Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
14 Cards in this Set
- Front
- Back
|
111.1 Define OPSEC.
|
OPSEC - Denying an adversary critical information regarding our planning, processes or operations; and regularly assessing our ability to prevent exploitation.
|
|
|
111.1 Examples of potentially critical information that should be protected by practicing OPSEC.
|
Current and future operations
Travel itineraries Usernames and passwords Access/identification cards Entry/exit security procedures Capabilities and limitations Address and phone lists Budget information Building plans VIP/distinguished visitor movements |
|
|
111.2 List the five steps of the OPSEC planning process.
|
1. Identify Critical Information (CI)
2. Threat Assessment 3. Vulnerability Analysis 4. Risk Assessment 5. Measures/Countermeasures |
|
|
111.2 Discuss Identify Critical Information (CI)
|
Critical information is defined as information about friendly (U.S., allied, and/or coalition) activities, intentions, capabilities, or limitations an adversary seeks in order to gain a military, political, diplomatic, economic, or technological advantage. Such information, if revealed to an adversary prematurely may prevent or complicate missions accomplishment, reduce mission effectiveness, damage friendly resources, or cause loss of life if revealed to an adversary.
|
|
|
111.2 Discuss Threat Assessment
|
Current, relevant threat information is critical in developing appropriate OPSEC protective measures. The threat assessment (TA) step in the OPSEC process includes identifying potential adversaries and their associated capabilities, limitations, and intentions to collect, analyze, and use knowledge of our CI against us. The threat refers to more than an enemy agent hiding behind a rock.
The following examples represent threats: -An unauthorized person attempting to acquire CI. -A person supplying CI to an adversary. -A person inadvertently providing CI information to an adversary. -Someone overheard at, for example, the gym or education center talking about an upcoming deployment. I-ntent + Capability = Threat |
|
|
111.2 Discuss Vulnerability Analysis
|
An operational or mission-related vulnerability exists when the adversary has the capability to collect indicators, correctly analyze them, and take timely action. The vulnerability analysis identifies operation or mission vulnerabilities. Weaknesses that reveal CI through collected and analyzed indicators create vulnerabilities. Indicators are those friendly actions and information that adversary intelligence efforts can potentially detect or obtain and then interpret to derive friendly CI.
|
|
|
111.2 Discuss Risk Assessment
|
Risk assessments estimate an adversary’s capability to exploit a vulnerability, the potential effects such exploitation will have on operations and provide a cost-benefit analysis of possible methods to control the availability of CI to the adversary. Effective OPSEC requires managing all dimensions of risk to maximize mission effectiveness and sustain readiness. Applying operational risk management enables avoiding unnecessary risks and accepting necessary risk when the cost of mitigation outweighs the benefit.
|
|
|
111.2 Discuss Measures/Countermeasures
|
OPSEC measures and countermeasures preserve military capabilities by preventing adversarial exploitation of CI. Countermeasures mitigate or remove vulnerabilities that point to or divulge CI. They control CI by managing the raw data, enhance friendly force capabilities by increasing the potential for surprise, and augment the effectiveness of friendly military forces and weapon systems. More than one countermeasure may be identified for each vulnerability. Conversely, a single countermeasure may be used for several different vulnerabilities. The most desirable OPSEC countermeasures combine the highest possible protection with the least impact on operational effectiveness.
|
|
|
111.3 Discuss the responsibilities of the command OPSEC Officer.
|
Command OPSEC Officer - ensures all participants are aware of relevant CI and coordinate timely, resourced solutions for the Commander regarding process implementation and OPSEC best practices.
|
|
|
111.4 Describe the OPSEC considerations regarding public affairs.
|
To the maximum extent possible, the PAO and OPSEC Officer should coordinate the release of data relative to the mission or to impending potentially sensitive activity together. In close coordination with the PAO, OPSEC Officers must be active participants in the process of deciding what information should be released to the public, balancing the legitimate information requirements of DoD and civilian audiences against the intelligence desires of the enemy. The Commander has the ultimate responsibility for assessing the reliability of information from the perspective of both traditional security and OPSEC.
|
|
|
111.5 Define WRA.
|
Web Risk Assessment (WRA) - The application of the OPSEC five-step process is imperative when placing information on the web. Web site self-assessments are a useful tool in determining whether potential CI is on a commands web site. OPSEC Officers should review their command’s web site through the eyes of the adversary, looking for CI that could reveal sensitive operations, movement of certain assets, technological data, and personal information about U.S. citizens and employees.
|
|
|
111.6 Define Essential Elements of Friendly Information (EEFI)
|
is key information adversaries will likely inquire about such as our intentions, capabilities, and activities in order to obtain answers that are critical to their own operational effectiveness. The answers to EEFI can potentially lead to CI.
|
|
|
111.6 Define Critical Information (CI)
|
information about friendly (U.S., allied, and/or coalition) activities, intentions, capabilities, or limitations an adversary seeks in order to gain a military, political, diplomatic, economic, or technological advantage.
|
|
|
111.7 Describe the components and functions of the command OPSEC Program.
|
-U.S. Navy Individual Units/Shore Commands
-OPSEC Officer designated in writing. -Develop and maintain a continuity folder. -Maintain instructions and supporting documents. -CO actively advocates, supports, and implements OPSEC. -Run the command OPSEC program - review plans, OPORDS, and exercise scenarios. -Maintain current potential adversary threat assessment. -Understand relationships with COMSEC, COMPUSEC, physical security and INFOSEC. -Liaise with higher headquarters. -Provide OPSEC training. |
