SlideShare a Scribd company logo

DOC_OPSEC security operations of a group.ppt

Download as PPT, PDF
D
Davidweshwak1

Good security is a group effort

Education
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
GOOD SECURITY IS A GROUP EFFORT THE OFFICE OF SECURITY Operations Security (OPSEC) Operations Security (OPSEC)
"Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion." — George Washington, known OPSEC practitioner Operations Security (OPSEC) Operations Security (OPSEC)
What Is OPSEC?  OPSEC Defined OPSEC Defined  The OPSEC Process The OPSEC Process  Critical Information Critical Information  Indicators Indicators  Adversaries Adversaries  Vulnerabilities Vulnerabilities  Protective Measures Protective Measures
OPSEC at Home  You have probably been practicing OPSEC in your personal life without knowing it! When you are getting ready to go on a trip have you ever:  Stopped the delivery of the newspaper so that they would not pile up outside?  Asked your neighbor to pick up your mail so the mailbox would not fill up?  Connected your porch lights and inside lights to a timer so they would go on at preset times?  Connected a radio to a timer so that it comes on at various times?
What Is OPSEC? A A process to deny potential adversaries process to deny potential adversaries information information about capabilities and/or about capabilities and/or intentions by identifying, controlling, and intentions by identifying, controlling, and protecting unclassified information that gives protecting unclassified information that gives evidence of the planning and execution of evidence of the planning and execution of sensitive activities. It is just as applicable to an sensitive activities. It is just as applicable to an administrative or R&D facility as a military administrative or R&D facility as a military operation. operation.
OPSEC A Process With Five Components Identify Identify YOUR YOUR Critical Critical Information Information Analyze Analyze YOUR YOUR Threat Threat Analyze Analyze YOUR YOUR Vulnerabilities Vulnerabilities Assess Assess YOUR YOUR Risk Risk Employ Employ appropriate appropriate Protective Measures Protective Measures
Critical Information Critical Information Critical information is the Critical information is the core secrets core secrets of of an activity, capability, or intention that if an activity, capability, or intention that if known to the adversary, could weaken or known to the adversary, could weaken or defeat the operation. defeat the operation.
 Critical information is the information about your Critical information is the information about your operations an adversary needs to achieve their goals. operations an adversary needs to achieve their goals.  Critical information usually involves only a few key Critical information usually involves only a few key items. items.  If those items are unavailable to us they could impact If those items are unavailable to us they could impact the way we conduct business. the way we conduct business.  Our critical information is information required to be Our critical information is information required to be successful in our jobs. successful in our jobs. Critical Information Critical Information
Our adversaries may want to harm personnel and/or Our adversaries may want to harm personnel and/or damage property and resources damage property and resources Critical Information could relate to: Critical Information could relate to: Employees’ Safety (911) Employees’ Safety (911) Fleet of ships and aircraft (USS Cole) Fleet of ships and aircraft (USS Cole) Facilities Design (Oklahoma City) Facilities Design (Oklahoma City) Security Vulnerabilities (Anthrax Mailings) Security Vulnerabilities (Anthrax Mailings) Satellite Data (Weather, Environmental) Satellite Data (Weather, Environmental) Law Enforcement Activities (Fisheries) Law Enforcement Activities (Fisheries) Management Decisions (All levels) Management Decisions (All levels) Critical Information Critical Information
Indicators  Information may be collected by monitoring telephone and public conversations, analyzing telephone directories, financial or purchasing documents, position or "job" announcements, travel documents, blueprints or drawings, distribution lists, shipping and receiving documents, even personal information or items found in the trash.
Need-to-know Our adversary’s makeup has changed, Our adversary’s makeup has changed, but the need to but the need to know and understand know and understand your your Critical Information Critical Information is still the is still the means for their success. means for their success. If you don’t protect it, then prepare to If you don’t protect it, then prepare to lose it! lose it!
Adversary  Who are we talking about? In the Cold War days you Who are we talking about? In the Cold War days you knew it was the communist threat. Today, the Cold knew it was the communist threat. Today, the Cold War is over but new threats have emerged. War is over but new threats have emerged.  Economic superiority and political gain are other Economic superiority and political gain are other driving forces. Our former allies during the Cold War driving forces. Our former allies during the Cold War and Desert Storm are now collecting technology from and Desert Storm are now collecting technology from us to gain an advantage in the global market. us to gain an advantage in the global market.
Terrorist Terrorism has recently become the most significant threat to our way of life.
