Operations Security (OPSEC)
Welcome to the first operations security (OPSEC) community on Lemmy!
This is a space dedicated to discussing, sharing, and learning about operational security practices. Whether you are a business owner, a cybersecurity expert, or just a regular person, you can always benefit from a little extra OPSEC in your life.
Community Guidelines
As we belong to Lemmy.zip all of their guidelines apply on top of ours.
-
Stay on topic:
- Keep discussions related to OPSEC only
- If your post is about this community instead of OPSEC, prepend the prefix [META] to the title
- For the sake of organization, please label your posts with prefixes such as [NEWS], [GUIDE], [QUESTION], [MEME], and so on. While this isn't standardized nor enforced, it helps keep everything nice and neat
-
No illegal content:
- Do not discuss, promote, or engage in illegal activities
- While OPSEC can be used for criminal activity, we will not offer assistance to anyone planning to use it for such
-
Quality Content:
- Provide only good, factual and credible advice
- Avoid spreading misinformation or unverified claims
- Avoid low-effort posts, spam and sensationalism
- Copypastas are allowed only as comments and if related to the post or parent comment.
- Do not post AI-generated content; anyone can ask ChatGPT for assistance so do what you do best: be a human
- Anyone giving blatantly false advice will be permanently banned
-
No Self-Promotion:
- Refrain from excessive self-promotion or advertising
- Occasional sharing of personal projects is allowed if it benefits the community
-
Threat Models:
- Do not ask for advice without mentioning your threat model
- Do not provide advice ridiculously outside the asker's threat model
- Do not provide advice without knowing the asker's threat model (except when providing general advice to the community)
What is OPSEC?
Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
In simpler terms, it is the process of finding vulnerabilities that an adversary could exploit and patching them, thereby reducing your attack surface.
OPSEC is NOT a synonym for cybersecurity. It can encompass it; however, it also revolves around physical security.
Useful resources
view the rest of the comments
You want, ideally a crosscut shredder. Burning even moderate amounts of paper indoors is probably too much of a fire or smoke inhalation risk, unless you already have a fireplace you can use.
Mix the sensitive documents with pages from unrelated useless documents (could be scratch paper notes, old letters or homework, junk mail, paper advertisements or pages from catalogs or even a phonebook) and shred all that stuff together.
After shredding, seperate the shredded paper into bags so that no one "document" is likely to be able to be reassembled from one bag. Throw the bags away in separate places and/or on separate days. Drop them in different dumpsters behind businesses or different trashcans in the park. Alternatively if you can store the shredded paper in bags at a secure location, you can save it up and then take it on a camping trip and burn it in your campfire.
If your threat model is so severe that these methods aren't secure enough, consider instead avoiding writing or printing the information in the first place.