Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
12 Cards in this Set
- Front
- Back
|
Define OPSEC
|
OPSEC: Denying an adversary critical information regarding our planning, processes or operations; and regularly assessing our ability to prevent exploitation.
General categories of potentially critical information that should be protected: Current and future operations Travel itineraries Usernames and passwords Access / identification cards Entry / exit security procedures Capabilities and limitations Address and phone lists Budget information Building plans VIP / distinguished visitor movements |
|
|
Discuss the first step in The Five Step Planning Process
|
Step 1: Identify Critical Information (CI)
Critical information is defined as information about friendly (U.S., allied, and/or coalition) activities, intentions, capabilities, or limitations an adversary seeks in order to gain a military, political, diplomatic, economic, or technological advantage. |
|
|
Discuss the second step in The Five Step Planning Process
|
Step 2: Threat Assessment
Current, relevant threat information is critical in developing appropriate OPSEC protective measures. The threat assessment (TA) step in the OPSEC process includes identifying potential adversaries and their associated capabilities, limitations, and intentions to collect, analyze, and use knowledge of our CI against us. Intent + Capability = Threat |
|
|
Discuss the third step in The Five Step Planning Process
|
Step 3: Vulnerability Analysis
An operational or mission related vulnerability exists when the adversary has the capability to collect indicators, correctly analyze them, and take timely action. The vulnerability analysis identified operation or mission vulnerabilities. Weaknesses that reveal CI through collected and analyzed indicators create vulnerabilities. Indicators are those friendly actions and information that adversary intelligence efforts can potentially detect or obtain and then interpret to derive critical information. |
|
|
Discuss the fourth step in The Five Step Planning Process
|
Step 4: Risk Assessment
Risk assessments estimate an adversary’s capability to exploit a vulnerability, the potential effects such exploitation will have on operations and provide a cost-benefit analysis of possible methods to control the availability of CI to the adversary. Effective OPSEC requires managing all dimensions of risk to maximize mission effectiveness and sustain readiness. Applying operational risk management enables avoiding unnecessary risks and accepting necessary risk when the cost of mitigation outweighs the benefit. |
|
|
Discuss the fifth step in The Five Step Planning Process
|
Step 5: Measures / Countermeasures
OPSEC security measures and countermeasures preserve military capabilities by preventing adversarial exploitation of CI. Countermeasures mitigate or remove vulnerabilities that point to or divulge CI. They control CI by managing the raw data, enhance friendly force capabilities by increasing the potential for surprise, and augment the effectiveness of friendly military forces and weapon systems. More than one countermeasure may be identified for each vulnerability. Conversely, a single countermeasure may be used for several different vulnerabilities. The most desirable OPSEC countermeasures combine the highest possible protection with the least impact on operational effectiveness. |
|
|
Discuss The Responsibilities Of The Command OPSEC Officer.
|
OPSEC is a command responsibility that is trained for, planed and executed by the entire command. OPSEC Officers and Planners ensure all participants are aware of relevant CI and coordinate timely, resourced solutions for the Commander regarding process implementation and OPSEC best practices.
|
|
|
Describe The OPSEC Considerations Regarding Public Affairs.
|
To the maximum extent possible, the PAO and OPSEC Officer should coordinate the release of data relative to the mission or to impending potentially sensitive activity together. In close coordination with the PAO, OPSEC Officers must be active participants in the process of deciding what information should be released to the public, balancing the legitimate information requirements of DoD and civilian audiences against the intelligence desires of the enemy. The Commander has the ultimate responsibility for assessing the reliability of information from the perspective of both traditional security and OPSEC.
|
|
|
Define WRA
|
WRA: Web Risk Assessment. The application of the OPSEC five-step process is imperative when placing information on the web. Web site self-assessments are a useful tool in determining whether potential CI is on a commands web site. OPSEC Officers should review their command’s web site through the eyes of the adversary, looking for CI that could reveal sensitive operations, movement of certain assets, technological data, and personal information about U.S. citizens and employees.
|
|
|
Define the EEFI
|
EEFI: Essential Elements of Friendly Information.
EEFI is Key information adversaries will likely inquire about such as our intentions, capabilities, and activities in order to obtain answers that are critical to their own operational effectiveness. The answers to EEFI can potentially lead to CI. |
|
|
Define Critical Information
|
ritical information is defined as information about friendly (U.S., allied, and/or coalition) activities, intentions, capabilities, or limitations an adversary seeks in order to gain a military, political, diplomatic, economic, or technological advantage.
|
|
|
Describe The Components And Functions Of The Command OPSEC Program.
|
U.S. Navy Individual Units / Shore Commands
- OPSEC Officer assigned in writing - Develop and maintain a Continuity Folder - Maintain instructions and supporting documents - CO actively advocates, supports, and implements OPSEC - Run the command OPSEC program – review plans, OPORDS, and exercise scenarios. - Maintain current potential adversary threat assessment - Understand relationships with COMSEC, COMPUSEC, physical security and INFOSEC. - Liaise with higher headquarters. - Provide OPSEC training |
