Unit 4 pgs 1-9 Security Flashcards
Define OPSEC
OPSEC is a process of identifying, analyzing and controlling critical information indicating friendly actions associated with military operations and other activities.
What is the purpose of OPSEC?
Reduce the vulnerability of Air Force missions by eliminating or reducing successful adversary collection and exploitation of critical information.
What is the five-step OPSEC process?
Step 1: Identify Critical Information Step 2: Analyze Threats Step 3: Analyze Vulnerabilities Step 4: Assess Risk Step 5: Apply Countermeasures
Define step 1 of the OPSEC process
Identify critical information: The product of Step 1 is a CRITICAL INFORMATION LIST –>approved by commander –>identified at earliest stages of planning
What is critical information?
specific fact about friendly intentions, capabilities, and activities vitally needed by adversaries to guarantee failure or unacceptable consequences for friendly mission accomplishment.
Define step 2 of the OPSEC process
Analyze threats: identify threats (adversaries) with the capability and intent to undertake action detrimental to the success of program activities or operations.
Define step 3 of the OPSEC process
Analyze vulnerabilities: vulnerabilities exists when the adversary is capable of collecting critical information or impact friendly objectives
Define step 4 of the OPSEC process
Assess risk:
probability an adversary will gain knowledge of your critical information and the impact if the adversary is successful
Define step 5 of the OPSEC process
Apply countermeasures: countermeasures are anything that effectively negates or mitigates an adversary’s ability to exploit vulnerabilities
Define COMPUSEC
all measures to safeguard information systems (IS) and information against sabotage, tampering, denial of service, espionage, fraud, misuse
What is the objective of COMPUSEC
employ countermeasures to protect confidentiality, integrity, availability, authentication and non-repudiation of US gov. info. processed by AF information systems (IS) (PHYSICAL PROTECTION)
What is Public Key Infrastructure?
combination of hardware, software, policies, and procedures to authenticate, protect, digitally sign, and encrypt email/documents
What is an example of PKI?
CAC, SIPR token
Define COMSEC
Communications Security – measures to deny unauthorized persons information derived from IS of the US gov. related to national security. (SOFTWARE PROTECTION)
What is the objective of Personnel Security?
Personnel Security Program is to ensure persons deemed eligible for national security positions remain reliable and trustworthy to access collateral
