SlideShare uma empresa Scribd logo

Conley Group Operational Security Presentation

Transferir como PPT, PDF
G
guest019923

This is a presentation about the topic of Operational Security, also known as OPSEC.

TecnologiaNegócios
1 de 20
Operational Security (OPSEC) PRESENTED BY TOM M. CONLEY, CPP, CFE, CISM PRESIDENT AND CEO Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Today’s Objectives • What is OPSEC • Understand the OPSEC Process • Learn how OPSEC applies to YOU in YOUR environment Copyright © 2009 The Conley Group, Inc. All Rights Reserved
What Is OPSEC? • OPSEC Defined • The OPSEC Process –Critical Information –Indicators –Adversaries –Vulnerabilities –Protective Measures Copyright © 2009 The Conley Group, Inc. All Rights Reserved
OPSEC Covers ALL Organizational Areas Public Affairs Operations COMPUSEC Emanations Acquisition Personnel COMSEC Logistics Physical Copyright © 2009 The Conley Group, Inc. All Rights Reserved
OPSEC Definition 1 A process of routinely denying potential adversaries information about our capabilities and/or intentions by identifying, controlling, and protecting any data or other information that may provide evidence of the planning and execution of sensitive activities to our enemy. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
OPSEC Definition 2 The purpose of OPSEC is to reduce the vulnerability of US and coalition forces from successful adversary exploitation of critical information. OPSEC applies to ALL activities that prepare, sustain, or employ forces during all operations. It prevents the display of, or collection of, critical information — especially while preparing for and conducting actual combat operations. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Critical Information • Critical information are the core secrets of an activity, capability, or intention that if known to the adversary, could weaken or defeat the operation. • Critical information is the information about your operations an adversary needs to achieve their goals. • Critical information usually involves only a few key items. • If those items are unavailable to us they could impact the way we conduct business. • Our critical information is information required to be successful in our jobs. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Indicators Information May Be Collected By: • Monitoring telephone and public conversations • Analyzing telephone directories, financial or purchasing documents • Position or "job" announcements • Travel documents • Blueprints or drawings • Distribution lists • Social engineering • Information or items found in the trash • Public Websites Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Adversaries • Who are we talking about? In the Cold War days you knew it was the communist threat. Today, the Cold War is over but new threats have emerged. • Economic superiority and political gain are other driving forces. Our former allies during the Cold War and Desert Storm are now collecting technology from us to gain an advantage in the global market. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Vulnerabilities • Vulnerabilities are defined as the characteristics of a system which can cause it to suffer degradation as a result of having been subjected to some level of a hostile threat. • Determining our vulnerabilities involves analyzing how we conduct operations. We must look at ourselves as the adversary would. • From this perspective we can determine what are the true, rather than the hypothetical, vulnerabilities. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Protective Measures • Vulnerabilities and specific threats must be matched. • Where the vulnerabilities are great and the threat is evident, the risk of exploitation should be expected. A high priority for protection should be assigned and corrective action taken. • Where the vulnerability is slight and the adversary has a marginal collection capability, the priority should be lower. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Information Collection Signals Intelligence (SIGINT) Imagery Intelligence (IMINT) Human Intelligence (HUMINT) Open Source Intelligence (OSINT) Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Consequences of an OPSEC Failure Copyright © 2009 The Conley Group, Inc. All Rights Reserved
How About Workplace OPSEC? • Handling sensitive or classified information • Clean desk? • Talking about work matters outside of the workplace • You ARE NOT being a snitch if you report suspicious activity Copyright © 2009 The Conley Group, Inc. All Rights Reserved
OPSEC Simplified Identify YOUR Critical Information Analyze YOUR Threats Analyze YOUR Vulnerabilities Assess YOUR Risks Employ Correct Protective Measures Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Who is Responsible for OPSEC? GOOD SECURITY IS A GROUP EFFORT Copyright © 2009 The Conley Group, Inc. All Rights Reserved
The Bottom Line • The threat is REAL • Protect our technological advantage • Asymmetric Threats are today’s concern and not always clearly evident • Practice common sense and include OPSEC in your daily routines • YOUR adversary IS watching – are you? Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Summary • OPSEC is an Analytic Process • OPSEC is Adversary-Oriented • Every Operation Has Vulnerabilities • All Indicators Cannot Be Eliminated • Risk Can Be Mitigated (vs. Avoided) • An Effective Countermeasure is a Good Countermeasure (anything legal that works) Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Final Thoughts THINK OPSEC Copyright © 2009 The Conley Group, Inc. All Rights Reserved
Questions? Copyright © 2009 The Conley Group, Inc. All Rights Reserved

Recomendados

Conley Group Opsec Presentation
Conley Group Opsec PresentationConley Group Opsec Presentation
Conley Group Opsec PresentationThe Conley Group, Inc.
 
OPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsOPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsDepartment of Defense
 
Global privacy research
Global privacy researchGlobal privacy research
Global privacy researchbbw1984
 
Catch-me if you can - TOR tricks for bots, shells and general hacking
Catch-me if you can - TOR tricks for bots, shells and general hackingCatch-me if you can - TOR tricks for bots, shells and general hacking
Catch-me if you can - TOR tricks for bots, shells and general hackingJan Seidl
 
NSA-Proof communications (mostly)
NSA-Proof communications (mostly)NSA-Proof communications (mostly)
NSA-Proof communications (mostly)Jan Seidl
 
Opsec & sns for distro (no vid)
Opsec & sns for distro (no vid)Opsec & sns for distro (no vid)
Opsec & sns for distro (no vid)Naval OPSEC
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsJan Seidl
 
Opsec for families
Opsec for familiesOpsec for families
Opsec for familiesLindy Kyzer
 

Recomendados

Conley Group Opsec Presentation
Conley Group Opsec PresentationConley Group Opsec Presentation
Conley Group Opsec PresentationThe Conley Group, Inc.
 
OPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsOPSEC Vulnerabilities And Indicators
OPSEC Vulnerabilities And IndicatorsDepartment of Defense
 
Global privacy research
Global privacy researchGlobal privacy research
Global privacy researchbbw1984
 
Catch-me if you can - TOR tricks for bots, shells and general hacking
Catch-me if you can - TOR tricks for bots, shells and general hackingCatch-me if you can - TOR tricks for bots, shells and general hacking
Catch-me if you can - TOR tricks for bots, shells and general hackingJan Seidl
 
NSA-Proof communications (mostly)
NSA-Proof communications (mostly)NSA-Proof communications (mostly)
NSA-Proof communications (mostly)Jan Seidl
 
Opsec & sns for distro (no vid)
Opsec & sns for distro (no vid)Opsec & sns for distro (no vid)
Opsec & sns for distro (no vid)Naval OPSEC
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsJan Seidl
 
Opsec for families
Opsec for familiesOpsec for families
Opsec for familiesLindy Kyzer
 
OPSEC for Kids
OPSEC for KidsOPSEC for Kids
OPSEC for KidsDepartment of Defense
 
OPSEC for Families
OPSEC for FamiliesOPSEC for Families
OPSEC for FamiliesDepartment of Defense
 
Social Media - Privacy and Settings
Social Media - Privacy and SettingsSocial Media - Privacy and Settings
Social Media - Privacy and SettingsVanguard Leadership
 
Personal Data Ecosystem - NSTIC Privacy Workshop
Personal Data Ecosystem - NSTIC Privacy WorkshopPersonal Data Ecosystem - NSTIC Privacy Workshop
Personal Data Ecosystem - NSTIC Privacy WorkshopKaliya "Identity Woman" Young
 
FB Privacy Settings Jan 2015
FB Privacy Settings Jan 2015FB Privacy Settings Jan 2015
FB Privacy Settings Jan 2015Naval OPSEC
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety TipsDepartment of Defense
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Securityleminhvuong
 
OPSEC for hackers
OPSEC for hackersOPSEC for hackers
OPSEC for hackersgrugq
 
Army Social Media Presentation
Army Social Media PresentationArmy Social Media Presentation
Army Social Media PresentationDepartment of Defense
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentationelliehood
 
ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing KeynoteCyphort
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective programBring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective programBrent Spencer
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerCloudPassage
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.pptssusera76ea9
 
Pdp It Crisis Ppt
Pdp It Crisis PptPdp It Crisis Ppt
Pdp It Crisis PptJesse Kedy
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent CampaignDenim Group
 

Mais conteúdo relacionado

Destaque

Social Media - Privacy and Settings
Social Media - Privacy and SettingsSocial Media - Privacy and Settings
Social Media - Privacy and SettingsVanguard Leadership
 
FB Privacy Settings Jan 2015
FB Privacy Settings Jan 2015FB Privacy Settings Jan 2015
FB Privacy Settings Jan 2015Naval OPSEC
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Securityleminhvuong
 
OPSEC for hackers
OPSEC for hackersOPSEC for hackers
OPSEC for hackersgrugq
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentationelliehood
 

Destaque (12)

OPSEC for Kids
OPSEC for KidsOPSEC for Kids
OPSEC for Kids
 
OPSEC for Families
OPSEC for FamiliesOPSEC for Families
OPSEC for Families
 
Social Media - Privacy and Settings
Social Media - Privacy and SettingsSocial Media - Privacy and Settings
Social Media - Privacy and Settings
 
Personal Data Ecosystem - NSTIC Privacy Workshop
Personal Data Ecosystem - NSTIC Privacy WorkshopPersonal Data Ecosystem - NSTIC Privacy Workshop
Personal Data Ecosystem - NSTIC Privacy Workshop
 
FB Privacy Settings Jan 2015
FB Privacy Settings Jan 2015FB Privacy Settings Jan 2015
FB Privacy Settings Jan 2015
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety Tips
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
 
OPSEC for hackers
OPSEC for hackersOPSEC for hackers
OPSEC for hackers
 
Army Social Media Presentation
Army Social Media PresentationArmy Social Media Presentation
Army Social Media Presentation
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentation
 

Semelhante a Conley Group Operational Security Presentation

ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing KeynoteCyphort
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective programBring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective programBrent Spencer
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerCloudPassage
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.pptssusera76ea9
 
Pdp It Crisis Ppt
Pdp It Crisis PptPdp It Crisis Ppt
Pdp It Crisis PptJesse Kedy
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent CampaignDenim Group
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementjustinkallhoff
 
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseDenim Group
 
Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Software Security: Is OK Good Enough? OWASP AppSec USA 2011Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Software Security: Is OK Good Enough? OWASP AppSec USA 2011Denim Group
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Software Security: Is OK Good Enough?
Software Security: Is OK Good Enough?Software Security: Is OK Good Enough?
Software Security: Is OK Good Enough?Denim Group
 
Developing a world class omnichannel customer experience
Developing a world class omnichannel customer experienceDeveloping a world class omnichannel customer experience
Developing a world class omnichannel customer experienceJeremy Cox MA DipM
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesLastline, Inc.
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 

Semelhante a Conley Group Operational Security Presentation (20)

ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing Keynote
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective programBring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
Pdp It Crisis Ppt
Pdp It Crisis PptPdp It Crisis Ppt
Pdp It Crisis Ppt
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
 
Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Software Security: Is OK Good Enough? OWASP AppSec USA 2011Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Software Security: Is OK Good Enough? OWASP AppSec USA 2011
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Software Security: Is OK Good Enough?
Software Security: Is OK Good Enough?Software Security: Is OK Good Enough?
Software Security: Is OK Good Enough?
 
