OPSEC Process Five Steps Verified 2024
Accept the erisk - ANSWER-Acknowledge that the problem exists
Analysis of threats (Step 2) - ANSWER-Deals with identification the adversaries, their
intent, and their capability to use the information against an organization. Once we
identify the threats, we can study their Techniques, Tactics, and Procedures (TTPs) and
start prioritizing how we can monitor for those specific activities.
Analysis of vulnerabilities (Step 3) - ANSWER-- A vulnerability is the state of being
unprotected from the likelihood of being attacked, physically or emotionally.
- By understanding the adversary their intent, and their capability, an organization can
focus on identifying the potential vulnerabilities that exist in the enterprise.
Application of appropriate countermeasures (Step 5) - ANSWER-After the risk
assessment, organizations should be able yo prioritize resources to do
- Avoid the risk
- Control/mitigate the risk
- Accept the risk
- Transfer thee risk
Assessment of risks - ANSWER-- Once vulnerabilities are identified the vulnerabilities
must go through the organizations process. This process evaluates each vulnerability
and assigns it based on the sum of the probability of exploitation and impact to
organization.
Avoid the risk - ANSWER-Change planning to work around the problem.
Business critical applications - ANSWER-- Manufacturing applications
- Enterprise resource management platforms
Business information - ANSWER-Mergers and acquistion
Catastrophic Loss - ANSWER-We need to start from the beginning because there will
be nothing left.
Certain - ANSWER-100% chance it will happen
Control/mitigate the risk - ANSWER-Isolate the problem and reduce the impact to the
organizations:
- Network segmentation
- Access control lists
- Credential management
Accept the erisk - ANSWER-Acknowledge that the problem exists
Analysis of threats (Step 2) - ANSWER-Deals with identification the adversaries, their
intent, and their capability to use the information against an organization. Once we
identify the threats, we can study their Techniques, Tactics, and Procedures (TTPs) and
start prioritizing how we can monitor for those specific activities.
Analysis of vulnerabilities (Step 3) - ANSWER-- A vulnerability is the state of being
unprotected from the likelihood of being attacked, physically or emotionally.
- By understanding the adversary their intent, and their capability, an organization can
focus on identifying the potential vulnerabilities that exist in the enterprise.
Application of appropriate countermeasures (Step 5) - ANSWER-After the risk
assessment, organizations should be able yo prioritize resources to do
- Avoid the risk
- Control/mitigate the risk
- Accept the risk
- Transfer thee risk
Assessment of risks - ANSWER-- Once vulnerabilities are identified the vulnerabilities
must go through the organizations process. This process evaluates each vulnerability
and assigns it based on the sum of the probability of exploitation and impact to
organization.
Avoid the risk - ANSWER-Change planning to work around the problem.
Business critical applications - ANSWER-- Manufacturing applications
- Enterprise resource management platforms
Business information - ANSWER-Mergers and acquistion
Catastrophic Loss - ANSWER-We need to start from the beginning because there will
be nothing left.
Certain - ANSWER-100% chance it will happen
Control/mitigate the risk - ANSWER-Isolate the problem and reduce the impact to the
organizations:
- Network segmentation
- Access control lists
- Credential management
