Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview OPSEC Threat Critical Information Indicators Data Aggregation

Published byJoonas Sala Modified over 4 years ago

Similar presentations

Presentation on theme: "Overview OPSEC Threat Critical Information Indicators Data Aggregation"— Presentation transcript:

1 Fleet & Family Support Program Ombudsman & Operations Security DD MMM YY

2 Overview OPSEC Threat Critical Information Indicators Data Aggregation
Vulnerabilities Risk Countermeasures Ombudsmen and OPSEC Social Media

3 OPSEC A 5 step process that
Identifies, controls and protects sensitive, critical unclassified information and indicators about a mission, operation or activity Assesses potential threats, vulnerabilities, and risk Utilizes countermeasures to mitigate an adversary's effectiveness against a friendly operation

4 Threat Capabilities and intentions of an adversary to undertake any action detrimental to the success of friendly activities or operations. Conventional Threats Military opponents Unconventional Threats Terrorism (foreign and domestic) Hackers Insiders (Spies) Thieves, stalkers, pedophiles There are several factors that help you determine the treat to your command or unit’s mission. Geography plays a large role in threat identification. Example: If you are in the Arabian Gulf, then MS-13 will probably not make your threat list. The best source to request threat information will be the N2 shop if the command has one and if not, NCIS MTAC.

5 What are they looking for?
Names, photographs of important people Present/future operations Information about military facilities Location Number of personnel Ammo depot locations Dates and times of operations Family details Spouse, children Location of work, school

6 Critical Information Information we must protect to ensure success
Information the adversary needs to prevent our success Capabilities Operations Personnel Security procedures

7 Family Critical Information
Some examples of critical information that apply to your family life: Names and photos of you and your children Usernames and passwords Length and location of spouse’s deployment Social Security Numbers Credit card/banking information Significant dates (birthdays, anniversaries) Addresses and phone numbers Everyday schedules Travel itineraries

8 Indicators Friendly, detectable actions that reveal critical information and vulnerabilities Longer working hours Rehearsals Sudden changes in procedures Onloads Large troop movements Not all indicators are bad Indicators are signatures of an event or action an adversary can observe via collection methods available to them. Indicators can point to vulnerabilities and possibly reveal Critical Information.

9 Avoid Indicators This slide depicts common indicators for families.

10 Data Aggregation Information collected from multiple sources
Open source collection provides enemy most of their intelligence Manchester Document: 80% of information collected is done so legally Internet Trash Media Small details put together give big picture Countermeasures are used to address vulnerabilities that an adversary may exploit to gain access to critical information. The objective is to lower the vulnerability rating which will in turn lower the risk level. The remaining risk is referred to as residual risk. The ultimate goal of countermeasures is to reduce Risk to the commanders acceptable level. Two things that must be considered when developing countermeasures are “Cost & benefit”.

11 Vulnerabilities Weakness the adversary can exploit to get critical information Some common vulnerabilities are: Lack of awareness Social networking Social engineering Data aggregation Technology Trash Poor policy enforcement Unsecure communications Like with anything, a vulnerability is something that can be exploited to cause damage or disruption. This slide is a list of the most common vulnerabilities a person or organization may experience.

12 Risk The probability an adversary will gain knowledge of your critical information and the impact if they are successful Impact: How much will it cost if your critical information is lost? Lives Mission Money Time How much are you willing to risk by displaying this indicator or not correcting that vulnerability? The Risk assessment step of the OPSEC process aids decision makers in understanding what aspects of an operation or mission could be compromised and how resources could be affected. The cost can be measured by what is shown on this slide. Always keep in mind that the “Commander” is the only only one who can accept risk, therefore will determine the acceptable level of risk.

13 Countermeasures Anything that effectively negates or reduces an adversary's ability to exploit vulnerabilities or collect & process critical information Hide/control indicators Vary routes Modify everyday schedules Influence or manipulate an adversary’s perception Take no action React too late Take the wrong action Countermeasures are used to address vulnerabilities that an adversary may exploit to gain access to critical information. The objective is to lower the vulnerability rating which will in turn lower the risk level. The remaining risk is referred to as residual risk. The ultimate goal of countermeasures is to reduce Risk to the commanders acceptable level. Two things that must be considered when developing countermeasures are “Cost & benefit”.

14 Ombudsman and OPSEC Knowledge of command’s critical information
Families must understand OPSEC process Educate the family members whenever possible Newsletters Meetings - Sailors bring home their command’s Critical Information. Family members must know what information they receive is critical and what is not. The easiest way to do ensure that family members are not posting Critical Information is to educate them. There are several ways to spread the OPSEC message across the FRG. If you maintain a newsletter, you can push the OPSEC message that way. Always have some sort of OPSEC training at any and all FRG meetings that you have, whether you do it or you request outside assistance (NOST). Family members protecting information is just as important as the service member protecting the information. Educate the families, especially teenagers that are active on social media.

