description: a risk management process that encourages managers to view operations from the perspective of an adversary to protect sensitive information
132 results
by Iain M. Banks · 5,095pp · 1,429,463 words
continue the dubious maritime analogy, I’m negotiating a tricky course between the minefield of personal honesty on one side and the rocky coast of operational security on the other – that’s as good a hint as I can afford to give you. Now, I’m serious; do you want to be
by Paul Tucker · 21 Apr 2018 · 920pp · 233,102 words
by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski and Adam Stubblefield · 29 Mar 2020 · 1,380pp · 190,710 words
Not? Triaging the Incident Compromises Versus Bugs Taking Command of Your Incident The First Step: Don’t Panic! Beginning Your Response Establishing Your Incident Team Operational Security Trading Good OpSec for the Greater Good The Investigative Process Keeping Control of the Incident Parallelizing the Incident Handovers Morale Communications Misunderstandings Hedging Meetings Keeping
…
the Right People Informed with the Right Levels of Detail Putting It All Together Triage Declaring an Incident Communications and Operational Security Beginning the Incident Handover Handing Back the Incident Preparing Communications and Remediation Closure Conclusion 18. Recovery and Aftermath Recovery Logistics Recovery Timeline Planning the Recovery
…
systems may be subverted? Do you need to call law enforcement or regulators? Security investigations grow organically in complexity as the organization begins to address operational security concerns (Chapter 17 discusses this topic further). Experts from other teams, such as Legal, may get involved before you can begin your investigation. In short
…
stand up an IR team, ensure that the communications section of your IR plan covers backup communication methods. We discuss the topic of operational security (OpSec) in more detail in “Operational Security”. Every response plan should outline high-level procedures so a trained responder can act. The plan should contain references to sufficiently detailed
…
a crisis, followed by a detailed plan of how to take command and maintain control of an incident—a topic that includes deep-dives into operational security and forensics. Communications are a critical but often overlooked part of crisis management. We guide you through some communication-related pitfalls to avoid and provide
…
extreme risk. If you’re involved in fixing the vulnerability before it’s publicly disclosed (these efforts are often called coordinated vulnerability disclosures, or CVDs), operational security and confidentiality concerns may warrant a heightened response . Alternatively, if you’re hurrying to patch systems after a public disclosure, securing systems that have complex
…
your customers, regulators, etc. A professional who is skilled at communicating could be a vital addition to your response team. DEEP DIVE: Operational Security In the context of crisis management, operational security (OpSec) refers to the practice of keeping your response activity secret. Whether you are working on a suspected compromise, an insider abuse
…
being downloaded from that site without any further interaction on your part. Ordinarily this behavior is helpful, but if you’re trying to practice good operational security while collecting data about your attacker, these tools can betray you by automatically talking to the attacker’s infrastructure in easily observable ways. If several
…
reported the breach to security. As an incident responder, your first instinct may be to lock the developer’s account right away—but remember the operational security concerns mentioned earlier. You should always start your investigation with a hands-off approach, until you know enough about the attack to make informed decisions
