As previously discussed operational controls are in place to protect information assets. Integrating operational controls to safeguard information assets is commonly achieved through the five phases listed below.
- Identification of critical information assets (inventory)
- Analysis of threats
- Analysis of vulnerabilities
- Risks assessment
- Apply countermeasures
The CIA triad is executed through various methods of protection. For example, in operation security methods can be employed to deter, detect, or prevent unauthorized access to information assets.
Prior activities required the delivery of various control methods. These were used to protect assets, support business services, and daily security operations. The security operations concepts, the principle of least privilege (need-to-know), separation of duties, and job rotations are paramount to day-to-day security. Here, access to information is limited to getting the job done, collusion is deterred, and transparency is encouraged.
Other activities such as monitoring the privilege accounts, information lifecycle, and executing appropriate service level agreements are some mindful security operation operations in the process of providing information security, particularly for air transportation.
Critique at least three of the solutions that were made. Present a justification for your positions. Also, address any activities that are or could become an ethical issue.
