Operational security (OPSEC), also known as procedural security, is a risk management process that encourages managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands.
Though originally used by the [military], OPSEC is becoming popular in the private sector as well. Things that fall under the OPSEC umbrella include monitoring behaviors and habits on [social media] sites as well as discouraging employees from sharing login credentials via email or text message.
Operational security controls are those that supplement the security of an organization in a manner in which both physical and technical elements are utilized.
Examples of operational security controls include: Overarching Security Policy. Acceptable Use Policy. Security Awareness Training Policy.