Terrorist  Media reports indicate some terrorist training schools ran curricula which included irregular naval warfare techniques such as Ship Mining, Sabotage and Civil Aviation Terrorism. Another school ran programs dedicated to espionage and counter-espionage techniques which helped “graduates” run clandestine terrorist networks overseas.
 Those selected to become top-level terrorists received training in Foreign Languages, Principles of Espionage and Counter- intelligence as well as Code Making and Deciphering. Terrorist
Political/Economic Competition  Remember that there are other adversaries - foreign intelligence services continue to collect information on us that could be used against us in the future. It is a certainty that our adversaries will continually look for and find any weak links.
 Economic superiority is another driving force. Although not as lethal as terrorism it still impacts our way of life. Our former allies during the Cold War and Desert Storm are now making efforts to acquire our technology at minimal costs to gain an advantage in the global market Political/Economic Competition
Information Collection Signals Intelligence (SIGINT) Signals Intelligence (SIGINT) Imagery Intelligence (IMINT) Imagery Intelligence (IMINT) Human Intelligence (HUMINT) Human Intelligence (HUMINT) Open Source Intelligence (OSINT Open Source Intelligence (OSINT) )
Traditional Collection  SIGINT: Signals Intelligence is the interception of Electro -magnetic signals from telephones, faxes, computers, radios, and/or anything else transmitted in the open.  IMINT: Photographic imagery includes overhead photography by satellite or any other means including individuals with cameras.  HUMINT: Traditional spy. Least likely means!
Open Source Intelligence  OSINT: In the world of secret services, Open Source Intelligence (OSINT) means useful information gleaned from public sources, such as scientific articles, newspapers, phone books and price lists.
Open Source Intelligence  Open source intelligence includes internet probes which are very effective. Adversaries are not the only ones interested in our e-mail. Sailors aboard USS Cole were shocked to find out that the personal e-mail messages they sent home to family and friends were forwarded to the media to be used as quoted material in news stories without their permission.
Vulnerabilities  Vulnerabilities are defined as the Vulnerabilities are defined as the characteristics of a system which can cause it to characteristics of a system which can cause it to suffer degradation as a result of having been suffer degradation as a result of having been subjected to some level of a hostile threat. subjected to some level of a hostile threat.
Vulnerabilities  Determining our vulnerabilities involves Determining our vulnerabilities involves analyzing how we conduct operations. We analyzing how we conduct operations. We must look at ourselves as the adversary would. must look at ourselves as the adversary would.  From this perspective we can determine what From this perspective we can determine what are the true, rather than the hypothetical, are the true, rather than the hypothetical, vulnerabilities. vulnerabilities.
Protective Measures  Vulnerabilities and specific threats must Vulnerabilities and specific threats must be matched. Where the vulnerabilities are be matched. Where the vulnerabilities are great and the threat is evident, the risk of great and the threat is evident, the risk of exploitation should be expected. A high exploitation should be expected. A high priority for protection should be assigned priority for protection should be assigned and corrective action taken. Where the and corrective action taken. Where the vulnerability is slight and the adversary vulnerability is slight and the adversary has a marginal collection capability, the has a marginal collection capability, the priority should be lower. priority should be lower.
Countermeasures  Countermeasures need to be developed that Countermeasures need to be developed that eliminate the vulnerabilities, threats, or utility eliminate the vulnerabilities, threats, or utility of the information to the adversaries. The of the information to the adversaries. The possible countermeasures should include possible countermeasures should include alternatives that may vary in effectiveness, alternatives that may vary in effectiveness, feasibility and cost. feasibility and cost.
Countermeasures  Countermeasures may include anything that is Countermeasures may include anything that is likely to work in a particular situation. The likely to work in a particular situation. The decision of whether to implement decision of whether to implement countermeasures must be based on cost/benefit countermeasures must be based on cost/benefit analysis and an evaluation of the overall analysis and an evaluation of the overall program objectives. program objectives.
The Threat Is REAL!  Protect our technological advantage Protect our technological advantage  Asymmetric Threats (threats from nontraditional Asymmetric Threats (threats from nontraditional and/or unknown origin) are today’s concern and and/or unknown origin) are today’s concern and not always clearly evident not always clearly evident  Practice common sense and include OPSEC in your Practice common sense and include OPSEC in your daily routines daily routines
The Bottom Line The adversary is watching! The adversary is watching! Are you? Are you? THINK OPSEC

