SlideShare a Scribd company logo

OPSEC Vulnerabilities And Indicators

Download as PPT, PDF
Department of Defense, profile picture
Department of Defense

The document discusses vulnerabilities and indicators related to operational security (OPSEC). It defines indicators as detectable activities that can reveal sensitive information or vulnerabilities. Adversaries look for patterns and signatures to build profiles of organizations. Common vulnerabilities include unsecured discussions, lack of security policies, and stereotyped operations. Examples of vulnerabilities are from various areas like operations, physical environment, personnel, and more. The document outlines specific communication, computer, and administrative vulnerabilities and encourages awareness of indicators in family, personnel, public affairs and other areas.

EducationTechnologyHealth & Medicine
1 of 29
Downloaded 425 times
1
2
3
4
5
6
7
Most read
8
9
Most read
10
11
12
13
14
15
16
17
Most read
18
19
20
21
22
23
24
25
26
27
28
29
Provided by OSPA (www.opsecprofessionals.org) Vulnerabilities and Indicators The OPSEC Process
Definitions Indicator Points to vulnerability or critical information􀂄 Vulnerability Weakness the adversary can exploit to get to critical information
Indicators Pathways or detectable activities that lead to specific information that, when looked at by itself or in conjunction with something else, allows an adversary to obtain sensitive information or identify a vulnerability
Profiles and Signatures Adversaries look for Patterns and Signatures to establish a Profile Patterns are the way things are done, arranged, or have occurred Signatures are the emissions that are the result of, or caused by, what is or was done Profiles are collected on all our activities, procedures and methodologies
Vulnerability Areas Operations Physical Environment Personnel Finance Administrative Logistics Public Affairs Family
Common Vulnerabilities Discussion of sensitive information in unsecured areas. Lack of policy/enforcement Cameras Cell Phones Internet Usage Shredding Training/Awareness
Stereotyped Operations Same Time Same Place Same People Same Route Same Way PREDICTIBILITY
Examples of Vulnerabilities Publications Press Releases Unencrypted Email Organization Website Non-Secure Telephone
Examples of Vulnerabilities Trash Employee Turnover Employee Mistakes Lack of Good Passwords Exhibits and Conventions
Communication Vulnerabilities Radios Cell Phones Telephones Facsimiles (Fax) Computers
Common Vulnerabilities Government Reliance on Commnercial Backbone Domestic Overseas Few Government-Owned Systems
Cell Phones Incorporate a wide-spectrum of technologies Analog/ Digital Wireless Sound Recording PDA Camera Streaming video Computing/ Internet And more
Cell Phones Asset vs Vulnerability The Good: Convenience “ Reach out and touch someone” Access to Commercial Numbers Coordination Outside radio Range/ Frequency The Bad and the Ugly Multiple Technical Vulnerabilities Typically Unsecure
Common Vulnerabilities Computers Access Control Auditing Regulations/ Policy User Training Passwords Systems Accreditation
Common Vulnerabilities Associated Computer Concerns Email Sniffer Cookies Virus/ Spyware Web Logs (“Blogs”) Instant Messaging (“IM”) Personal Data Assistants (“PDAs”)
Areas of Vulnerability Administration Financial Logistics Operations
Administrative Memos Schedules Travel Orders Advance Plans Annual Reviews Org Charts Job Announcements Management Reports
Financial Projections Justifications Financial Plans Special Purchases Budget and Contracts Supplemental Requests
Logistics Unusual Equipment Volume or Priority Requisitions Boxes Labeled With the Name of an Operation or Mission etc
Operations VIP Visits Schedules Stereotyped Activities Increased Mission-Related Training Abrupt Changes in Normal Operation
EVEN MORE Indicators and Vulnerabilities Family Personnel Public Affairs Physical Environment Procedures and Reports
Where Are the Indicators?
Indicators Presence of specialized Equipment Increase (or Decrease) in activity Sudden Changes in Procedure Unique Convoy Configuration Staging of Cargo or Vehicles
Information of Intelligence Value Collectible Observable
Collectible Can be physically collected or intercepted Examples: Dumpster diving, cordless/cell phone interception, email, open source
Observable What you can see What you can smell What you can hear
Why train for OPSEC? ( A real Exercise)
What is our greatest Weakness? OURSELVES!
Questions? “ In wartime, the truth is so precious that it must be protected by a bodyguard of lies.” Winston Churchill

More Related Content

PPTX
OPSEC Snapshot
Department of Defense
 
PDF
Social Media Safety Tips
Department of Defense
 
PPTX
Cyber Security
ADGP, Public Grivences, Bangalore
 
PDF
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
PDF
OWASP Top 10 - 2017
HackerOne
 
PPTX
Social Engineering
Cyber Agency
 
PPTX
Cyber security Information security
AYESHA JAVED
 
PPTX
The Zero Trust Model of Information Security
Tripwire
 
OPSEC Snapshot
Department of Defense
 
Social Media Safety Tips
Department of Defense
 
Cyber Security
ADGP, Public Grivences, Bangalore
 
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
OWASP Top 10 - 2017
HackerOne
 
Social Engineering
Cyber Agency
 
Cyber security Information security
AYESHA JAVED
 
The Zero Trust Model of Information Security
Tripwire
 

What's hot (20)

PPTX
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
PPTX
Cyber Threat Modeling
EC-Council
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PDF
INTRODUCCION CIBERSEGURIDAD
Miguel Cabrera
 
PPTX
Cybersecurity Training
WindstoneHealth
 
PPSX
Security Awareness Training
William Mann
 
PDF
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
PPTX
Build an Information Security Strategy
Andrew Byers
 
PPTX
Cyber security
manoj duli
 
PDF
Threat Intelligence
Deepak Kumar (D3)
 
PPT
Information security management
UMaine
 
PPTX
Phishing ppt
shindept123
 
PPTX
Cyber threat intelligence: maturity and metrics
Mark Arena
 
PDF
Cyber Threat Intelligence
mohamed nasri
 
PPTX
Social engineering
Abdelhamid Limami
 
PDF
2023-it-roadmap-for-cybersecurity-techcnical
Jack585826
 
PDF
Addressing the cyber kill chain
Symantec Brasil
 
PPT
Cyber security for an organization
Tejas Wasule
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
PPTX
Cyber kill chain
Ankita Ganguly
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Cyber Threat Modeling
EC-Council
 
Introduction to penetration testing
Nezar Alazzabi
 
INTRODUCCION CIBERSEGURIDAD
Miguel Cabrera
 
Cybersecurity Training
WindstoneHealth
 
Security Awareness Training
William Mann
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Build an Information Security Strategy
Andrew Byers
 
Cyber security
manoj duli
 
Threat Intelligence
Deepak Kumar (D3)
 
Information security management
UMaine
 
Phishing ppt
shindept123
 
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Cyber Threat Intelligence
mohamed nasri
 
Social engineering
Abdelhamid Limami
 
2023-it-roadmap-for-cybersecurity-techcnical
Jack585826
 
Addressing the cyber kill chain
Symantec Brasil
 
Cyber security for an organization
Tejas Wasule
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cyber kill chain
Ankita Ganguly
 
Ad

Viewers also liked (20)

PPTX
Social Media Cyber Security Awareness Briefing
Department of Defense
 
PDF
Army Social Media Presentation
Department of Defense
 
PPT
General Awareness On Cyber Security
Dominic Rajesh
 
PPT
Conley Group Operational Security Presentation
guest019923
 
ODP
Cyber security awareness
Jason Murray
 
PPTX
Cyber security
Siblu28
 
PPTX
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
PPTX
Date security security principles
Leo Mark Villar
 
PPTX
Situational awareness
personalprotector
 
PPTX
Global privacy research
bbw1984
 
ODP
Catch-me if you can - TOR tricks for bots, shells and general hacking
Jan Seidl
 
ODP
NSA-Proof communications (mostly)
Jan Seidl
 
PPTX
Opsec & sns for distro (no vid)
Naval OPSEC
 
KEY
CyberCoex
INNOCEAN Worldwide
 
PPT
Opsec for families
Lindy Kyzer
 
PDF
Reducing attack surface on ICS with Windows native solutions
Jan Seidl
 
PPTX
Cyber 101 for smb execs v1
NetWatcher
 
PDF
Social Media OPSEC
US Navy Social Media
 
PDF
Navy Command Facebook Assessment and Worksheet (March 2015)
US Navy Social Media
 
PPT
OPSEC for Kids
Department of Defense
 
Social Media Cyber Security Awareness Briefing
Department of Defense
 
Army Social Media Presentation
Department of Defense
 
General Awareness On Cyber Security
Dominic Rajesh
 
Conley Group Operational Security Presentation
guest019923
 
Cyber security awareness
Jason Murray
 
Cyber security
Siblu28
 
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
Date security security principles
Leo Mark Villar
 
Situational awareness
personalprotector
 
Global privacy research
bbw1984
 
Catch-me if you can - TOR tricks for bots, shells and general hacking
Jan Seidl
 
NSA-Proof communications (mostly)
Jan Seidl
 
Opsec & sns for distro (no vid)
Naval OPSEC
 
CyberCoex
INNOCEAN Worldwide
 
Opsec for families
Lindy Kyzer
 
Reducing attack surface on ICS with Windows native solutions
Jan Seidl
 
Cyber 101 for smb execs v1
NetWatcher
 
Social Media OPSEC
US Navy Social Media
 
Navy Command Facebook Assessment and Worksheet (March 2015)
US Navy Social Media
 
OPSEC for Kids
Department of Defense
 
Ad

Similar to OPSEC Vulnerabilities And Indicators (20)

PPT
20110414 ARMA Twin Cities Inventorying Electronic Records
Jesse Wilkins
 
PPT
SOC presentation- Building a Security Operations Center
Michael Nickle
 
PPT
M014 Confluence Presentation 08 15 06
gbroadbent67
 
PPT
Information Leakage - A knowledge Based Approach
Global Business Events - the Heart of your Network.
 
PPT
Safe shipley 2 upload
Kevin Campbell-Wright
 
PPT
Physical Security Assessment
Gary Bahadur
 
PPT
Building a Data Quality Program from Scratch
dmurph4
 
PPTX
Secutity Risk+Assessment+Methodology.pptx
bipinbhattarai12
 
PPT
080312 Ict Hub Risk Management
Mark Walker
 
PPT
October 3rd Briefing, Transformation
Nathaniel Palmer
 
PPT
David Whitaker: Managing Your Vendors
Electronic Signature & Records Association
 
PPT
Security Consulting Methodology
ciso_insights
 
PPT
What Every Organization Should Log And Monitor
Anton Chuvakin
 
PPT
Taking Transactions Mobile
Electronic Signature & Records Association
 
PPTX
Delivering Digital Excellence with Global Compliance and Integrity
Kristina Podnar
 
PPTX
Kristina Podnar - Delivering Digital Excellence with Global Compliance and In...
Digital Experience (DX) Summit 2016
 
PPTX
SharePoint Governance and Compliance
Alistair Pugin
 
PPTX
SharePoint Governance and Compliance
SPC Adriatics
 
PPT
Keeping Score on Testing
amiable_indian
 
DOCX
Question 1Discuss why those in the human resource development po.docx
makdul
 
20110414 ARMA Twin Cities Inventorying Electronic Records
Jesse Wilkins
 
SOC presentation- Building a Security Operations Center
Michael Nickle
 
M014 Confluence Presentation 08 15 06
gbroadbent67
 
Information Leakage - A knowledge Based Approach
Global Business Events - the Heart of your Network.
 
Safe shipley 2 upload
Kevin Campbell-Wright
 
Physical Security Assessment
Gary Bahadur
 
Building a Data Quality Program from Scratch
dmurph4
 
Secutity Risk+Assessment+Methodology.pptx
bipinbhattarai12
 
080312 Ict Hub Risk Management
Mark Walker
 
October 3rd Briefing, Transformation
Nathaniel Palmer
 
David Whitaker: Managing Your Vendors
Electronic Signature & Records Association
 
Security Consulting Methodology
ciso_insights
 
What Every Organization Should Log And Monitor
Anton Chuvakin
 
Taking Transactions Mobile
Electronic Signature & Records Association
 
Delivering Digital Excellence with Global Compliance and Integrity
Kristina Podnar
 
Kristina Podnar - Delivering Digital Excellence with Global Compliance and In...
Digital Experience (DX) Summit 2016
 
SharePoint Governance and Compliance
Alistair Pugin
 
SharePoint Governance and Compliance
SPC Adriatics
 
Keeping Score on Testing
amiable_indian
 
Question 1Discuss why those in the human resource development po.docx
makdul
 

More from Department of Defense (20)

PDF
Invasive species commanders_guide
Department of Defense
 
PDF
DoD Cyber Strategy
Department of Defense
 
PDF
Department of Defense Strategy for Operating in Cyberspace
Department of Defense
 
PDF
Endangered Species Bulletin - Spring 2011
Department of Defense
 
PDF
National Security Space Strategy
Department of Defense
 
PDF
Strengthening Our Military Families - Meeting America's Commitment January 2011
Department of Defense
 
PDF
FY 2010 MULTIDISCIPLINARY UNIVERSITY RESEARCH INITIATIVE (MURI) – SELECTED PR...
Department of Defense
 
PPTX
Social Media Overview
Department of Defense
 
PPTX
How To Tweet
Department of Defense
 
PPTX
Getting Started With Twitter
Department of Defense
 
PPTX
Tips And Tools For YouTube
Department of Defense
 
PPTX
Customizing Your YouTube Channel
Department of Defense
 
PPTX
YouTube Uses In The Field
Department of Defense
 
PDF
Army Official Social Media Policy
Department of Defense
 
PDF
ONR Innovation Newsletter
Department of Defense
 
PPTX
Getting Started With You Tube
Department of Defense
 
PPTX
Creative Ways To Use And Manage Facebook Pages
Department of Defense
 
PPTX
Designing Your Facebook Page
Department of Defense
 
PPTX
Getting Started With Facebook
Department of Defense
 
PPTX
Staying Safe Online For Kids
Department of Defense
 
Invasive species commanders_guide
Department of Defense
 
DoD Cyber Strategy
Department of Defense
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense
 
Endangered Species Bulletin - Spring 2011
Department of Defense
 
National Security Space Strategy
Department of Defense
 
Strengthening Our Military Families - Meeting America's Commitment January 2011
Department of Defense
 
FY 2010 MULTIDISCIPLINARY UNIVERSITY RESEARCH INITIATIVE (MURI) – SELECTED PR...
Department of Defense
 
Social Media Overview
Department of Defense
 
How To Tweet
Department of Defense
 
Getting Started With Twitter
Department of Defense
 
Tips And Tools For YouTube
Department of Defense
 
Customizing Your YouTube Channel
Department of Defense
 
YouTube Uses In The Field
Department of Defense
 
Army Official Social Media Policy
Department of Defense
 
ONR Innovation Newsletter
Department of Defense
 
Getting Started With You Tube
Department of Defense
 
Creative Ways To Use And Manage Facebook Pages
Department of Defense
 
Designing Your Facebook Page
Department of Defense
 
Getting Started With Facebook
Department of Defense
 
Staying Safe Online For Kids
Department of Defense
 

Recently uploaded (20)

PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Institutional Correction lecture only . . .
limvtheghins
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Classroom Observation Tools for Teachers
Nicaramirez
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
master seminar digital applications in india
ananyaray35
 
