Operations Security
(OPSEC)
Provided by OSPA (www.opsecprofessionals.org)
OPSEC…
•
•
•
•
What is it?
Why do we need it?
The 5-step OPSEC process
The OPSEC 2-step
What is OPSEC?
• Simply, a process designed to protect
sensitive unclassified information
• And a way to keep our sensitive/critical
information out of the hands of the “bad
guys”
What is an OPSEC Indicator?
Why do we need OPSEC?
• You tell me…
• Situations and examples:
– Company phone directory
– TrashInt
– Visitor Authentication
The 5 Steps of OPSEC
1.
2.
3.
4.
5.
Identify Critical Information
Analyze Threats
Analyze Vulnerabilities
Assess Risk
Apply Countermeasures
The OPSEC 2-step
• What do you need to protect?
• How do you protect it?
What do we need to protect?
•
•
•
•
Personal information (PII)
OUO
Business strategy
Network systems
How do we protect it?
•
•
•
•
•
•
Be aware of potential unauthorized personnel
Ask to see badge
Secure information (e.g. locked desk or file cabinet)
Log out or lock computer
Be aware of your surroundings on the telephone
Verify the source when asked for information on the
telephone or by e-mail
“The number of known adversaries
conducting research on information
attacks is increasing rapidly and includes
intelligence services, criminals, industrial
competitors, hackers and disgruntled or
disloyal insiders.”
-George Tenet
Former Director, CIA
REMEMBER
• Remember what to protect
• Remember how to protect it
• And remember that protecting this
information is YOUR responsibility!