OPSEC (Operations Security) - five-step process to deny adversaries from gaining access to any critical information -Five steps
- Identify critical info
- Analyze threats
- Analyze Vulns
- Assess risks
- Apply apporopriate countermeasures
Critical information identification -From Red team perspective, what information does blue team need to thrwart the plans of the red team -Includes: intentions, capabilities, activities and limitations -OS, cloud hosting orovider or C2 framework
Threat Analysis -Identify potential adversaries, Goals, Tectics/Techniques and Procedures, Critical Information threat = adversary + intent + capability
Vulnerability Analysis
-OPSEC vulnerability: when an adversary can obtain critical information, analyze the findings and act in a way that would affect the teams plan
Risk Assesement
-The process of identifying risk to
- organizational operations - including mission, functions, image and reputation
- organizational assets
- individuals, other organizations and the Nation
Critical Information: Programs, OS, VM Threat Analysis: Activity such as OS version and VM host that blue team is looking for Vulnerability Analysis: what makes activity stand out to blue team Risk Assesement: services connected to Counter Measures: make necessary changes to camouflage activity