3.5 Operations Security

3.5.1 Operational Indicators

OPSEC can be thought of as a discipline that works in conjunction with the other traditional security programs. These other programs may include physical security, Communications Security (COMSEC), and personnel security, to name a few. OPSEC is unique in that it employs the study of indicators to detect potential vulnerabilities. These indicators consist of factors such as dates, times, and places for events or release of significant information. If this type of information is not protected, a wily adversary can follow a trail to gain access to further information. Another indicator is objectives . Stating organizational objectives in public forums may enable unauthorized users to assess quickly what interest those objectives may have for them and help them decide to attempt a hack against your organization that otherwise would not have been attempted. Using nicknames and acronyms is also cautioned against. These indicators can often reveal how a program is associated with others, and then some unauthorized user publishes the connected information all over the Internet. Contingency plans are also indicators of what may be going on inside an organization. For example, if details of a contingency plan were released discussing the upcoming public announcement of a corporate wide layoff , the results could be devastating to both the stock price and the company image.