Landing the Boeing 747…
We pilots live by checklists. Sometimes the checklists are lengthy, and sometimes they are short. For the little airplanes I fly, the landing checklist – a fairly critical checklist – has four items, abbreviated as GUMP. But what about a big plane, like a 747? Are there a lot more? Not really. The reason for this is that landing is a critical time, and you only want to be distracted by having to check a few critical items. As an example, landing with the gear up is bad, big plane or little, and will make every landing checklist.
OPSEC practitioners are in a similar position. There are an unlimited number of pieces of IPCI (intellectual property and critical information) that we would like to protect, but we really only have time and budget to protect the most critical of these. Looked at from the top, it may seem as if there are a huge number of pieces of IPCI that need to be protected. Which is true, sort of…
As an example, imagine that you are a company with ten divisions. Each division has any number of bits of information that shouldn’t get out. But experience tells us that in each division there will be somewhere between ten and twenty items that are most critical, and that this is a number that can be managed. This same principle works up and down the food chain. There may be a huge number of things you would like to protect, but you can actually only focus on protecting a small portion of them. And in many cases, properly protecting one item will protect all the associated items.
However, if you have never performed a comprehensive audit of your IPCI you will have no idea of what is valuable to your adversaries and competitors, and therefore will have no idea of what actually needs to be protected.
How to protect your IPCI, is, of course, a separate issue, for which we hope you will call on our services.