Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operations Security (OPSEC) For New Hires

Published byLillian O’Connor’ Modified over 6 years ago

Similar presentations

Presentation on theme: "Operations Security (OPSEC) For New Hires"— Presentation transcript:

1 Operations Security (OPSEC) For New Hires
Presented by: (Presenter’s Name) Provided by OSPA (

2 OPSEC… What is it? Why do we need it? The 5-step OPSEC process
The OPSEC 2-step OPSEC for (Organization name) Introduction of topics covered. Will define OPSEC, discuss the need for OPSEC, outline the 5-step process and the OPSEC 2-step. There will also be a portion to discuss the role of OPSEC at your organization, as well as for the employees specific role.

3 What is OPSEC? Simply, a process designed to protect sensitive unclassified information And a way to keep our sensitive/critical information out of the hands of the “bad guys” Operations security (OPSEC) is an analytic process used to deny an adversary information - generally unclassified - concerning friendly intentions and capabilities by identifying, controlling, and protecting indicators associated with planning processes or operations. OPSEC does not replace other security disciplines -it supplements them. OPSEC is simply denying an enemy or adversary information that could harm you or benefit them. Another form of OPSEC, although not as widely accepted, is the intentional mis-information of an adversary, designed to protect your true secrets. OPSEC is a process, but it is also a mindset. By educating oneself on OPSEC risks and methodologies, protecting sensitive information becomes second nature. OPSEC is unique as a discipline, because it is understood that the OPSEC manager must make certain decisions when implementing OPSEC measures. Most of these measures will involve a certain expenditure of resources, so an estimate must be made as to whether the assumed gain in secrecy is worth the cost in those resources. If the decision is made not to implement a measure, then the organization assumes a certain risk. This is why OPSEC managers or Commanders must be educated and aware of the OPSEC process.

4 What is an OPSEC Indicator?
An indicator is a "piece of the puzzle". In other words, an indicator is any piece of information that can be exploited to gain further information, or be combined with other indicators to build a more complete profile of your operations. For example, an OPSEC indicator could be when you go to work, what you do at work, large group or troop movements or financial transactions such as life insurance appointments. Before releasing information, consider the potential value to your adversaries.

5 Why do we need OPSEC? You tell me… Situations and examples:
Company phone directory TrashInt Visitor Authentication We are in a world increasingly dependent on information. In this world, pieces of information (Internet postings, work schedules, phone directories and more) may be assembled in order to form the “big picture” of an organization or operation. Your adversaries in a military or business sense practice OPSEC to varying degrees, and it would be unwise to discount the capabilities of your enemy. Your adversary will constantly probe your organization, so the importance of a solid understanding of OPSEC cannot be understated. If you are not aware of OSPEC procedures, it is likely that certain pieces of information may be viewed as unimportant and not given the proper concern. examples: Without being aware of OPSEC procedures, a company phone directory may be seen as unimportant and discarded in an unsecured trash receptacle. If that directory is retrieved by an adversary, that adversary will have a dangerous insight into the structure of the organization, to include names and contact information. That person may be able to impersonate certain high-level individuals or target specific employees. Important documents (customer information, research information, etc) may be retrieved from trash receptacles if not properly destroyed. TrashInt, or “dumpster diving” is common and (in most areas) legal if on public property. If visitors are not properly cleared and authenticated (for instance, if someone “piggybacks” through a security door), they will have physical access to computer systems and unsecured documents.

6 The 5 Steps of OPSEC Identify Critical Information Analyze Threats
Analyze Vulnerabilities Assess Risk Apply Countermeasures Identify Critical Information The first, and arguably the most important, step in the OPSEC process is to determine which information is critical to the organization. Critical information is information that would harm the organization’s ability to effectively carry out normal operation if obtained by an adversary. Usually, this information represents the core secrets of an organization, and can vary from one organization to the next Analyze The Threat Once the critical information is identified, the next step is to determine the individuals or groups that represent a threat to that information. There may be more than one adversary, and different pieces of information may be targeted by different groups. In this stage, the capabilities, use for the information, determination and resources must also be analyzed Analyze The Vulnerabilities In this phase, the analyst will “Think like the wolf”, and view their organization from an adversaries perspective. The vulnerabilities of the organization must be thoroughly explored, especially in terms of physical safeguards, network/electronic safeguards and personnel training will be investigated Assess The Risks For each vulnerability, the threat must be matched. At this point, each vulnerability is assigned a risk level. This is an unmitigated risk level, meaning that any corrective factors are not included in the analysis. 5. Apply The Countermeasures Beginning with high-risk vulnerabilities, a plan is put in place to mitigate the risk factors. All possible countermeasures are considered, and could include additional hardware, training or outside contractors. The most important element of this step is to develop a plan to lower or eliminate the risk, or remove the threat’s access to the resource.