…
attendees introduce themselves, starting with the IC: Name Team Role [IC] Rules of engagement: Do you need to take confidentiality into account? Are there specific operational security concerns to consider? Who owns making decisions? Who should be included in decision-making processes? Who should not be included? Let your lead know if
…
following: An incident has occurred. You will be assuming the role of IC. You’ll need additional support from the team to investigate. Communications and Operational Security Now that you’ve declared the incident, other people in the organization—executives, legal, etc.—need to know an incident is in progress. If the
…
attacker compromised your organization’s infrastructure, emailing or chatting with these people may be risky. Follow operational security best practices. Suppose your contingency plan calls for using an organization credit card to register a business account in a cloud-based environment not associated
…
Reliability and Security Culture at Google Google has many moving parts and a correspondingly complex adversary landscape, which necessitates large teams of dedicated SREs and operational security personnel. These teams operate in “follow the sun” shifts in order to avoid stress and burnout, and are designed to be staffed accordingly. They spend
…
Right People Informed with the Right Levels of Detail emergency access and, Communications foundation for trust, Invisibility hedging, Hedging hypothetical crisis management example, Communications and Operational Security keeping the right people informed with the right levels of detail, Keeping the Right People Informed with the Right Levels of Detail meetings in crisis
…
’t Panic! beginning of response, Beginning Your Response closure, Closure communications, Communications-Keeping the Right People Informed with the Right Levels of Detail, Communications and Operational Security, Preparing Communications and Remediation compromises versus bugs, Compromises Versus Bugs coordinated vulnerability disclosure, Compromises Versus Bugs crises versus incidents, Is It a Crisis or Not
…
Incident-Morale keeping the right people informed with the right levels of detail, Keeping the Right People Informed with the Right Levels of Detail operational security, Operational Security-Operational Security, Communications and Operational Security parallelizing the incident, Parallelizing the Incident preparing communications and remediation, Preparing Communications and Remediation reliability/security tradeoffs, Reliability Versus Security: Design Considerations taking command
…
greater good, Trading Good OpSec for the Greater Good triage, Is It a Crisis or Not?-Triaging the Incident when tools try to be helpful, Operational Security cross-site scripting (XSS), Preventing XSS: SafeHtml cryptographic code, Example: Secure cryptographic APIs and the Tink crypto framework-Example: Secure cryptographic APIs and the Tink
…
-state actors, After the Recovery operational overload, Set aside time for debugging and investigations, Know what’s normal for your system operational security (OpSec)crisis management, Operational Security-Operational Security hypothetical crisis management example, Communications and Operational Security trading good OpSec for the greater good, Trading Good OpSec for the Greater Good operations lead (OL), Establishing Your Incident
by Thomas Rid
in plain sight. This inherent tension has operational consequences. Over the decades, dirty tricksters in various intelligence agencies, Western and Eastern, have discovered that tight operational security is neither cost-effective nor desirable, for both partial and delayed exposure may actually serve the interests of the attacker. It is not an accident
