Before we can fully understand operations security, let’s define what we mean by “operations.”

Operations refer to the continual, day-to-day usage and maintenance of the system.

Operations Security covers all the measures necessary to keep the entire system— including the network, computer system(s), and applications—running in a secure and protected manner.

Operations Security includes the following aspects:

  • Physical and Environment Protection
  • Production
  • Input/Output Controls
  • Emergency and Contingency Planning
  • System and Data Backup
  • Software Maintenance Control
  • System Documentation
  • System Change Management

Among these aspects, the Input/Output Controls cover the proper handling of media for input/output data, such as print-outs, disk cartridges, and mass-storage devices.

The Operations Department is responsible for the operations security of a system. This department ensures that the daily activities of the system run smoothly, and that any issues that may arise are handled quickly and efficiently.

The key role of the Operations Department is to exercise due care and due diligence in the security of the system. The determining factor in shaping the best courses of action for ensuring the security of a system involves the concept of “the prudent person.” What would a prudent person do in a particular situation?

Finally, the Operations Department staff should not be allowed to access the development environment, or to the security management functions within the system. This could cause an increase in the risk of security breaches.