7 The OPSEC 2-step What do you need to protect? How do you protect it?
These two steps will be sufficient for most employees, and are designed to be an easy-to-remember process for protecting sensitive information 1. What do you need to protect? As you handle documents, information, conversations, etc, consider which of those potential OPSEC indicators you need to protect from inadvertent disclosure. Be aware of the potential use that your adversary may have for your information. A seemingly harmless document, such as a meeting announcement flyer, may be matched with other seemingly harmless documents to build a profile of your organization's activities How do you protect it? Your organization will have certain policies and countermeasures designed to protect critical information. In addition to established policies, certain "common sense" rules apply: - Be aware of unauthorized personnel in sensitive areas. - Do not hesitate to question unrecognized personnel. Ask for ID or authorization. - Secure and properly destroy sensitive information. - Log out or lock your computer when you will be out of sight. - Be aware of your surroundings when on the telephone. - Verify the source when asked for information on the telephone or via It is a common social-engineering technique to research an organization (to include supervisors and key personnel), and call or using the information obtained in their research. For instance, "Hello, (your name), this is Mike calling from (your boss' name)'s office. He needs to know the status of all of your current projects".

8 What do we need to protect?
(add critical information here) Add specific information relevant to your organization or the employee’s role. Use as many slides as necessary.

9 How do we protect it? Countermeasure
List countermeasures specific to your organization, such as verify visitors, shred certain documents, etc. Use as many slides as necessary.

10 “The number of known adversaries conducting research on information attacks is increasing rapidly and includes intelligence services, criminals, industrial competitors, hackers and disgruntled or disloyal insiders.” -George Tenet Director, CIA

11 REMEMBER Remember what to protect Remember how to protect it
And remember that protecting this information is YOUR responsibility!

Download ppt "Operations Security (OPSEC) For New Hires"

Similar presentations

Open Source Intelligence (OSINT) OSINT and TRASHINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered.

Open Source Intelligence (OSINT) OSINT and TRASHINT This presentation is the sole property of OSPA. Distribution is limited to OSPA members registered.
TLO 2: Action: Plan operational security. Intermediate-level training.

TLO 2: Action: Plan operational security. Intermediate-level training.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.

UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.
Introducing Computer and Network Security

Introducing Computer and Network Security
Computer Security: Principles and Practice

Computer Security: Principles and Practice
One Team, One Fight One Mission Presented by the Ordnance Center & Schools Security Office.

One Team, One Fight One Mission Presented by the Ordnance Center & Schools Security Office.
Introduction to Network Defense

Introduction to Network Defense
Military families and Operational Security. Family members are vital to the success of our military. You may not know it, but you play a crucial role.

Military families and Operational Security. Family members are vital to the success of our military. You may not know it, but you play a crucial role.
Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.

Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Following the terrorist attack on September 11, 2001 the President declared a national emergency … Secretary of Defense Donald Rumsfeld cautioned on the.

Following the terrorist attack on September 11, 2001 the President declared a national emergency … Secretary of Defense Donald Rumsfeld cautioned on the.
Chapter 4.  Can technology alone provide the best security for your organization?

Chapter 4.  Can technology alone provide the best security for your organization?
Presented by the 1st Information Operations Command.

Presented by the 1st Information Operations Command.
1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.
Operations Security (OPSEC) 301-371-1050. Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.

Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Provided by OSPA (www.opsecprofessionals.org) OPSEC for Families Presented by: (Presenter’s Name)

Provided by OSPA ( OPSEC for Families Presented by: (Presenter’s Name)
Operational Security PCC. VII-F.1.

Operational Security PCC. VII-F.1.

Similar presentations

Ads by Google