I can tell you about the resources, books, and guides that I'm familiar with - they are specific to the United States public sector. Not all of it is specific to Operational Security, but one could say that it is all related. Many federal departments and agencies must implement security programs based on guidelines and recommendations from Department of Commerce's National Institute of Standards and Technology, who created the Special Publication 800 Series for Computer Security, also the Special Publication 1800 Series for Cybersecurity Practice Guidelines. (<a href="http://csrc.nist.gov/publications/PubsSPs.html" rel="nofollow">http://csrc.nist.gov/publications/PubsSPs.html</a>) These departments and agencies are also required to report their cyber security incidents to the United States Computer Emergency Readiness Team (US-CERT) so that security events, incidents, and responses may be coordinated across departments and agencies. (<a href="https://www.us-cert.gov/government-users/compliance-and-reporting" rel="nofollow">https://www.us-cert.gov/government-users/compliance-and-repo...</a>) Today's federal departments and agencies are connected to trusted internet connections (TICs) that are all held up to high standards of incident reporting and security management. (<a href="https://www.dhs.gov/trusted-internet-connections" rel="nofollow">https://www.dhs.gov/trusted-internet-connections</a>) Same goes for the providers of their PKI infrastructure (<a href="https://www.idmanagement.gov/IDM/servlet/fileField?entityId=ka0t0000000TNYYAA4&field=File__Body__s" rel="nofollow">https://www.idmanagement.gov/IDM/servlet/fileField?entityId=...</a> ). Other key pieces of computing and communications infrastructure are also held to standards, such as the ones published by Federal Network Resilience group, but are not made available publicly. The CAESARS Framework (<a href="http://csrc.nist.gov/publications/drafts/nistir-7756/Draft-NISTIR-7756_second-public-draft.pdf" rel="nofollow">http://csrc.nist.gov/publications/drafts/nistir-7756/Draft-N...</a>) is the best example of a highly-integrated continuous monitoring program which integrates security operations with executive-level risk management. Lots of money has been invested in creating great frameworks, but many agencies and departments struggle to implement these in practice.