…
private intelligence firm named Secureworks published a stunning finding. The firm had discovered what would later be recognized as one of the GRU’s gravest operational security mistakes, one that became clear only when investigators finally figured out the mechanics of the Russian campaign. The remarkable discovery began with an email not
…
,” said one former worker to The Washington Post. “Prigozhin did not treat the trolls well. He could at least feed them.” Such poor discipline and operational security contrasts sharply with proper intelligence fronts, such as the CIA’s LCCASSOCK in the 1950S, where only the principal agent and perhaps a treasurer would
…
providers. The Internet Research Agency, the best-known and prime example, worked more like a spammy call center than a tight intelligence agency, with limited operational security, very limited presence on the ground in its target area, and no known operational coordination with Russian intelligence. The IRA’s social media accounts did
…
front was too credible, the in-jokes were too crafty, the Yoda English too smooth, the attacks against ex-NSA staff too personal,31 the operational security too good to be Russian. Even if the Shadow Brokers leak was an inside job, it wasn’t simply would-be whistle-blowing like the
by Gordon Thomas
suspicions remained, with Labour politicians calling for a detailed account of MI6 spending and the Secret Intelligence Service arguing that revealing this would “prejudice its operational security.” A Cabinet Office inquiry had concluded that MI6 “lacked focus” and had recommended some “downsizing as it appears to have run out of things to
by Amy B. Zegart · 6 Nov 2021
scant, but evidence suggests the operation was botched from the start. The mission was announced and volunteers solicited in a meeting of several officers—poor operational security.31 Hale used his real name32 and brought his Yale diploma with him, presumably to bolster his cover story that he was an unemployed school
…
operation. General Washington frequently served as his own spymaster and chief analyst, setting up production for invisible ink,43 advising assets on how to maintain operational security, planting false information for suspected double agents, and assessing the value of the information that came in. Because Washington was enmeshed in running so many
…
to create 3D models of the compound. The CIA’s open-source center scooped up public information about the city of Abbottabad, but to keep operational security tight, officials requested research on several Pakistani cities.127 The CIA also set up a safe house in Abbottabad with a small team to establish
…
Qa’ida to ISIS (New York: Twelve, 2015), 150. The official NSC calendar listed the bin Laden meetings only as “Mickey Mouse meetings” to preserve operational security. John O. Brennan, Undaunted: My Fight against America’s Enemies, at Home and Abroad (New York: Celadon Books, 2020), 230–31. 4. Amy Zegart and
by James Barr · 15 Feb 2011 · 750pp · 169,026 words
, the squads were wound up later in the year. By then, Wingate’s refusal to share the details of his plans – on the grounds of operational security – had annoyed other British officers. Wingate was an easy scapegoat for the more general failings of British policy. A senior policeman described him as a
by Steven Levy · 25 Feb 2020 · 706pp · 202,591 words
Units 26165 and 74455 of the Main Intelligence Directorate of the General Staff (GRU), roughly the Russian equivalent of the CIA. “Their tradecraft is superb, operational security second to none, and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter,” wrote CrowdStrike
