Operations Security Architecture
The Operations security architecture layer of the SABSA focuses on ensuring the operational continuity of the business systems, and maintaining the security of operational business data and information. So this is a very important part of the overall SABSA model as it can be impeded within each and every one of the other five layers. This logically makes sense, as each layer must be maintained and monitored for potential failures and disruptions, from an Operations and Maintenance perspective its your responsibility in keeping the security and processes of the architecture in place for your systems over their entire lifetime.
As a cyber security professional, you know that all business operations face some threat and vulnerability within their systems. It's important to identify which threat domain and threat agent is most likely to cause harm to an information system. This will vary from company to company of course. In my opinion, and without even needing to know what information a company needs to protect I can make some very easy and accurate assumptions on common threats and vulnerabilities our systems face when reflecting on Operations Security Architecture. To me the threat domain and agent that is most likely to cause harm to an information system is People and current employees. Until computer systems can be created, deployed, and managed 100% by machines, people will always be the largest risk to an information system.
Philosophically you could even say those machines are at risk too as at some point a human had created the systems operating said machines, but then we get into a Matrix (movie) paradigm. Specifically, with current employees they are most likely to cause harm over a past employee or one being considered for employment. As that person would already have access to key systems to do the most harm. Where as past employees, while having knowledge on how the inter-working's of the information systems may work, should in theory and common practice have their access revoked.
As a cyber security professional, you know that all business operations face some threat and vulnerability within their systems. It's important to identify which threat domain and threat agent is most likely to cause harm to an information system. This will vary from company to company of course. In my opinion, and without even needing to know what information a company needs to protect I can make some very easy and accurate assumptions on common threats and vulnerabilities our systems face when reflecting on Operations Security Architecture. To me the threat domain and agent that is most likely to cause harm to an information system is People and current employees. Until computer systems can be created, deployed, and managed 100% by machines, people will always be the largest risk to an information system.
Philosophically you could even say those machines are at risk too as at some point a human had created the systems operating said machines, but then we get into a Matrix (movie) paradigm. Specifically, with current employees they are most likely to cause harm over a past employee or one being considered for employment. As that person would already have access to key systems to do the most harm. Where as past employees, while having knowledge on how the inter-working's of the information systems may work, should in theory and common practice have their access revoked.