ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Conley Group Opsec Presentation

?
?
The Conley Group, Inc.
The Conley Group, Inc.

The document discusses operational security (OPSEC) and defines it as a process of denying adversaries information about capabilities and intentions. It involves identifying critical information, indicators, adversaries, vulnerabilities, and implementing protective measures. The document emphasizes that OPSEC is everyone's responsibility and involves practicing common sense measures to mitigate risks from real threats.

1 of 20
Download to read offline
Operational Security (OPSEC) PRESENTED BY TOM M. CONLEY, CPP, CFE, CISM PRESIDENT AND CEO Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Today¡¯s Objectives ? What is OPSEC ? Understand the OPSEC Process ? Learn how OPSEC applies to YOU in YOUR environment Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
What Is OPSEC? ? OPSEC Defined ? The OPSEC Process ¨CCritical Information ¨CIndicators ¨CAdversaries ¨CVulnerabilities ¨CProtective Measures Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
OPSEC Covers ALL Organizational Areas Public Affairs Operations COMPUSEC Emanations Acquisition Personnel COMSEC Logistics Physical Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
OPSEC Definition 1 A process of routinely denying potential adversaries information about our capabilities and/or intentions by identifying, controlling, and protecting any data or other information that may provide evidence of the planning and execution of sensitive activities to our enemy. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
OPSEC Definition 2 The purpose of OPSEC is to reduce the vulnerability of US and coalition forces from successful adversary exploitation of critical information. OPSEC applies to ALL activities that prepare, sustain, or employ forces during all operations. It prevents the display of, or collection of, critical information ¡ª especially while preparing for and conducting actual combat operations. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Critical Information ? Critical information are the core secrets of an activity, capability, or intention that if known to the adversary, could weaken or defeat the operation. ? Critical information is the information about your operations an adversary needs to achieve their goals. ? Critical information usually involves only a few key items. ? If those items are unavailable to us they could impact the way we conduct business. ? Our critical information is information required to be successful in our jobs. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Indicators Information May Be Collected By: ? Monitoring telephone and public conversations ? Analyzing telephone directories, financial or purchasing documents ? Position or "job" announcements ? Travel documents ? Blueprints or drawings ? Distribution lists ? Social engineering ? Information or items found in the trash ? Public Websites Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Adversaries ? Who are we talking about? In the Cold War days you knew it was the communist threat. Today, the Cold War is over but new threats have emerged. ? Economic superiority and political gain are other driving forces. Our former allies during the Cold War and Desert Storm are now collecting technology from us to gain an advantage in the global market. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Vulnerabilities ? Vulnerabilities are defined as the characteristics of a system which can cause it to suffer degradation as a result of having been subjected to some level of a hostile threat. ? Determining our vulnerabilities involves analyzing how we conduct operations. We must look at ourselves as the adversary would. ? From this perspective we can determine what are the true, rather than the hypothetical, vulnerabilities. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Protective Measures ? Vulnerabilities and specific threats must be matched. ? Where the vulnerabilities are great and the threat is evident, the risk of exploitation should be expected. A high priority for protection should be assigned and corrective action taken. ? Where the vulnerability is slight and the adversary has a marginal collection capability, the priority should be lower. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Information Collection Signals Intelligence (SIGINT) Imagery Intelligence (IMINT) Human Intelligence (HUMINT) Open Source Intelligence (OSINT) Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Consequences of an OPSEC Failure Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
How About Workplace OPSEC? ? Handling sensitive or classified information ? Clean desk? ? Talking about work matters outside of the workplace ? You ARE NOT being a snitch if you report suspicious activity Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
OPSEC Simplified Identify YOUR Critical Information Analyze YOUR Threats Analyze YOUR Vulnerabilities Assess YOUR Risks Employ Correct Protective Measures Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Who is Responsible for OPSEC? GOOD SECURITY IS A GROUP EFFORT Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
The Bottom Line ? The threat is REAL ? Protect our technological advantage ? Asymmetric Threats are today¡¯s concern and not always clearly evident ? Practice common sense and include OPSEC in your daily routines ? YOUR adversary IS watching ¨C are you? Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Summary ? OPSEC is an Analytic Process ? OPSEC is Adversary-Oriented ? Every Operation Has Vulnerabilities ? All Indicators Cannot Be Eliminated ? Risk Can Be Mitigated (vs. Avoided) ? An Effective Countermeasure is a Good Countermeasure (anything legal that works) Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Final Thoughts THINK OPSEC Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
Questions? Copyright ? 2009 The Conley Group, Inc. All Rights Reserved

