ABSTRACT
This chapter discusses how risk assessments and analyses take into account the potential political, social, and financial losses that could be suffered in the event that information is accessed, modified, and obtained without authorization. It identifies the physical security measures used to protect a facility where sensitive data are stored, and describes how and why operations security (or OPSEC) views operations from the perspective of a perpetrator in order to identify vulnerabilities. The chapter explains the methods used by communications security (COMSEC) to deny competitors, criminals, and adversaries information derived from telecommunications and to ensure the authentication of communications. It outlines how computer security seeks to protect systems against vulnerabilities, threats, and attacks by seeking not only system security, but also network and data security. It assesses the approach known as defense in depth, a combination of physical security, personnel security, and cybersecurity, and discusses its usefulness.
