THIS IS A SAMPLE! Feel free to use or modify it for your own use! Want a Policies and Procedures Wiki like this? Sign up for a Staff.Wiki trial by clicking here.

Operational security

Utilizing operational security (OPSEC) is a process and not a collection of specific rules and instructions that can be applied to every operation. OPSEC must be closely integrated and synchronized with other information operation capabilities and all aspects of the protected operations.

OPSEC is accomplished with a five-step process. Although these steps are normally applied in a sequential manner during deliberate or crisis action planning, dynamic situations may require any step to be revisited at any time. The OPSEC process is therefore cyclical in nature.

  1. Identify critical information and indicators of company activities, capabilities, or limitations that adversaries may seek in order to gain PR, economic, or technological advantage 
  2. Conduct a threat assessment which includes identifying potential adversaries and their associated capabilities and intentions to collect, analyze, and exploit critical information and indicators
  3. Conduct a vulnerability analysis
  4. Conduct a risk assessment of information based on susceptibility to intelligence collection and the anticipated severity of loss
  5. Apply appropriate OPSEC measures and countermeasures 

Want a Policies & Procedures Wiki like this? Sign up and try Staff.Wiki by clicking here.

Next Topic: PCI data security
Up Since 6/3/2021 11:13:40 AM