Operational security was developed to promote operational effectiveness and deny adversaries information that can be observed publicly. This includes the following for an organization:
- Capabilities: What you can or have the ability to do
- Limitations: What you can't or are unable to execute
- Intent: What your plans are and when you will do them
For our purpose, we can use the OPSEC process to better understand how to develop a cyber intel capability to improve the defense and roadmap for a more secure network.
The OPSEC process has five steps:
- Identification of critical information
- Analysis of threats
- Analysis of vulnerabilities
- Assessment of risks
- Application of appropriate countermeasures