OPSEC Basics
A continuous cycle that identifies unclassified critical information and indicators, analyzes potential threats and vulnerabilities, assesses risks, and develops countermeasures to safeguard CII.
What is OPSEC?
This is the first step in the OPSEC cycle, crucial for determining what needs protection.
What is Identify Critical Information and Indicators?
An easily lost or stolen item that allows entrance to a military location.
What is access/identification cards?
This is not just a one-time event; personnel are directed to do this as a method of ongoing OPSEC and for a commitment to force readiness.
What is complete annual OPSEC training?
This force is constantly attempting to collect information on the Department of the Navy and will attempt to exploit any weakness they can, to include our personnel.
What are our adversaries?
This OPSEC action focuses on understanding both the intent and capability of someone who might seek to compromise your information.
What is Analyze Threat?
This information, whether it's a social security number, date of birth, or financial information, requires special protection.
What is Personally Identifiable Information (PII)?
To secure NIPRNET emails with CUI, PII, and sensitive info, this is needed to not have your message breached.
What is utilize digital signatures and encryption?
The probability an adversary will gain knowledge of your critical information, and the impact it will have on our mission if they’re successful.
What is risk?
This step in the OPSEC process identifies weaknesses that an adversary could exploit to gain access to critical information.
What is Analyze Vulnerabilities?
The public release of this information could reveal vulnerabilities in our base's physical security measures.
What are detailed installation maps/site photography/building plans?
After you utilize critical, sensitive, or outdated documents (not designated for retention), this simple action protects your operation from an information leak.
What is shred all office-generated documents (using approved shredders)?
Everyone in our command must be familiar with this command specific OPSEC list.
What is the CSFE Critical Information and Indicators (CII) list?
This OPSEC activity considers the potential cost if critical information is compromised, including loss of lives, mission failure, loss of money, and loss of time.
What is Assess Risk?
Revealing details about this could allow adversaries to gain insight into our command's priorities and resource allocations.
What is CSFE budget information?
When considering posting on social media, the expectation is “When in doubt, ____.”
What is “do not post” the information?
The easiest action that you can take if you have recommendations for the OPSEC program or OPSEC concerns.
What is notify the OPSEC Program Manager?
As part of the OPSEC cycle, it is essential that personnel undertake this process to maintain that operations remain safe.
What is Periodic Assessment?
Even though it's not classified, this needs to be handled carefully, and access should be limited to those with a need-to-know.
What is Controlled Unclassified Information/For Official Use Only Information?
To avoid the potential for identity theft or unauthorized base/computer access.
What is maintain personal control of Common Access Card?