Operations Security Flashcards
What are the five steps to the US government operations security process?
- Identification of critical information
- Analysis of threats
- Analysis of vulnerabilities
- Assessment of risks
- Application of countermeasures
Describe step one of US government operations security process.
ID of critical information
ID assets that would cause you the most harm if exposed
Describe step 2 of the US government operations security process.
Analysis of threats
Evaluate harm cause if critical information were exposed and who might exploit that exposure
When should the analysis of threats be repeated?
For each:
item of critical information
party that might take advantage of it
use they might make of that information
Describe the third step of US government operations security process.
Analysis of vulnerabilities
Analyze vulnerabilities in the protections you’ve put in place to secure your information
Look at how you interact with these assets and what areas an attacker might target
What are countermeasures?
Measure to mitigate risk.
Need to mitigate either threat or vulnerability at a minimum.
What is the first law of operations security?
If you don’t know the threat, how do you know what to protect?
What is the second law of operations security?
If you don’t know what to protect, how do you know you are protecting it?
What is the third law of operations security?
If you are not protecting [the information], … THE DRAGON WINS!
Who wrote the laws of operations security?
Kurt Haase
How is Sun Tzu relevant to operations security?
Wrote Art of War
Had operations security principles in it
How is George Washington relevant to operations security?
Small items can have importance when used in combination
Need to keep intelligence operations secret
How is the Vietnam War relevant to operations security?
Study, Purple Dragon, to stop info leak
Coined term “operations security” (OPSec)
What is competitive intelligence?
Conducting intelligence gathering and analysis to support business decisions.
