-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What the Heck is OPSEC? prepared by Zhi Hamby, Executive Director, OPS http://www.opsec.org/who/who02.htm - -------------------------------------------------------------------------------- In a nutshell, OPSEC is a process that teaches you to examine your day-to-day activities from an adversary's point of view, to understand what an adversary can learn about you and/or your organization from these activities (observables), to assess the amount of risk this places on you and/or your organization, and then to develop and apply countermeasures so that the bad guys don't win. Thus, the goal of OPSEC is to control information and observable actions about your capabilities and intentions in order to keep them from being used by your adversary. OPSEC works best when incorporated in the planning stages of any project - don't try to close the barn door after the cow has followed the bull to the pasture! To be successful, the integration of OPSEC into plans and projects should be done by the folks who are the most familiar with the particular plan or project. Those are the people who can best identify the plan's or project's critical information (i.e. information that either makes or breaks the project). OPSEC analysis focuses mainly on open sources information and actions (i.e. unclassified or uncontrolled). The scary word here is "uncontrolled". The very fact that the information and activities are open source make the implementation of a good OPSEC plan much more challenging. Okay, let's take a look at the OPSEC Process.... http://www.opsec.org/who/who03.htm *** The right to be let alone is indeed the beginning of all freedoms. - --William O. Douglas, Associate Justice, US Supreme Court -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. (Diffie-Helman/DSS-only version) iQA/AwUBPBfSE/g5Tuca7bfvEQI9MACfQzpmqHQarndS7vi7CemH0wEHwjYAoMjf /yvKw9qZ4VtT6x8Nwvul872D =O8d9 -----END PGP SIGNATURE-----
As a member of the OPSEC Professionals Society (OPS) <http://www.opsec.org/>, I would encourage any Cypherpunk interested in operational security to make use of the wealth of information and training material that can be ordered from the US Interagency OPSEC Support Staff website at http://www.ioss.gov/ I highly recommend the D*I*C*E Man's OPSEC training videos. I haven't yet seen this year's video, but last year's video (mostly dealing with the Chinese thread) was pretty much on target. The interactive CDROM's aren't too bad, either. Any or all of which can be yours "free of charge", courtesy of the DOE, NSA, and your tax dollars. The daily ZGRAM intelligence briefing OPS members receive are downright priceless. Easily worth the $40/year membership fee. Not to mention that as an OPS member you qualify to join the Pentagon Credit Union (yes, that Pentagon). Which offers nifty VISA cards. --Lucky
-----Original Message----- From: owner-cypherpunks@lne.com [mailto:owner-cypherpunks@lne.com] On Behalf Of Faustine Sent: Wednesday, December 12, 2001 1:54 PM To: cypherpunks@lne.com Subject: FYI: "What the Heck is OPSEC?"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
What the Heck is OPSEC? prepared by Zhi Hamby, Executive Director, OPS http://www.opsec.org/who/who02.htm - -------------------------------------------------------------- ------------------
In a nutshell, OPSEC is a process that teaches you to examine your day-to-day activities from an adversary's point of view, to understand what an adversary can learn about you and/or your organization from these activities (observables),
to assess the amount of risk this places on you and/or your organization, and then to develop and apply countermeasures so that the bad guys don't win.
Thus, the goal of OPSEC is to control information and observable actions about your capabilities and intentions in order to keep them from being used by your adversary.
OPSEC works best when incorporated in the planning stages of any project - don't try to close the barn door after the cow has followed the bull to the pasture! To be successful, the integration of OPSEC into plans and projects should be done by the folks who are the most familiar with the particular plan or project. Those are the people who can best identify the plan's or project's critical information (i.e. information that either makes or breaks the project).
OPSEC analysis focuses mainly on open sources information and actions (i.e. unclassified or uncontrolled). The scary word here is "uncontrolled". The very fact that the information and activities are open source make the implementation of a good OPSEC plan much more challenging.
Okay, let's take a look at the OPSEC Process.... http://www.opsec.org/who/who03.htm
*** The right to be let alone is indeed the beginning of all freedoms. - --William O. Douglas, Associate Justice, US Supreme Court -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. (Diffie-Helman/DSS-only version) iQA/AwUBPBfSE/g5Tuca7bfvEQI9MACfQzpmqHQarndS7vi7CemH0wEHwjYAoMjf /yvKw9qZ4VtT6x8Nwvul872D =O8d9 -----END PGP SIGNATURE-----
participants (2)
-
Faustine -
Lucky Green