To begin with, it should be stated that information security, as well as operation security, entails the principles of keeping information and information flow (which is even more important) safe. These strategies entail the principles of information confidentiality, integrity and availability of information also entailing access control and undermining of the opportunity of failure.
Originally, the security of information while operating any data is closely linked with the issues of confidentiality. According to Bielski (2005): “confidentiality is generally regarded the principle, claiming that data and data processing systems are only available to those who are enabled to process and control the data and information. The information should not be disclosed or otherwise put at the disposal of others.” Another principle is the integrity of the information and data processing process. This means that the system should be reliable and accurate, thus, preventing the loss or leakage of the information on the technical and administrative level, using secure systems. The most contradicting principle for the information security principles is the availability of information and data.
Originally, there are 10 domains of operation security that existed. These domains are the components of the operation security strategy:
- Security management practices. Management and proper performance of the security practices is one of the most essential factors of the operation security. Any system is useless without proper management.
- Security architecture and models. For there was something to manage, there should be a clear structure of the operation security system
- Business continuity planning. For the system could work properly, it should be carefully planned. Thus, planning is the basis of any business activity, and any strategy, associated with it.
- Law, investigations, and ethics. For the operation security system and strategy could work, there is a strong necessity for taking into account all the factors, which may impact the activity of the system. These factors are the legislative issues, the ways of investigating failures and ethics
- Physical security. For providing the security of data and information, it is necessary to arrange proper and reliable physical security for the data storage and processing devices.
- Operation security. It entails all the principles of information security.
- Access control systems and methodology. The technical side of the operational security process is the control of the access to data. Any access (authorized or unauthorized) should be controlled.
- Cryptography. Data encryption is the most crucial measure for data processing and data transmitting.
- Telecommunications, network, and internet security. For preventing the data from interception, and providing correct transmission of information, the telecommunication network should be elaborated and maintained. There is a strong necessity to incorporate the proper infrastructure system.
- Application development security. For the system to stay reliable, the principles of security should be constantly developing.
While processing the information, and performing the operation security principles, it is necessary to take into account the origin and nature of the information. The factors that impact the classification of the processed information should be assigned pointing to the value of the information, its actuality and how long it will be required Laws and other regulatory requirements are also significant for information classification.
In conclusion, it is necessary to point out that operation security is one of the most essential tasks for any organization. However, providing this security requires numerous factors to be taken into account and essential resources spent for proper adjustment of the security system.
Baker, J. C., Lachman, B. E., Frelinger, D. R., O’connell, K. M., Hou, A. C., Tseng, M. S., et al. (2004). Mapping the Risks: Assessing Homeland Security Implications of Publicly Available Geospatial Information. Santa Monica, CA: Rand.
Bielski, L. (2005). Security Breaches Hitting Home: Phishing, Information Leaks Keep Security Concerns at Red Alert. ABA Banking Journal, 97(6), 7.
Cordesman, A. H., & Cordesman, J. G. (2002). Cyber-Threats, Information Warfare, and Critical Infrastructure Protection: Defending the U.S. Homeland /. Westport, CT: Praeger.
Hinojosa, P. (2005). Information Security: Where We’ve Been and Where We Need to Go. T H E Journal (Technological Horizons In Education), 32(7), 36.