Developing a world class omnichannel customer experience
Developing a world class omnichannel customer experienceDeveloping a world class omnichannel customer experience
Developing a world class omnichannel customer experience
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 

Último

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Conley Group Operational Security Presentation

  • 1. Operational Security (OPSEC) PRESENTED BY TOM M. CONLEY, CPP, CFE, CISM PRESIDENT AND CEO Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 2. Today’s Objectives • What is OPSEC • Understand the OPSEC Process • Learn how OPSEC applies to YOU in YOUR environment Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 3. What Is OPSEC? • OPSEC Defined • The OPSEC Process –Critical Information –Indicators –Adversaries –Vulnerabilities –Protective Measures Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 4. OPSEC Covers ALL Organizational Areas Public Affairs Operations COMPUSEC Emanations Acquisition Personnel COMSEC Logistics Physical Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 5. OPSEC Definition 1 A process of routinely denying potential adversaries information about our capabilities and/or intentions by identifying, controlling, and protecting any data or other information that may provide evidence of the planning and execution of sensitive activities to our enemy. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 6. OPSEC Definition 2 The purpose of OPSEC is to reduce the vulnerability of US and coalition forces from successful adversary exploitation of critical information. OPSEC applies to ALL activities that prepare, sustain, or employ forces during all operations. It prevents the display of, or collection of, critical information — especially while preparing for and conducting actual combat operations. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 7. Critical Information • Critical information are the core secrets of an activity, capability, or intention that if known to the adversary, could weaken or defeat the operation. • Critical information is the information about your operations an adversary needs to achieve their goals. • Critical information usually involves only a few key items. • If those items are unavailable to us they could impact the way we conduct business. • Our critical information is information required to be successful in our jobs. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 8. Indicators Information May Be Collected By: • Monitoring telephone and public conversations • Analyzing telephone directories, financial or purchasing documents • Position or "job" announcements • Travel documents • Blueprints or drawings • Distribution lists • Social engineering • Information or items found in the trash • Public Websites Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 9. Adversaries • Who are we talking about? In the Cold War days you knew it was the communist threat. Today, the Cold War is over but new threats have emerged. • Economic superiority and political gain are other driving forces. Our former allies during the Cold War and Desert Storm are now collecting technology from us to gain an advantage in the global market. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 10. Vulnerabilities • Vulnerabilities are defined as the characteristics of a system which can cause it to suffer degradation as a result of having been subjected to some level of a hostile threat. • Determining our vulnerabilities involves analyzing how we conduct operations. We must look at ourselves as the adversary would. • From this perspective we can determine what are the true, rather than the hypothetical, vulnerabilities. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 11. Protective Measures • Vulnerabilities and specific threats must be matched. • Where the vulnerabilities are great and the threat is evident, the risk of exploitation should be expected. A high priority for protection should be assigned and corrective action taken. • Where the vulnerability is slight and the adversary has a marginal collection capability, the priority should be lower. Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 12. Information Collection Signals Intelligence (SIGINT) Imagery Intelligence (IMINT) Human Intelligence (HUMINT) Open Source Intelligence (OSINT) Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 13. Consequences of an OPSEC Failure Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 14. How About Workplace OPSEC? • Handling sensitive or classified information • Clean desk? • Talking about work matters outside of the workplace • You ARE NOT being a snitch if you report suspicious activity Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 15. OPSEC Simplified Identify YOUR Critical Information Analyze YOUR Threats Analyze YOUR Vulnerabilities Assess YOUR Risks Employ Correct Protective Measures Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 16. Who is Responsible for OPSEC? GOOD SECURITY IS A GROUP EFFORT Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 17. The Bottom Line • The threat is REAL • Protect our technological advantage • Asymmetric Threats are today’s concern and not always clearly evident • Practice common sense and include OPSEC in your daily routines • YOUR adversary IS watching – are you? Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 18. Summary • OPSEC is an Analytic Process • OPSEC is Adversary-Oriented • Every Operation Has Vulnerabilities • All Indicators Cannot Be Eliminated • Risk Can Be Mitigated (vs. Avoided) • An Effective Countermeasure is a Good Countermeasure (anything legal that works) Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 19. Final Thoughts THINK OPSEC Copyright © 2009 The Conley Group, Inc. All Rights Reserved
  • 20. Questions? Copyright © 2009 The Conley Group, Inc. All Rights Reserved