Employees and Operational Security

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Employees and Operational Security:


The operations security deals with the daily activities that are required to preserve the confidentiality, integrity and availability (CIA) of the system after it has been developed and executed. This involves using hardware controls, media controls, and subject controls that are designed to be safeguards against asset threats, as well as daily activities such as the handling of attacks and violations, appropriate administrative management and control, and establishing a threshold to determine notable violations.

Given the importance of operational security, it’s important to screen and verify new employees in terms of background experience, level of education and skill set. An employee can impact operational security. Some organizations perform background checks as part of the vetting process. When going through the hiring process, a probationary period can be instated where the individual is informed whether they have to obtain special qualifications or security clearances for the job, as well as signing a non-compete, nondisclosure, and possibly a non-solicitation agreement.

Once the candidate has been hired, there are additional operational security controls that can be implemented such as an orientation, separation of duties, job rotation, least privilege, mandatory vacations, audit controls, and effective termination practices.

New-Hire Orientation: A new-hire orientation training program can be instated to make certain new employees are aware of and become familiar with the organization’s policies to perform. The objective should be to educate new employees on the established security policies and processes of the organization, and acceptable use of those policies.

Going forward, security awareness can be perpetuated by sending the occasional security-awareness email or newsletter that reinforces the practices of good security. Policy reviews can also be conducted so employees can go over current policies and obtain a signed copy they’ve agreed to.

Separation of Duties: The separation of duties is the process of dividing a given task into smaller components so that more than one person has a role in completing the task. This correlates to the principle of least privilege and denies authorized subjects from making unauthorized modifications to objects, further protecting the integrity of the object.

Job Rotation: This allows an organization to detect fraudulent behavior more readily. It also provides job redundancy and backup.

Least Privilege: 

View Topics

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel