OPSEC

Operations Security or OPSEC is an analytical process used to deny or delay our adversaries of Sandia National Laboratories’ (Sandia) critical information. Using OPSEC enhances mission success. OPSEC is not just a program—it supplements  security disciplines.

OPSEC

  • Identifies vulnerabilities in programs and activities
  • Provides tools and resources to identify and protect critical information
  • Where appropriate, provides guidance on OPSEC measures to protect information from inadvertent release or intentional disclosure
  • Assists leadership in making OPSEC risk-management-based decisions

The OPSEC Process

  • Determine critical information
  • Determine vulnerabilities
  • Analyze the risk
  • Develop and implement countermeasures
  • Assess Effectiveness

OPSEC Practices

  • Properly handle and destroy sensitive and critical unclassified information
  • Maintain situational awareness when conducting activities
  • Use the most secure means of communicating
  • Guard against unsolicited inquiries to obtain sensitive and/or critical information
  • Observe need-to-know and lawful government purpose principles
  • Be mindful of what applications you install
  • Be adversary aware, the threat is real

OPSEC Simplified

Three Steps: Think. Assess. Protect.

  • Think about the information you need to protect and the adversaries who want it
  • Assess the ways they can acquire the information and risk if it is lost
  • Protect the information by implementing appropriate OPSEC Measures