More Related Content

PDF
Opsec for security researchers
vicenteDiaz_KL
 
PDF
Why_TG
TOP GUN
 
PDF
Integrated Security, Safety and Surveillance Solution i3S
Edgevalue
 
PPT
sanfranAIG3
Ian Murphy 2500+ all connections welcome
 
PDF
Ht t17
SelectedPresentations
 
PPT
Risk assessment as "The Art of Prevention"
Gabriel (Gaby) Bar Giora
 
PDF
La Quadrature Du Cercle - The APTs That Weren't
pinkflawd
 
PDF
The Black Report - Hackers
AskBio (former)
 
Opsec for security researchers
vicenteDiaz_KL
 
Why_TG
TOP GUN
 
Integrated Security, Safety and Surveillance Solution i3S
Edgevalue
 
sanfranAIG3
Ian Murphy 2500+ all connections welcome
 
Ht t17
SelectedPresentations
 
Risk assessment as "The Art of Prevention"
Gabriel (Gaby) Bar Giora
 
La Quadrature Du Cercle - The APTs That Weren't
pinkflawd
 
The Black Report - Hackers
AskBio (former)
 

Similar to DOC_OPSEC security operations of a group.ppt (20)

PDF
Insider Threat Mitigation
Roger Johnston
 
PPTX
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
PDF
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
Matthew Rosenquist
 
PDF
2015 Global APT Summit Matthew Rosenquist
Matthew Rosenquist
 
PPT
Positioning project, programme and portfolio risk
Dr David Hancock
 
PPTX
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
Frode Hommedal
 
PDF
Risk Management Perspectives Conference 2014
Alex Breeze
 
PPTX
6 Steps for Operationalizing Threat Intelligence
Sirius
 
PDF
Cyber Security: Why your business needs protection & prevention measures
CBIZ, Inc.
 
DOCX
Perimeter Security Scenario Questions
John N. Motlagh
 
PPTX
Crowd-Sourced Threat Intelligence
AlienVault
 
PDF
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Morakinyo Animasaun
 
PPTX
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
Jody Keyser
 
PDF
Prof m02 v2
SelectedPresentations
 
PDF
Sexy defense
Iftach Ian Amit
 
PPTX
People Committed to Solving our Information Security Language Problem
SecurityStudio
 
PPTX
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
SecurityStudio
 
PDF
John Girard's Talk - ICKE 2013
John Girard
 
PDF
CSF18 - Guarding Against the Unknown - Rafael Narezzi
NCCOMMS
 
PDF
Darktrace_WhitePaper_Needle_final
Jerome Chapolard
 
Insider Threat Mitigation
Roger Johnston
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
Matthew Rosenquist
 
2015 Global APT Summit Matthew Rosenquist
Matthew Rosenquist
 
Positioning project, programme and portfolio risk
Dr David Hancock
 
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
Frode Hommedal
 
Risk Management Perspectives Conference 2014
Alex Breeze
 
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Cyber Security: Why your business needs protection & prevention measures
CBIZ, Inc.
 
Perimeter Security Scenario Questions
John N. Motlagh
 
Crowd-Sourced Threat Intelligence
AlienVault
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Morakinyo Animasaun
 
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
Jody Keyser
 
Prof m02 v2
SelectedPresentations
 
Sexy defense
Iftach Ian Amit
 
People Committed to Solving our Information Security Language Problem
SecurityStudio
 
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
SecurityStudio
 
John Girard's Talk - ICKE 2013
John Girard
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
NCCOMMS
 
Darktrace_WhitePaper_Needle_final
Jerome Chapolard
 
Ad

Recently uploaded (20)

PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Lesson notes of climatology university.
sgladness67
 
Institutional Correction lecture only . . .
limvtheghins
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
master seminar digital applications in india
ananyaray35
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Pre independence Education in Inndia.pdf
goofy5603
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Ad

