Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 63

Operational countermeasures are procedures designed to perform work properly and mitigate loss. For example, procedures on how to safely handle sensitive materials or perform work safely are operational countermeasures. Likewise, audit procedures to detect and mitigate loss and deviations from expectations are operational countermeasures.

Ideally, operational countermeasures that deal with security are embedded in business processes so that security concerns are integral to the organization. Security awareness programs are operational countermeasures, especially when they inform people on how to perform their functions properly. There are also practices that can be put in place to authenticate and verify the identity of individuals and their need to have access to information, facilities, or other resources. This extends to website interactions and requesting critical services to include reset of passwords and access to sensitive information.

Operational countermeasures also include legal agreements and enforcement. For example, nondisclosure agreements are a common form of protection that should be used whenever exchanging sensitive information with potential business partners.

Insurance is also a critical operational countermeasure. It is inevitable that there will be a loss, and insurance provides for a way to potentially mitigate losses.