Operational Level Risk

This is the area where information security controls that have been identified within the tactical security area are implemented and managed. Such controls would be implemented in accordance with the policies, processes standards and procedures that have already been developed.

For example, two types of controls that are implemented, managed within the operational area are access control and authentication. The implementation of access control and authentication tools is the responsibility of operational security as is the change management and day to day management.

A principal function of operational security is the monitoring of controls for effectiveness and correct operation. Monitoring controls can range from pre-project threat modelling, configuration consultancy, penetration testing (both network and application layer) through to post incident log analysis.

For further detail on relevant services, please click here.