1. Operations security involves keeping up with implemented solutions, keeping track of changes, properly maintain systems, continually enforcing necessary standards, and following through with security practices and tasks. In light of these operations security, provide examples of operations security an organization must practice. You may use fictitious examples to support your arguments if needed.
2. Operations security includes many procedural activities each day. Provide examples to secure facilities that house systems that process sensitive information.
3. Explain why the following operations security practices are important.
· Data should be classified, and the necessary technical controls should be put into place to protect its integrity, confidentiality, and availability.
· Hacker tools are becoming increasingly more sophisticated while requiring increasingly less knowledge by the attacker about how they work.
· Clipping levels should be implemented to establish a baseline of user activity and acceptable errors.
· Sensitive information should contain the correct markings and labels to indicate the corresponding sensitivity level.
· Proper fault-tolerant mechanisms should be put in place to counter equipment failure.
· A teardrop attack involves sending malformed fragmented packets to a vulnerable system.
· Improper mail relay configurations allow for mail servers to be used to forward spam messages.
· Phishing involves an attacker sending false messages to a victim in the hopes that the victim will provide personal information that can be used to steal their identity.