DOC_OPSEC security operations of a group.ppt

  • 1. GOOD SECURITY IS A GROUP EFFORT THE OFFICE OF SECURITY Operations Security (OPSEC) Operations Security (OPSEC)
  • 2. "Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion." — George Washington, known OPSEC practitioner Operations Security (OPSEC) Operations Security (OPSEC)
  • 3. What Is OPSEC?  OPSEC Defined OPSEC Defined  The OPSEC Process The OPSEC Process  Critical Information Critical Information  Indicators Indicators  Adversaries Adversaries  Vulnerabilities Vulnerabilities  Protective Measures Protective Measures
  • 4. OPSEC at Home  You have probably been practicing OPSEC in your personal life without knowing it! When you are getting ready to go on a trip have you ever:  Stopped the delivery of the newspaper so that they would not pile up outside?  Asked your neighbor to pick up your mail so the mailbox would not fill up?  Connected your porch lights and inside lights to a timer so they would go on at preset times?  Connected a radio to a timer so that it comes on at various times?
  • 5. What Is OPSEC? A A process to deny potential adversaries process to deny potential adversaries information information about capabilities and/or about capabilities and/or intentions by identifying, controlling, and intentions by identifying, controlling, and protecting unclassified information that gives protecting unclassified information that gives evidence of the planning and execution of evidence of the planning and execution of sensitive activities. It is just as applicable to an sensitive activities. It is just as applicable to an administrative or R&D facility as a military administrative or R&D facility as a military operation. operation.
  • 6. OPSEC A Process With Five Components Identify Identify YOUR YOUR Critical Critical Information Information Analyze Analyze YOUR YOUR Threat Threat Analyze Analyze YOUR YOUR Vulnerabilities Vulnerabilities Assess Assess YOUR YOUR Risk Risk Employ Employ appropriate appropriate Protective Measures Protective Measures
  • 7. Critical Information Critical Information Critical information is the Critical information is the core secrets core secrets of of an activity, capability, or intention that if an activity, capability, or intention that if known to the adversary, could weaken or known to the adversary, could weaken or defeat the operation. defeat the operation.
  • 8.  Critical information is the information about your Critical information is the information about your operations an adversary needs to achieve their goals. operations an adversary needs to achieve their goals.  Critical information usually involves only a few key Critical information usually involves only a few key items. items.  If those items are unavailable to us they could impact If those items are unavailable to us they could impact the way we conduct business. the way we conduct business.  Our critical information is information required to be Our critical information is information required to be successful in our jobs. successful in our jobs. Critical Information Critical Information
  • 9. Our adversaries may want to harm personnel and/or Our adversaries may want to harm personnel and/or damage property and resources damage property and resources Critical Information could relate to: Critical Information could relate to: Employees’ Safety (911) Employees’ Safety (911) Fleet of ships and aircraft (USS Cole) Fleet of ships and aircraft (USS Cole) Facilities Design (Oklahoma City) Facilities Design (Oklahoma City) Security Vulnerabilities (Anthrax Mailings) Security Vulnerabilities (Anthrax Mailings) Satellite Data (Weather, Environmental) Satellite Data (Weather, Environmental) Law Enforcement Activities (Fisheries) Law Enforcement Activities (Fisheries) Management Decisions (All levels) Management Decisions (All levels) Critical Information Critical Information
  • 10. Indicators  Information may be collected by monitoring telephone and public conversations, analyzing telephone directories, financial or purchasing documents, position or "job" announcements, travel documents, blueprints or drawings, distribution lists, shipping and receiving documents, even personal information or items found in the trash.
  • 11. Need-to-know Our adversary’s makeup has changed, Our adversary’s makeup has changed, but the need to but the need to know and understand know and understand your your Critical Information Critical Information is still the is still the means for their success. means for their success. If you don’t protect it, then prepare to If you don’t protect it, then prepare to lose it! lose it!
  • 12. Adversary  Who are we talking about? In the Cold War days you Who are we talking about? In the Cold War days you knew it was the communist threat. Today, the Cold knew it was the communist threat. Today, the Cold War is over but new threats have emerged. War is over but new threats have emerged.  Economic superiority and political gain are other Economic superiority and political gain are other driving forces. Our former allies during the Cold War driving forces. Our former allies during the Cold War and Desert Storm are now collecting technology from and Desert Storm are now collecting technology from us to gain an advantage in the global market. us to gain an advantage in the global market.
  • 13. Terrorist Terrorism has recently become the most significant threat to our way of life.
