OPSEC Methodology Practice

Questions and Answers

What is the purpose of the operations security process?

To share sensitive information with friends and family

To handle data carelessly

To disclose information on social media

To protect our information from unauthorized access (correct)

What is the correct sequence of operations security practices?

Put countermeasures in place, threats analysis, and identify assets

Threats analysis, put countermeasures in place, and identify assets

Put countermeasures in place, identify assets, and threats analysis

Identify assets, threats analysis, and countermeasures (correct)

What is the consequence of applying the same level of security to everything?

We will be overprotecting some things of high value

We may be overprotecting some things that are not of high value and under protecting things of much greater value (correct)

We will be protecting everything equally well

We will be underprotecting some things of low value

What are the three main items of information that constitute an identity?

A name, an address, and an identity number

Why is it important to identify assets before putting countermeasures in place?

To ensure that we are not directing our efforts toward the information assets that are actually the most critical items to protect

What is the primary goal of the operations security methodology?

To provide a framework for protecting information

What is the main focus of OPSEC?

Unclassified data that when correlated becomes sensitive

What is the primary goal of the operations security process?

To identify and protect only critical information assets

What is an example of a critical information asset for a soft drink company?

Secret recipe

What is the first step in the operations security process?

Identify what information we have that needs protection

What is the purpose of the operations security process?

To protect critical information assets from unauthorized access

What is the primary adversary in the business world?

A competitor