Friday, June 05, 2009

Operational Security for the Web

The term operational security usually refers to physical security -- things like keeping your basic movements a secret, protecting your identity and other ways to keep one's "cover." In this brief article by Ira Winkler on the Internet Evolution newsletter, Winkler gives an example of an undercover security guard at a store who practiced poor operational security and, as a result, was easy to spot.

What's interesting in this little piece is that Winkler then explains how many companies practice similar poor operational security on the web, by disclosing too much information -- information that could be used by clever social engineers to gain malicious access.

He talks about how companies often fail to classify their data, so they even know what they need to protect. Winkler, a former NSA employee, who knows a thing or two about operational security, is also the author of a fascinating book, Spies Among Us, about insider threats and corporate espionage.


Post a Comment

<< Home