15 Social Media Highly recommended Open groups on Facebook
Monitor the site Never post PII Regularly check security settings Be careful using public wireless networks - Social media is the easiest way to communicate with large groups of people. It is highly recommended for ombudsmen to use Facebook and other social media sites to keep in touch the family members. Facebook is the easiest way to communicate with large groups of people at the same time. If an ombudsman is running a Facebook group, it is recommended to keep the group open. People think or assume that if a Facebook group is closed to the general public, it is unable to be seen by outsiders. This causes some people to think it is acceptable to post sensitive information. Adversaries could easily hack into the closed group to access the page. Also, anybody who shares a post from the closed group to their personal page has made it accessible to the general public. You should always know who is a member of your page. Block any suspicious followers to your pages. Obviously, never post PII on social media, whether it be a service member or family member. Also, never go into detail about your personal life on social media. The adversary could be watching your online activity. Don’t give him an opportunity to take advantage of you because of the information you provide on Facebook. Facebook changes or updates their security settings often. When an update occurs, it may change your security settings back to default, which isn’t very secure. Always keep an eye on this. Be very careful about your online activity when you are using a public wireless network (airport, hotel, coffee shop, etc), especially if you are overseas. Always assume the adversary is watching. Equipment can be easily obtained to monitor devices on public networks.

16 Summary OPSEC Threat Critical Information Indicators Data Aggregation
Vulnerabilities Risk Countermeasures Ombudsmen and OPSEC Social Media

17 Your Command OPSEC Program Manager information here.
Questions Your Logo here Your Command OPSEC Program Manager information here. NAVAL INFORMATION FORCES ATTN: NAVAL OPSEC SUPPORT TEAM 115 LAKE VIEW PARKWAY SUFFOLK, VIRGINIA 23435

Download ppt "Overview OPSEC Threat Critical Information Indicators Data Aggregation"

Similar presentations

Fleet & Family Support Ombudsman Program & Operations Security

Fleet & Family Support Ombudsman Program & Operations Security
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Naval OPSEC Support Team Navy Information Operations Command, Norfolk 757-417-7100 #Don’tDoThat: Social Media Trends.

Naval OPSEC Support Team Navy Information Operations Command, Norfolk #Don’tDoThat: Social Media Trends.
THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.

THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.
Introduction to Operations Security (OPSEC) Updated 09/28/11 1 Security is Everyone's Responsibility – See Something, Say Something!

Introduction to Operations Security (OPSEC) Updated 09/28/11 1 Security is Everyone's Responsibility – See Something, Say Something!
NEW YORK NATIONAL GUARD FAMILY PROGRAMS Offered & presented by CW2 Walker Family Programs OPSEC Program Manager.

NEW YORK NATIONAL GUARD FAMILY PROGRAMS Offered & presented by CW2 Walker Family Programs OPSEC Program Manager.
OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.

OPSEC Countermeasures Michael Chesbro DES OPSEC Officer OPSEC Countermeasures Michael Chesbro DES OPSEC Officer.
TLO 2: Action: Plan operational security. Intermediate-level training.

TLO 2: Action: Plan operational security. Intermediate-level training.
UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.

UNCLASSIFIED. Your loved one has the training, leadership and equipment needed to perform the mission and come back home to you. But did you know that.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network security policy: best practices

Network security policy: best practices
One Team, One Fight One Mission Presented by the Ordnance Center & Schools Security Office.

One Team, One Fight One Mission Presented by the Ordnance Center & Schools Security Office.
Military families and Operational Security. Family members are vital to the success of our military. You may not know it, but you play a crucial role.

Military families and Operational Security. Family members are vital to the success of our military. You may not know it, but you play a crucial role.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
UNCLASSIFIED VP-4 Skinny Dragons Operations Security (OPSEC) and Social Networking.

UNCLASSIFIED VP-4 Skinny Dragons Operations Security (OPSEC) and Social Networking.
Following the terrorist attack on September 11, 2001 the President declared a national emergency … Secretary of Defense Donald Rumsfeld cautioned on the.

Following the terrorist attack on September 11, 2001 the President declared a national emergency … Secretary of Defense Donald Rumsfeld cautioned on the.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Presented by the 1st Information Operations Command.

Presented by the 1st Information Operations Command.

Similar presentations

Ads by Google