The objective of Operations Security (OPSEC) is to understand which resources in an organization need protection, what access privileges are granted to users of those resources, how the access privileges are to be managed, what available security control mechanisms can be used to protect the resources, what the resource's potential areas of abuse are, and what the principles of good security practice are.
OPSEC can be thought of as a discipline that works in conjunction with the other traditional security programs. These other programs may include physical security, Communications Security (COMSEC), and personnel security, to name a few. OPSEC is unique in that it employs the study of indicators to detect potential vulnerabilities. These indicators consist of factors such as dates, times, and places for events or release of significant information. If this type of information is not protected, a wily adversary can follow a trail to gain access to further information. Another indicator is objectives . Stating organizational objectives in public forums may enable unauthorized users to assess quickly what interest those objectives may have for them and help them decide to attempt a hack against your organization that otherwise would not have been attempted. Using nicknames and acronyms is also cautioned against. These indicators can often reveal how a program is associated with others, and then some unauthorized user publishes the connected information all over the Internet. Contingency plans are also indicators of what may be going on inside an organization. For example, if details of a contingency plan were released discussing the upcoming public announcement of a corporate wide layoff , the results could be devastating to both the stock price and the company image.