OPSEC - HackMD

# OPSEC ## Introduction to OPSEC * Operation Security(OPSEC), is a security and risk management process that prevents sesitive information from getting into the wrong hands. * As a red team member, your potential adversaries are the blue team and third parties. * The blue team is considered an adversary as we are attacking the systems they are hired to monitor and defend. * OPSEC is a process to identify,control and protect an information. * The OPSEC process has five steps: 1. Indentify critical information 2. Analyse threats 3. Analyse vulnerabilities 4. Assess risks 5. Apply appropriate countermeasures ![](https://i.imgur.com/yUmXgl6.png) ### Critical information Identification * Critical information includes any information that,once obtained by the blue team, would hinder or degrade the red team's mision. * To identify critical information, the red team needs to use an adversarial approach and ask themselves what information an adversary, the blue team, in this case, would want to know about the mission. If obtained, the adversary will be in a solid position to thwart the red team’s attacks. ### Threat Analysis * Threat analysis refers to identifying potential adversaries and their intentions and capabilities. * Adapted from the US Department of Defense (DoD) Operations Security (OPSEC) Program Manual, threat analysis aims to answer the following questions: > Who is the adversary? What are the adversary’s goals? What tactics, techniques, and procedures does the adversary use? What critical information has the adversary obtained, if any? * The task of the redteam is to emulate an actual attack o that the blue team discovers its shortcomings. > threat = adversary + intent + capability ### Vulnerability Analysis * After identifying critical information and analysing yhreats, we can start with analysing vulnerabilities. * An OPSEC vulnerability, not to be confused with vulnerabilities related to cybersecurity, is when an adversary can obtain critical information,analyse the findings, and act in a way that would affect your plans. ### Risk Assesment * NIST defines a risk assessment as : > The process of identifying risks to organizational operations,assets & individuals. * In OPSEC, risk asessment requires learning the possibility of an event taking place along with expected cost od event. Consequently,this involves assessing the adversary's ability to exploit the vulnerabilities. * Once the level of risk is determined, countermeasures can be considered to mitigate that risk. We need to consider the following three factors: 1. The efficiency of the countermeasure in reducing the risk 2. The cost of the countermeasure compared to the impact of vulnerability being exploited 3. The possibility that the countermeasure can reveal information to the adversary.