by Francis Fukuyama · 22 Dec 2005
, earlier nation-building experiences) suggest that the first priority of nation-builders must be to establish or maintain security for the civilian population (not just operational security or force protection for the troops) and to build on that security to push the postconflict society toward the rule of law. In this regard
by Richard Aldrich · 10 Jun 2010 · 826pp · 231,966 words
lax. Chitty had done a spot check of twelve departments around Whitehall, and found that few were taking cypher security seriously. Britain needed a decent operational security section at Bletchley Park, and a proper supervisory board with teeth.27 No cypher system, Chitty warned, was unbreakable. Britain’s most sensitive material was
by Patrick Thibeault · 23 Jul 2012 · 172pp · 61,599 words
by Nathan Hodge · 1 Sep 2011 · 390pp · 119,527 words
by Peter R. Mansoor, Donald Kagan and Frederick Kagan · 31 Aug 2009 · 423pp · 126,375 words
by Gabriella Coleman · 4 Nov 2014 · 457pp · 126,996 words
by Eileen Ormsby · 1 Nov 2014 · 269pp · 79,285 words
by Thomas Leahy · 26 Mar 2020 · 1,149pp · 141,412 words
by Deborah D. Avant · 17 Oct 2010 · 872pp · 135,196 words
by Andy Oram and John Viega · 15 Dec 2009 · 302pp · 82,233 words
by Seth G. Jones · 29 Apr 2012 · 649pp · 172,080 words
by Jason Burke · 1 Sep 2011 · 885pp · 271,563 words
by Shaun Walker · 15 Apr 2025 · 465pp · 155,902 words
by Charles Stross · 9 Jul 2011 · 350pp · 107,834 words
by Jeremy Scahill · 1 Jan 2007 · 924pp · 198,159 words
by Jeremy Scahill · 22 Apr 2013 · 1,117pp · 305,620 words
by Richard Petersen · 15 May 2015
by Luke Harding · 7 Feb 2014 · 266pp · 80,018 words
by Julia Angwin · 25 Feb 2014 · 422pp · 104,457 words
by Justin Schuh · 20 Nov 2006 · 2,054pp · 359,149 words
by Bruce Sterling · 15 Mar 1992 · 345pp · 105,722 words
by Ronen Bergman · 30 Jan 2018 · 1,071pp · 295,220 words
by Sean Naylor · 1 Mar 2005 · 615pp · 191,843 words
by Rory Cormac · 14 Jun 2018 · 407pp
by Fred Kaplan · 1 Mar 2016 · 383pp · 105,021 words
by Nicole Perlroth · 9 Feb 2021 · 651pp · 186,130 words
by Florence de Changy · 24 Dec 2020
by Casey Rosenthal and Nora Jones · 27 Apr 2020 · 419pp · 102,488 words
by Peter F. Hamilton · 2 Mar 2004 · 1,234pp · 356,472 words
by Sebastian Mallaby · 9 Jun 2010 · 584pp · 187,436 words
by Kristina Spohr · 23 Sep 2019 · 1,123pp · 328,357 words
by Simon Singh · 1 Jan 1999
by Scott Anderson · 5 Aug 2013
by Thomas E. Ricks · 14 Oct 2009 · 509pp · 153,061 words
by W. Curtis Preston · 9 Feb 2009 · 1,266pp · 278,632 words
by Dana Priest and William M. Arkin · 5 Sep 2011 · 328pp · 100,381 words
by The "Guardian", David Leigh and Luke Harding · 1 Feb 2011 · 322pp · 99,066 words
by Andy Greenberg · 12 Sep 2012 · 461pp · 125,845 words
by Marc Goodman · 24 Feb 2015 · 677pp · 206,548 words
by Nada Bakos · 3 Jun 2019
by Kevin Mitnick, Mikko Hypponen and Robert Vamosi · 14 Feb 2017 · 305pp · 93,091 words
by Lewis Sorley · 2 Jun 1999 · 565pp · 160,402 words
by Brad Smith and Carol Ann Browne · 9 Sep 2019 · 482pp · 121,173 words
by Cyrus Farivar · 7 May 2018 · 397pp · 110,222 words
by Clint Watts · 28 May 2018 · 324pp · 96,491 words
by Caspar Herzberg · 13 Apr 2017
by Dr Peter Lee · 14 Jul 2019
by Peter Gutmann
by Richard Whittle · 15 Sep 2014 · 455pp · 131,569 words
by David Bellavia · 4 Sep 2007 · 325pp · 92,272 words
by Max Chafkin · 14 Sep 2021 · 524pp · 130,909 words
by Stross, Charles · 12 Jan 2006
by Christopher Andrew · 2 Aug 2010 · 1,744pp · 458,385 words
by Glenn Greenwald · 12 May 2014 · 253pp · 75,772 words
by Tom Clancy · 2 Jan 1989 · 914pp · 270,937 words
by Tom Clancy · 2 Jan 1996
by Tom Clancy · 2 Jan 1998
by Tom Clancy · 2 Jan 1989
