2021/06/08 OPSEC And Personal Security

OPSEC And Personal Security


In the previous guide I mapped out Risk Management and techniques used my The Attackers Kill Chain. This is the outline from a Red Team, this can also be a model used as a Blue Team. But it is much more difficult the manage. This introduces us to Operation Security. The phrase "Loose lips sink ships” holds credence here. Or to put simply, do not talk about what you know. Knowing is power and what you know and what your attacker does not will make or break an operation.

What is OPSEC? Operations security (OPSEC) is a process that identifies critical information to determine if Blue Team actions can be observed by Red Team intelligence, determines if information obtained by the Red Team could be useful to them, and then executes selected measures that eliminate or reduce Red Team exploitation of Blue Team critical information. OPSEC is also about protecting meta-data that, when grouped, could be used to form a bigger picture of things.

This is why many now state that if you are not using the same protection and guidelines as the Red Team to protect yourself and your information, then you are doing it wrong. And why we mapped out the Attack Chain.

An Outline To OPSEC

Personal Security

And that brings us to Personal Security. If something you have is a target, that means you are also a target. Keep in mind the most common failure in any good plan, is the person or persons that made it. You can be used to leverage information, whether by black mail or by force. You are an asset. And you must be able to defend yourself as if your life depended on it, because one day it may.