-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What the Heck is OPSEC? prepared by Zhi Hamby, Executive Director, OPS http://www.opsec.org/who/who02.htm - -------------------------------------------------------------------------------- In a nutshell, OPSEC is a process that teaches you to examine your day-to-day activities from an adversary's point of view, to understand what an adversary can learn about you and/or your organization from these activities (observables), to assess the amount of risk this places on you and/or your organization, and then to develop and apply countermeasures so that the bad guys don't win. Thus, the goal of OPSEC is to control information and observable actions about your capabilities and intentions in order to keep them from being used by your adversary. OPSEC works best when incorporated in the planning stages of any project - don't try to close the barn door after the cow has followed the bull to the pasture! To be successful, the integration of OPSEC into plans and projects should be done by the folks who are the most familiar with the particular plan or project. Those are the people who can best identify the plan's or project's critical information (i.e. information that either makes or breaks the project). OPSEC analysis focuses mainly on open sources information and actions (i.e. unclassified or uncontrolled). The scary word here is "uncontrolled". The very fact that the information and activities are open source make the implementation of a good OPSEC plan much more challenging. Okay, let's take a look at the OPSEC Process.... http://www.opsec.org/who/who03.htm *** The right to be let alone is indeed the beginning of all freedoms. - --William O. Douglas, Associate Justice, US Supreme Court -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. (Diffie-Helman/DSS-only version) iQA/AwUBPBfSE/g5Tuca7bfvEQI9MACfQzpmqHQarndS7vi7CemH0wEHwjYAoMjf /yvKw9qZ4VtT6x8Nwvul872D =O8d9 -----END PGP SIGNATURE-----