Operations security

"OPSEC" redirects here. For the 501(c)(4) group, see Special Operations OPSEC Education Fund.
"OPSEC" redirects here; not to be confused with OPSEK.

World War II propaganda poster which popularized the cautionary phrase "Loose lips sink ships"

Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.[citation needed]

Women's Army Corps anti-rumor propaganda (1941–1945)

The term "operations security" was coined by the United States military during the Vietnam War.

History

Vietnam

In 1966, United States Admiral Ulysses Sharp established a multidisciplinary security team to investigate the failure of certain combat operations during the Vietnam War. This operation was dubbed Operation Purple Dragon, and included personnel from the National Security Agency and the Department of Defense.[1]

When the operation concluded, the Purple Dragon team codified their recommendations. They called the process "Operations Security" in order to distinguish the process from existing processes and ensure continued inter-agency support.[2]

NSDD 298

In 1988, President Ronald Reagan signed National Security Decision Directive (NSDD) 298. This document established the National Operations Security Program and named the Director of the National Security Agency as the executive agent for inter-agency OPSEC support. This document also established the Interagency OPSEC Support Staff (IOSS).[3]

Private-sector application

The private sector has also adopted OPSEC as a defensive measure against competitive intelligence collection efforts.[4]

IT security

NIST SP 800-53 defines OPSEC as the "process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities."[5]

See also

References

  1. ^ "PURPLE DRAGON: The Formations of OPSEC". Information Assurance Directorate. National Security Agency. Archived from the original on March 23, 2021. Retrieved June 15, 2016.
  2. ^ "The Origin of OPSEC- from the dragon's mouth". www.opsecprofessionals.org. Archived from the original on 3 July 2016. Retrieved 2016-06-16.
  3. ^ "About the IOSS". National OPSEC Program. Interagency OPSEC Support Staff. Retrieved June 15, 2016.
  4. ^ Kahaner, Larry (1997). Competitive Intelligence. Simon & Schuster. pp. 252–255.
  5. ^ "SC-38. OPERATIONS SECURITY". Security and Privacy Controls for Information Systems and Organizations (Information security standard). Joint Task Force. p. 323. doi:10.6028/NIST.SP.800-53r5.

Further reading

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.