails and are ensuring personnel are trained and being automatically monitored and supported, including passwords being changed and multi-factor authentication requirements are in place.
To learn more about how Ironsphere’s proven, cost-efficient and flexible PAM solutions can enhance your OPSEC posture, please contact us at email@example.com
The Art and Science of Calculating ROI for Security Software: Is It Really A Risk Management Calculation?
Can enterprises and organizations really measure the Return on Investment in digital security solutions? It is not easy, but it is possible when the challenges being solved are looked at through different lenses.read more
Today we introduced our new Risk Management Calculator as part of an overall approach to estimating and delivering significant return-on-investment in protecting enterprise and organizational assets with Privileged Access Management (PAM) technology.read more
Wars are rarely won because of individual heroics, but by teams of people working efficiently together. Today, we find ourselves at war with the coronavirus – a global pandemic of epic proportions. Cybersecurity is essential in military operations, and the U.S. Government and other governments around the world are shining a brighter spotlight on the need to protect vital systems and sensitive information, including intellectual property regarding the development of treatments and future vaccines.read more