What is OPSEC?
OPSEC is a systematic and proved process by which the U.S. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive Government activities. (National Security Decision Directive 298)
What is the OPSEC Process?
OPSEC is as a mental process with five components or steps:
- Identify critical information
- Analyze threat
- Analyze vulnerabilities
- Assess risk
- Initiate Countermeasures
How can I get threat information?
From your supporting counterintelligence agency, on your own, or a combination of both methods.
How do I know that I’m getting the “right” threat information to use in my OPSEC planning?
The value of threat information usually depends on the quality of the questions you have asked, the competency of the organization providing the threat information, and your ability to understand what they have told you.
Back to Top>>
How can OPSEC help protect my organization against terrorism?
Terrorists require intelligence to accomplish their objectives. You can apply the OPSEC process to identify critical information that terrorists can use against you and control those indicators that give away that critical information.
I’m responsible for establishing an OPSEC program. Where do I start?
I’m responsible for re-establishing an OPSEC program. Where do I start?
The answer to both questions is virtually the same. Start by asking why you have this responsibility. Who or what do you have to satisfy? By answering these questions first, you will be able to approach the task in a systematic way. If you are re-establishing a program that has fallen into disrepair, then you will need to know the program’s history to find out what went wrong in order to correct the problem(s) and to avoid repeating mistakes.
What are some of the characteristics of an OPSEC program?
The OPSEC program provides a framework for OPSEC activity within the organization.
How do I structure my OPSEC program?
OPSEC is carried out in an organizational environment as required by the organization’s OPSEC program. So it will be necessary to write an OPSEC program description that provides guidance as to how OPSEC will be performed within the organization.
What are some of the characteristics of OPSEC programs in specific environments?
Many aspects of an OPSEC program are present in all settings. However, there are unique features of each.
Back to Top>>
How can I identify critical information in an acquisition program?
If you’re fortunate, there will be documentation that describes critical program information. This is true for both government and commercial activities. If no documentation is available, then you will have to identify it by other means, such as convening a working group for that purpose.
How can I attain the integration of OPSEC with my organization’s operations?
It depends. Information Operations cells, integrated project teams, and OPSEC working groups all provide an organizational structure that facilitates OPSEC integration.
How do I develop the training portion of my OPSEC program?
OPSEC skills and knowledge are acquired and practiced at the individual level. Therefore, each position in the organization needs to be analyzed to determine what OPSEC knowledge must be possessed and what OPSEC tasks must be performed.
What are the elements of a successful OPSEC awareness program?
The structure of your awareness program will depend largely upon the importance of OPSEC to mission success and protection of other assets.
What role does the manager/commander play in my OPSEC program?
The manager/commander has the lead role in your OPSEC program. An OPSEC program has a limited chance of success without the direct support of the manager/commander.
Back to Top>>
What is OPSEC planning?
OPSEC planning is a strategy that analyzes an operation or activity and applies the OPSEC process to protect critical information.
What is an OPSEC survey and when should I do one?
How can I evaluate the effectiveness of my OPSEC program?
These two questions relate to evaluating the effectiveness of OPSEC programs and plans. There are several terms that describe OPSEC evaluations, and there are some variations of usage. This handbook will use the terms inspection, OPSEC assessment, and OPSEC survey to cover all evaluations.
I’m conducting an OPSEC survey. Should I be involved with computer security, i.e., information systems security?
This depends where your information is. As you analyze your organization’s process, you will most likely find that information flows in and out of computer networks, and that information systems security will be a prime concern.
What do I need to know about Communications Security (COMSEC)?
As an overview response to this question, you will need to be aware of COMSEC concerns when conducting your vulnerability analysis, and when considering countermeasures.
I’m conducting an OPSEC survey. What do I need to know about open sources?
You need to know the magnitude of the open source threat to your information, and how you can use open sources to find out more about the adversary.
My program involves field testing and range firing. What do I need to know about field testing and range security?
Field testing usually offers adversaries an opportunity to gather information about the tested system. You need to know what information requires protection and what planning, preparation, testing, and reporting activities might reveal critical information. Each field test or use of a range that involves critical information will require a separate OPSEC plan.
Back to Top>>
I have created a successful OPSEC program. How can I ensure that it will remain at this level, especially after I have left the position?
The heart of a successful OPSEC program is the aggregate of all program components. The maintenance of a successful program depends on constant watchfulness of all phases of the program, seeking continuous improvement, and maintaining a record of what made your program a success.
As an OPSEC officer, where can I get program assistance?
First look within your own organizational structure, then to your OPSEC officer peers, and finally to organizations that support OPSEC.
Back to Top>> |
Font Size | 
Font Size