Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Provided by OSPA (opsecprofessionals) PowerPoint Presentation
Download Presentation
Provided by OSPA (opsecprofessionals)

Provided by OSPA (opsecprofessionals)

198 Vues Download Presentation
Télécharger la présentation

Provided by OSPA (opsecprofessionals)

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Vulnerabilities and Indicators The OPSEC Process, step 3 Presented by: (Presenter’s Name) Provided by OSPA (www.opsecprofessionals.org)

  2. Definitions • Indicator • Points to vulnerability or critical information􀂄 • Vulnerability • Weakness the adversary can exploit to get to critical information

  3. Indicators • Pathways or detectable activities that lead to specific information that, when looked at by itself or in conjunction with something else, allows an adversary to obtain sensitive information or identify a vulnerability

  4. Profiles and Signatures • Adversaries look for Patterns and Signatures to establish a Profile • Patterns are the way things are done, arranged, or have occurred • Signatures are the emissions that are the result of, or caused by, what is or was done • Profiles are collected on all our activities, procedures and methodologies

  5. Vulnerability Areas • Operations • Physical Environment • Personnel • Finance • Administrative • Logistics • Public Affairs • Family

  6. Common Vulnerabilities • Discussion of sensitive information in unsecured areas. • Lack of policy/enforcement • Cameras • Cell Phones • Internet Usage • Shredding • Training/Awareness

  7. Stereotyped Operations • Same Time • Same Place • Same People • Same Route • Same Way PREDICTIBILITY

  8. Examples of Vulnerabilities • Publications • Press Releases • Unencrypted Email • Organization Website • Non-Secure Telephone

  9. Examples of Vulnerabilities • Trash • Employee Turnover • Employee Mistakes • Lack of Good Passwords • Exhibits and Conventions

  10. Communication Vulnerabilities • Radios • Cell Phones • Telephones • Facsimiles (Fax) • Computers

  11. Common Vulnerabilities • Government Reliance on Commnercial Backbone • Domestic • Overseas Few Government-Owned Systems

  12. Cell Phones • Incorporate a wide-spectrum of technologies • Analog/ Digital Wireless • Sound Recording • PDA • Camera • Streaming video • Computing/ Internet • And more

  13. Cell Phones • Asset vs Vulnerability • The Good: • Convenience • “Reach out and touch someone” • Access to Commercial Numbers • Coordination Outside radio Range/ Frequency • The Bad and the Ugly • Multiple Technical Vulnerabilities • Typically Unsecure

  14. Common Vulnerabilities • Computers • Access Control • Auditing • Regulations/ Policy • User Training • Passwords • Systems Accreditation

  15. Common Vulnerabilities • Associated Computer Concerns • Email • Sniffer • Cookies • Virus/ Spyware • Web Logs (“Blogs”) • Instant Messaging (“IM”) • Personal Data Assistants (“PDAs”)

  16. Areas of Vulnerability • Administration • Financial • Logistics • Operations

  17. Administrative • Memos • Schedules • Travel Orders • Advance Plans • Annual Reviews • Org Charts • Job Announcements • Management Reports

  18. Financial • Projections • Justifications • Financial Plans • Special Purchases • Budget and Contracts • Supplemental Requests

  19. Logistics • Unusual Equipment • Volume or Priority Requisitions • Boxes Labeled With the Name of an Operation or Mission • etc

  20. Operations • VIP Visits • Schedules • Stereotyped Activities • Increased Mission-Related Training • Abrupt Changes in Normal Operation

  21. EVEN MORE Indicators and Vulnerabilities • Family • Personnel • Public Affairs • Physical Environment • Procedures and Reports

  22. Where Are the Indicators?

  23. Indicators • Presence of specialized Equipment • Increase (or Decrease) in activity • Sudden Changes in Procedure • Unique Convoy Configuration • Staging of Cargo or Vehicles

  24. Information of Intelligence Value Collectible Observable

  25. Collectible Can be physically collected or intercepted Examples: Dumpster diving, cordless/cell phone interception, email, open source

  26. Observable What you can see What you can smell What you can hear

  27. Why train for OPSEC? ( A real Exercise)

  28. What is our greatest Weakness? OURSELVES!

  29. Questions? “In wartime, the truth is so precious that it must be protected by a bodyguard of lies.” • Winston Churchill