by James Rickards · 7 Apr 2014 · 466pp · 127,728 words
by Nick Bostrom · 3 Jun 2014 · 574pp · 164,509 words
by Michael S Collins · 23 Feb 2014 · 446pp · 102,421 words
by Bruce Schneier · 2 Mar 2015 · 598pp · 134,339 words
by James Rickards · 15 Nov 2016 · 354pp · 105,322 words
by Brian Krebs · 18 Nov 2014 · 252pp · 75,349 words
by Thomas Rid · 27 Jun 2016 · 509pp · 132,327 words
by Edward Snowden · 16 Sep 2019 · 324pp · 106,699 words
by Rusty Bradley and Kevin Maurer · 27 Jun 2011 · 289pp · 90,176 words
by Martin Kleppmann · 16 Mar 2017 · 1,237pp · 227,370 words
by Barton Gellman · 20 May 2020 · 562pp · 153,825 words
by Ben Buchanan · 25 Feb 2020 · 443pp · 116,832 words
by Steve Olson · 28 Jul 2020 · 378pp · 103,136 words
by Dan Ariely · 3 Apr 2013 · 898pp · 266,274 words
by Stross, Charles · 14 Jan 2010 · 366pp · 107,145 words
by Stross, Charles · 30 Sep 2007 · 414pp · 123,666 words
by Alastair Reynolds · 2 Jan 2007 · 764pp · 188,807 words
by Tom Clancy and Peter Telep · 13 Jun 2011 · 640pp · 177,786 words
by Tom Clancy · 2 Jan 1984 · 594pp · 165,413 words
by Tom Clancy and Scott Brick · 2 Jan 2002
by Tom Clancy · 2 Jan 1998 · 553pp · 151,139 words
by Tom Clancy · 2 Jan 1993
by Steve Coll · 23 Feb 2004 · 956pp · 288,981 words
by Martin Kleppmann · 17 Apr 2017
by Rosa Brooks · 8 Aug 2016 · 548pp · 147,919 words
by P. W. Singer and August Cole · 28 Jun 2015 · 537pp · 149,628 words
by Eric O'Neill · 1 Mar 2019 · 299pp · 88,375 words
by Kevin Lacz, Ethan E. Rocke and Lindsey Lacz · 11 Jul 2016 · 304pp · 97,603 words
by Eli Berman, Joseph H. Felter, Jacob N. Shapiro and Vestal Mcintyre · 12 May 2018 · 517pp · 147,591 words
by Peter Baker · 21 Oct 2013
by Laurent Richard and Sandrine Rigaud · 17 Jan 2023 · 350pp · 115,802 words
by Renee Dudley and Daniel Golden · 24 Oct 2022 · 392pp · 114,189 words
by Andy Greenberg · 15 Nov 2022 · 494pp · 121,217 words
by Benjamin Wallace · 18 Mar 2025 · 431pp · 116,274 words
by David Gerard · 23 Jul 2017 · 309pp · 54,839 words
by Mary L. Gray and Siddharth Suri · 6 May 2019 · 346pp · 97,330 words
by Brett King · 26 Dec 2012 · 382pp · 120,064 words
by Melanie Swan · 22 Jan 2014 · 271pp · 52,814 words
by Charles Stross · 14 Jun 2006 · 443pp · 123,526 words
by Stross, Charles · 9 Apr 2009 · 358pp · 103,103 words
by Paolo Bacigalupi · 15 Sep 2009 · 523pp · 144,971 words
by Clinton V. Oster, John S. Strong and C. Kurt Zorn · 28 May 1992 · 217pp · 152 words
by Stephen Witt · 15 Jun 2015 · 315pp · 93,522 words
by Ed Offley · 25 Mar 2014 · 309pp · 84,539 words
by Gregoire Chamayou · 23 Apr 2013 · 335pp · 82,528 words
by Matthew Skelton and Manuel Pais · 16 Sep 2019
by Edward Chancellor · 15 Aug 2022 · 829pp · 187,394 words
by Bradley Hope · 1 Nov 2022 · 257pp · 77,612 words
by Jodi Taylor · 21 Jun 2023 · 506pp · 132,373 words
by Alistair Cockburn · 30 Sep 2000
by Sean Parnell and John Bruning · 28 Feb 2012 · 400pp · 109,754 words
by Ben McKenzie and Jacob Silverman · 17 Jul 2023 · 329pp · 99,504 words
by David Gelles · 30 May 2022 · 318pp · 91,957 words
by Philip Tetlock and Dan Gardner · 14 Sep 2015 · 317pp · 100,414 words
by Clive Thompson · 26 Mar 2019 · 499pp · 144,278 words
by Kerry Howley · 21 Mar 2023
by Jeff Guinn · 24 Jan 2023 · 438pp · 126,284 words
by Brian Christian · 1 Mar 2011 · 370pp · 94,968 words
by David Wellington · 22 Jul 2019 · 460pp · 130,621 words
by Douglas Rushkoff · 7 Sep 2022 · 205pp · 61,903 words
by Ian Anderson · 6 Mar 2019
by Joan Smith · 5 Apr 2019
by Andres Duany, Elizabeth Plater-Zyberk and Jeff Speck · 14 Sep 2010 · 321pp · 85,267 words
by Dan Ariely · 27 Jun 2012 · 258pp · 73,109 words
by Noam Chomsky and David Barsamian · 1 Oct 2007
by Amal El-Mohtar and Max Gladstone · 15 Jul 2019 · 132pp · 37,391 words