Critique the assignment enclosed herewith from my fellow student-mike

“”Operations security (OPSEC) is an analytic
process used to deny an adversary information – generally unclassified –
concerning friendly intentions and capabilities by identifying,
controlling, and protecting indicators associated with planning
processes or operations” (What is, n.d.). It is a way to secure your
information within the company so that adversary’s can not gain access
to it. Most information gained can simply be found via social media, on
the internet, and pieced back together to form a more specific
picture. Dumpster diving is a way people can gain information, which is
why it is important to shred any and all important documents before
placing them in the trash.
As far as Sifer’s-Grayson goes, A failure at proper OPSEC could
result in a rival company, a hacker, or anyone with proper knowledge, to
learn more about how business is handled. From figuring out times and
locations to potential meetings, launch times of the test vehicule,
blueprints of our designs, and the RF frequency used, anything is
possible if OPSEC is broken. It is easy to ensure that the company has
good OPSEC, as long as proper training is conducted to figure out ways
to keep the sensitive information from anyone’s eyes. “Having good
OPSEC means thinking about who you’re trying to protect your information
from, who you communicate with, and what capabilities your adversaries
might have.” (Lexie, 2016)
OPSEC as a whole is a 5 step process, which the military is known to
use in order to function properly. It might be best to use the same
method and Sifers-Grayson to better the company as a whole.
-Identify Critical Information: Basically, what
information is needed to be protected. What information can make a
mission fail if other people found out? Some items can be considered
critical, depending on the result. Travel documents could be seen as
minimal one day, but could be something serious another.
-Analyze the Threat: Who might the adversary be?
What person or company could benefit the most for our failure? What
intentions could the person have to see us fail? “Once you have
determined the adversary’s intent and capability, you can assess his
potential threat.” (Opsec, 13)
-Analyze Vulnerabilities: Most companies tend to
have vulnerabilities without even realizing it. Adversaries tend to use
these vulnerabilities to paint themselves a bigger picture, and to gain
access to the information without anyone else being aware such a
vulnerability exist. Training is important for this purpose, to
familiarize everyone about OPSEC since human error always tends to be a
main issue.
-Asses Risk: Risk assessment is important here, as
not everything can be protected, and sometimes a decision would have to
be made if a vulnerability should be ignored or not, either due to
financial issues or human error. The impact of the risk will then
decide how much damage can be done in the long run.
-Apply Countermeasures: A countermeasure can be
defined as anything used to lessen the chance of a potential attack.
The whole process of work smarter not harder easily comes into play
here, and cost-benefit analysis will be used to determine if it is
possible or not. At the end of the day, it comes down to weighing the
cost versus the benefit.
At the end of the day, OPSEC is a very serious matter and should not
be taken lightly. People are out there to gain some kind of momentum in
seeing us fail. We will be ready to do what is needed to ensure any
exercise or test is launched with success, and continue to thwart any
attempts of an OPSEC breach.