OPSEC - Operations Security¶
This is an online ebook for operations security (OPSEC) for Internet services.
Operations security (OPSEC) is a multidisciplinary approach for protecting information and services. Though the term has a wider general meaning, this guide discusses OPSEC in the context of securing Internet services. This includes, but is not limited to, protecting information from industrial espionage, blackhat hackers, law enforcement, social engineering, and mass surveillance. Please read further a introduction to OPSEC on Wikipedia.
About this guide¶
OPSEC - Operations Security Guide is a security guide and assessment tool for developing sensitive Internet services.
The aim is to provide transparent, lightweight and practical ways to develop and evaluate the security of an Internet service from a holistic viewpoint. The scope of the guide is interdisciplinary, covering the full range of business operations from team computer and mobile phone setup to safe software development practices. Read more about how and why this guide was created.
The guide presents 49 assesment points to evaluate different aspects of team and service security. The security assessment points are referred in 31 historical security incidences which could have been avoided if the operators had followed practices presented here.
Who is this for¶
OPSEC - Operations security is a guide and assessment tool for Internet service development. Developers, system administrators and decision-makers can learn to guarantee the safety of their projects against external and internal threats. The practical guide applies to one-man teams as well as large organizations building websites.
A special emphasis is put on high-value targets like government and cryptocurrency services.