More Related Content

Conley Group Opsec Presentation

  • 1. Operational Security (OPSEC) PRESENTED BY TOM M. CONLEY, CPP, CFE, CISM PRESIDENT AND CEO Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 2. Today¡¯s Objectives ? What is OPSEC ? Understand the OPSEC Process ? Learn how OPSEC applies to YOU in YOUR environment Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 3. What Is OPSEC? ? OPSEC Defined ? The OPSEC Process ¨CCritical Information ¨CIndicators ¨CAdversaries ¨CVulnerabilities ¨CProtective Measures Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 4. OPSEC Covers ALL Organizational Areas Public Affairs Operations COMPUSEC Emanations Acquisition Personnel COMSEC Logistics Physical Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 5. OPSEC Definition 1 A process of routinely denying potential adversaries information about our capabilities and/or intentions by identifying, controlling, and protecting any data or other information that may provide evidence of the planning and execution of sensitive activities to our enemy. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 6. OPSEC Definition 2 The purpose of OPSEC is to reduce the vulnerability of US and coalition forces from successful adversary exploitation of critical information. OPSEC applies to ALL activities that prepare, sustain, or employ forces during all operations. It prevents the display of, or collection of, critical information ¡ª especially while preparing for and conducting actual combat operations. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 7. Critical Information ? Critical information are the core secrets of an activity, capability, or intention that if known to the adversary, could weaken or defeat the operation. ? Critical information is the information about your operations an adversary needs to achieve their goals. ? Critical information usually involves only a few key items. ? If those items are unavailable to us they could impact the way we conduct business. ? Our critical information is information required to be successful in our jobs. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 8. Indicators Information May Be Collected By: ? Monitoring telephone and public conversations ? Analyzing telephone directories, financial or purchasing documents ? Position or "job" announcements ? Travel documents ? Blueprints or drawings ? Distribution lists ? Social engineering ? Information or items found in the trash ? Public Websites Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 9. Adversaries ? Who are we talking about? In the Cold War days you knew it was the communist threat. Today, the Cold War is over but new threats have emerged. ? Economic superiority and political gain are other driving forces. Our former allies during the Cold War and Desert Storm are now collecting technology from us to gain an advantage in the global market. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 10. Vulnerabilities ? Vulnerabilities are defined as the characteristics of a system which can cause it to suffer degradation as a result of having been subjected to some level of a hostile threat. ? Determining our vulnerabilities involves analyzing how we conduct operations. We must look at ourselves as the adversary would. ? From this perspective we can determine what are the true, rather than the hypothetical, vulnerabilities. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 11. Protective Measures ? Vulnerabilities and specific threats must be matched. ? Where the vulnerabilities are great and the threat is evident, the risk of exploitation should be expected. A high priority for protection should be assigned and corrective action taken. ? Where the vulnerability is slight and the adversary has a marginal collection capability, the priority should be lower. Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 12. Information Collection Signals Intelligence (SIGINT) Imagery Intelligence (IMINT) Human Intelligence (HUMINT) Open Source Intelligence (OSINT) Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 13. Consequences of an OPSEC Failure Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 14. How About Workplace OPSEC? ? Handling sensitive or classified information ? Clean desk? ? Talking about work matters outside of the workplace ? You ARE NOT being a snitch if you report suspicious activity Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 15. OPSEC Simplified Identify YOUR Critical Information Analyze YOUR Threats Analyze YOUR Vulnerabilities Assess YOUR Risks Employ Correct Protective Measures Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 16. Who is Responsible for OPSEC? GOOD SECURITY IS A GROUP EFFORT Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 17. The Bottom Line ? The threat is REAL ? Protect our technological advantage ? Asymmetric Threats are today¡¯s concern and not always clearly evident ? Practice common sense and include OPSEC in your daily routines ? YOUR adversary IS watching ¨C are you? Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 18. Summary ? OPSEC is an Analytic Process ? OPSEC is Adversary-Oriented ? Every Operation Has Vulnerabilities ? All Indicators Cannot Be Eliminated ? Risk Can Be Mitigated (vs. Avoided) ? An Effective Countermeasure is a Good Countermeasure (anything legal that works) Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 19. Final Thoughts THINK OPSEC Copyright ? 2009 The Conley Group, Inc. All Rights Reserved
  • 20. Questions? Copyright ? 2009 The Conley Group, Inc. All Rights Reserved