OPSEC applicability in a business environment

Business environments are not as structured as they are in the military. It is also a lot easier for a commander to dictate what is going to happen and drive it to execution. The OPSEC process should be looked at as a strategic planning initiative to a cyber intelligence program in that it covers very broad topics. It can help reign in the information that is critical to senior leadership's handling of all levels of operation in the organization and within each architecture in the enterprise starting at level 1.

The following is an overview of how the Cyber Intelligence Group can integrate the different operational levels of an organization as well as integrating the different enterprise architectures as defined by TOGAF:

Here are some considerations in building a cyber intel capability with OPSEC in mind: 

  • Buy-in from stakeholders:
    • Cyber intelligence is an ability not only about security, but also about IT operations
    • Authority and responsibility is clear in the military but not as clear in business
    • Dotted line management and matrix managed organizations make buy-in difficult as direct reports may not be being evaluated
  • It is much more difficult to establish this capability in a more mature IT organization because of the following:
    • Processes and procedures have been formalized and approved
    • Teams have worked in siloed environments for numerous years
    • Large organizations may have federated IT divisions based on geographical location
  • Cyber intelligence can be integrated with an established or developing basic information security program:
    • Intel capability needs to be built on top of a framework of information security processes that support the organization
  • Allow for collaboration:
    • Cross-communication and support for team resources to analyze the data and create intelligence products
    • Integrate with communication mechanisms to deliver intel to the right people at the right time
  • Delegate authority to allow for subordinate leaders to take the initiative based on a commander's intent:
    • Intelligence developed without the intent of taking action is a waste of resources
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.221.98.71