Operations Security (OPSEC) Provided by OSPA (www.opsecprofessionals.org) OPSEC… • • • • What is it? Why do we need it? The 5-step OPSEC process The OPSEC 2-step What is OPSEC? • Simply, a process designed to protect sensitive unclassified information • And a way to keep our sensitive/critical information out of the hands of the “bad guys” What is an OPSEC Indicator? Why do we need OPSEC? • You tell me… • Situations and examples: – Company phone directory – TrashInt – Visitor Authentication The 5 Steps of OPSEC 1. 2. 3. 4. 5. Identify Critical Information Analyze Threats Analyze Vulnerabilities Assess Risk Apply Countermeasures The OPSEC 2-step • What do you need to protect? • How do you protect it? What do we need to protect? • • • • Personal information (PII) OUO Business strategy Network systems How do we protect it? • • • • • • Be aware of potential unauthorized personnel Ask to see badge Secure information (e.g. locked desk or file cabinet) Log out or lock computer Be aware of your surroundings on the telephone Verify the source when asked for information on the telephone or by e-mail “The number of known adversaries conducting research on information attacks is increasing rapidly and includes intelligence services, criminals, industrial competitors, hackers and disgruntled or disloyal insiders.” -George Tenet Former Director, CIA REMEMBER • Remember what to protect • Remember how to protect it • And remember that protecting this information is YOUR responsibility!