What does this operational security means in network security? Can you explain that with examples?


Joined Jan 27, 2019
Operational Security (OPSEC) refers to those activities, policies, and practices that keep communications secure when it is in use. There is a rule that "every service is a vulnerability", meaning that you compromise security by providing (operational) services to legitimate users. Operational Security results from an optimization of the competing engineering requirements of providing access to those who should have it and making it as difficult as possible for those who shouldn't to gain access.

In information systems, this means good AAA (Authentication, Authorization, Auditing) practices, good network layer security (IPSEC, firewall rules, etc.), and most important and neglected, good UX design and training.
Last edited: