11.1 - The Role of the Operations Department

Companies perform important pieces of “due care and due diligence” efforts which include correct policies, procedures, standards, and guidelines.

These due diligence efforts require responsible, careful, cautious, and practical company practicing. It is important to identify systems and operations that are sensitive (meaning they need to be protected from disclosure) and critical (meaning they must remain available at all times).

Organizations consider many threats including disclosure of confidential data, theft of assets, corruption of data, interruption of services, and destruction of the physical or logical environment. The correct steps need to be taken to achieve the necessary levels of security while balancing various constraints.

Operations security departments ensure that people, applications, equipment, and the overall environment are properly and adequately secured.