Anybody has heard the phrase "loose lips sink ships." That's the very essence of military operational security. Usually shortened into "OPSEC," information technology is a key–if not the most important–role of armed services operations.

OPSEC refers to all the different ways the military maintains secrecy and security in its operations–fifty-fifty the smallest leak can cost lives, destroy campaigns, and lead to an enemy victory.

The concern world isn't nearly as life and expiry merely that doesn't mean the aforementioned rules don't apply. The military has five basic steps to proper OPSEC, and they're only as useful in the civilian globe, specially with the proliferation of tech that makes leaks and security breaches more mutual.

i. Identify critical information

In the military this means troop movements, organizational structures, and anything else an enemy can apply to destroy plans and disrupt operations. In the noncombatant world it includes those elements, but with the addition of a whole agglomeration of others.

SEE: Security Sensation and Training Policy (Tech Pro Enquiry)

Customer data, passwords, network data, data for analysis–all of those things and more are critical. Determining what is truly essential for your system means having a complete understanding of how you operate.

Inquire yourself this question: Would this bit of data be a risk to the success of my business or the security of my customers? If the answer is yes it's critical and needs to be protected.

2. Clarify potential threats

Protecting a military operation doesn't simply mean knowing all about your capabilities–it means knowing your enemies equally well. While y'all're busy planning OPSEC you too demand to exist gathering intelligence in the hopes of breaching your opponent'southward OPSEC strategies.

Hopefully your business organization isn't engaging in industrial espionage, but that doesn't mean you can beget to ignore threats. Go along upwardly to date on the latest infosec threats, hacks and exploits, and the trends in cyber–and physical–security.

Know your enemy, and thereby know yourself.

3. Know your own weaknesses

OPSEC professionals don't just focus on what the enemy is capable of: they also learn to think like the enemy in social club to identify weaknesses in a unit's security. Businesses demand to call back in the same way: how would someone exploit our network, our employees, or our operations to get inside and do damage?

It leaders should be certain they know the ins and out of the network to determine where potential flaws are, 60 minutes should be aware of potential social technology attacks, and every single machine should be audited regularly to exist sure it'south clean of spyware and malware.

iv. Assess risks

Once military leaders know threats and weaknesses they compare them to figure out how great a take a chance they are. Threats range from low to high and are based on how likely and how devastating they would be.

SEE: The hacking toolkit: 13 essential network security utilities (TechRepublic)

Once you lot know what kind of security threats you have and where your most vulnerable areas are y'all tin can make up one's mind what needs to exist done. Whether it's instituting improve BYOD guidelines or buying a new firewall the costs of skilful security are always far less than the costs of a major breach.

5. Employ countermeasures

There'due south no need to have workers on 24-hour security rotations in the civilian earth, and no ane needs to get to the arms room to get-go prepping for a (very) hostile takeover. What you lot do demand to do is take action when you identify a weakness.

OPSEC planning is completely useless without OPSEC awarding. The best leaders in the history of the military were definitely on top of their OPSEC, and you need to exist as well. The threats are different for everyone but they're no less real.

The 3 large takeaways for TechRepublic readers

  1. OPSEC requires complete understanding of your company from the within out. If yous're truly going to be every bit secure as a well-oiled armed forces unit of measurement you need to think about–and think similar–the enemy.
  2. Remember well-nigh the threats you lot might confront and compare those to your vulnerabilities. The military uses that comparison to figure out where they need to focus on OPSEC–it is no different in the civilian globe.
  3. Planning is naught without execution. Brand sure you're putting OPSEC lessons into play, and also be sure that anybody in your company is on board. The lowest ranking Private in the Army takes OPSEC classes, and so should the lowest level employee at your company.

Too see

  • Infographic and interview: The explosion of cybercrime and how to protect your business (TechRepublic)
  • Thousands of security threats happen every five minutes: Trend Micro VP (ZDNet)
  • Cloud Security Alliance releases height 100 big data best practices study (TechRepublic)
  • Breaches showing patterns of both desirable, questionable characteristics (ZDNet)
  • Study exposes common cracks in cybersecurity (CBS News)