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 

OPSEC Vulnerabilities And Indicators

  • 1. Provided by OSPA (www.opsecprofessionals.org) Vulnerabilities and Indicators The OPSEC Process
  • 2. Definitions Indicator Points to vulnerability or critical information􀂄 Vulnerability Weakness the adversary can exploit to get to critical information
  • 3. Indicators Pathways or detectable activities that lead to specific information that, when looked at by itself or in conjunction with something else, allows an adversary to obtain sensitive information or identify a vulnerability
  • 4. Profiles and Signatures Adversaries look for Patterns and Signatures to establish a Profile Patterns are the way things are done, arranged, or have occurred Signatures are the emissions that are the result of, or caused by, what is or was done Profiles are collected on all our activities, procedures and methodologies
  • 5. Vulnerability Areas Operations Physical Environment Personnel Finance Administrative Logistics Public Affairs Family
  • 6. Common Vulnerabilities Discussion of sensitive information in unsecured areas. Lack of policy/enforcement Cameras Cell Phones Internet Usage Shredding Training/Awareness
  • 7. Stereotyped Operations Same Time Same Place Same People Same Route Same Way PREDICTIBILITY
  • 8. Examples of Vulnerabilities Publications Press Releases Unencrypted Email Organization Website Non-Secure Telephone
  • 9. Examples of Vulnerabilities Trash Employee Turnover Employee Mistakes Lack of Good Passwords Exhibits and Conventions
  • 10. Communication Vulnerabilities Radios Cell Phones Telephones Facsimiles (Fax) Computers
  • 11. Common Vulnerabilities Government Reliance on Commnercial Backbone Domestic Overseas Few Government-Owned Systems
  • 12. Cell Phones Incorporate a wide-spectrum of technologies Analog/ Digital Wireless Sound Recording PDA Camera Streaming video Computing/ Internet And more
  • 13. Cell Phones Asset vs Vulnerability The Good: Convenience “ Reach out and touch someone” Access to Commercial Numbers Coordination Outside radio Range/ Frequency The Bad and the Ugly Multiple Technical Vulnerabilities Typically Unsecure
  • 14. Common Vulnerabilities Computers Access Control Auditing Regulations/ Policy User Training Passwords Systems Accreditation
  • 15. Common Vulnerabilities Associated Computer Concerns Email Sniffer Cookies Virus/ Spyware Web Logs (“Blogs”) Instant Messaging (“IM”) Personal Data Assistants (“PDAs”)
  • 16. Areas of Vulnerability Administration Financial Logistics Operations
  • 17. Administrative Memos Schedules Travel Orders Advance Plans Annual Reviews Org Charts Job Announcements Management Reports
  • 18. Financial Projections Justifications Financial Plans Special Purchases Budget and Contracts Supplemental Requests
  • 19. Logistics Unusual Equipment Volume or Priority Requisitions Boxes Labeled With the Name of an Operation or Mission etc
  • 20. Operations VIP Visits Schedules Stereotyped Activities Increased Mission-Related Training Abrupt Changes in Normal Operation
  • 21. EVEN MORE Indicators and Vulnerabilities Family Personnel Public Affairs Physical Environment Procedures and Reports
  • 22. Where Are the Indicators?
  • 23. Indicators Presence of specialized Equipment Increase (or Decrease) in activity Sudden Changes in Procedure Unique Convoy Configuration Staging of Cargo or Vehicles
  • 24. Information of Intelligence Value Collectible Observable
  • 25. Collectible Can be physically collected or intercepted Examples: Dumpster diving, cordless/cell phone interception, email, open source
  • 26. Observable What you can see What you can smell What you can hear
  • 27. Why train for OPSEC? ( A real Exercise)
  • 28. What is our greatest Weakness? OURSELVES!
  • 29. Questions? “ In wartime, the truth is so precious that it must be protected by a bodyguard of lies.” Winston Churchill