  • 14. Terrorist  Media reports indicate some terrorist training schools ran curricula which included irregular naval warfare techniques such as Ship Mining, Sabotage and Civil Aviation Terrorism. Another school ran programs dedicated to espionage and counter-espionage techniques which helped “graduates” run clandestine terrorist networks overseas.
  • 15.  Those selected to become top-level terrorists received training in Foreign Languages, Principles of Espionage and Counter- intelligence as well as Code Making and Deciphering. Terrorist
  • 16. Political/Economic Competition  Remember that there are other adversaries - foreign intelligence services continue to collect information on us that could be used against us in the future. It is a certainty that our adversaries will continually look for and find any weak links.
  • 17.  Economic superiority is another driving force. Although not as lethal as terrorism it still impacts our way of life. Our former allies during the Cold War and Desert Storm are now making efforts to acquire our technology at minimal costs to gain an advantage in the global market Political/Economic Competition
  • 18. Information Collection Signals Intelligence (SIGINT) Signals Intelligence (SIGINT) Imagery Intelligence (IMINT) Imagery Intelligence (IMINT) Human Intelligence (HUMINT) Human Intelligence (HUMINT) Open Source Intelligence (OSINT Open Source Intelligence (OSINT) )
  • 19. Traditional Collection  SIGINT: Signals Intelligence is the interception of Electro -magnetic signals from telephones, faxes, computers, radios, and/or anything else transmitted in the open.  IMINT: Photographic imagery includes overhead photography by satellite or any other means including individuals with cameras.  HUMINT: Traditional spy. Least likely means!
  • 20. Open Source Intelligence  OSINT: In the world of secret services, Open Source Intelligence (OSINT) means useful information gleaned from public sources, such as scientific articles, newspapers, phone books and price lists.
  • 21. Open Source Intelligence  Open source intelligence includes internet probes which are very effective. Adversaries are not the only ones interested in our e-mail. Sailors aboard USS Cole were shocked to find out that the personal e-mail messages they sent home to family and friends were forwarded to the media to be used as quoted material in news stories without their permission.
  • 22. Vulnerabilities  Vulnerabilities are defined as the Vulnerabilities are defined as the characteristics of a system which can cause it to characteristics of a system which can cause it to suffer degradation as a result of having been suffer degradation as a result of having been subjected to some level of a hostile threat. subjected to some level of a hostile threat.
  • 23. Vulnerabilities  Determining our vulnerabilities involves Determining our vulnerabilities involves analyzing how we conduct operations. We analyzing how we conduct operations. We must look at ourselves as the adversary would. must look at ourselves as the adversary would.  From this perspective we can determine what From this perspective we can determine what are the true, rather than the hypothetical, are the true, rather than the hypothetical, vulnerabilities. vulnerabilities.
  • 24. Protective Measures  Vulnerabilities and specific threats must Vulnerabilities and specific threats must be matched. Where the vulnerabilities are be matched. Where the vulnerabilities are great and the threat is evident, the risk of great and the threat is evident, the risk of exploitation should be expected. A high exploitation should be expected. A high priority for protection should be assigned priority for protection should be assigned and corrective action taken. Where the and corrective action taken. Where the vulnerability is slight and the adversary vulnerability is slight and the adversary has a marginal collection capability, the has a marginal collection capability, the priority should be lower. priority should be lower.
  • 25. Countermeasures  Countermeasures need to be developed that Countermeasures need to be developed that eliminate the vulnerabilities, threats, or utility eliminate the vulnerabilities, threats, or utility of the information to the adversaries. The of the information to the adversaries. The possible countermeasures should include possible countermeasures should include alternatives that may vary in effectiveness, alternatives that may vary in effectiveness, feasibility and cost. feasibility and cost.
  • 26. Countermeasures  Countermeasures may include anything that is Countermeasures may include anything that is likely to work in a particular situation. The likely to work in a particular situation. The decision of whether to implement decision of whether to implement countermeasures must be based on cost/benefit countermeasures must be based on cost/benefit analysis and an evaluation of the overall analysis and an evaluation of the overall program objectives. program objectives.
  • 27. The Threat Is REAL!  Protect our technological advantage Protect our technological advantage  Asymmetric Threats (threats from nontraditional Asymmetric Threats (threats from nontraditional and/or unknown origin) are today’s concern and and/or unknown origin) are today’s concern and not always clearly evident not always clearly evident  Practice common sense and include OPSEC in your Practice common sense and include OPSEC in your daily routines daily routines
  • 28. The Bottom Line The adversary is watching! The adversary is watching! Are you? Are you? THINK OPSEC