Opsec Level 2
54 community-sourced questions and answers. Free — no login.
Operations Security
What does OPSEC stand for?
5 Step OPSEC Process
Critical Info; Threat; Vulnerability; Risk and Apply OPSEC measures (mitigation)
2 base components of Essential Secrecy
Traditional Security and Operations Security (OPSEC)
A category of OPSEC indicators is?
SPACE (signature; profile; association; contrast and exposure)
Good characteristics of a good CIL
Unclassified; 10 items or less; widest dissemination
Why conduct an OPSEC review?
Evaluate compliance to regulatory guidance, prevent potential release of critical information; to evaluate a product or document with new eyes
What is CALI?
Capabilities, Activities, Limitations, and Intentions
What is RISK?
The probability that an adversary will compromise your Critical Information and the resulting impact if successful
In order to have a threat, you must have what two components?
Intent and capability
What is VULNERABILITY?
It is the action of an adversary after careful observation, and positioning in order to plan to effectively act against a friendly organization
What is the regulation for SAP?
AR 380-381
What is the Army Regulation for OPSEC?
AR 530-1
When did Regan sign NSDD 298?
1988
Simple version of the OPSEC 5 step process
1. problem, 2. it could get worse, 3. damage, 4. timing (odds of it getting worse), 5. mitigation...
Essential Secrecy is?
The condition achieved from denial of critical information to adversaries through the combined efforts of: a.) Traditional Security programs and b.) the Operations Security process...
CALI maintains our "Element of Surprise" by?
Denying enemies information... It is a key part of Essential Secrecy
Who owns the OPSEC program...?
The Commander
Who determines what will and will not be protected?
The Commander
What is a key responsibility/duty of the OPSEC officer?
To support the Commander
Other responsibilities/duties of the OPSEC officer include?
1. Producing Official Policy Letter 2. Coordinating functions within a Working Group 3. Publishing an OPSEC SOP 4. Interagency Integration 5. Develop a CIL 6. Publish an Annual Report 7. Conduct/Promote OPSEC Training and Awareness 8. Conduct OPSEC Reviews 9. Take part in self/external program Assessments
Critical Information comes from?
1. Protected Sources 2. Open Sources 3. Detectible Actions NOTE: Intelligence Collection is not a Random Effort
All OPSEC measures are implemented to?
Protect Critical Information
Critical Information may be____________ or ____________ sensitive.
"Time" or "Event"
What is Threat driven?
OPSEC... Threat = Intent + Capability
What are some of the traditional Collection Methods?
HUMINT; SIGINT; GEOINT; OSINT and MASINT
Two types of HUMINT collection are?
Overt and Covert
Foreign Intelligence Services employ the following HUMINT methods?
1. Recruiting (R) 2. Elicitation (E) 3. Planting (P)
Thinking like an Adversary collecting Critical Information UNDERSTAND and REMEMBER that...
Collection is "not" a Random Effort
Levels of Vulnerabilities exist at the?
1. Strategic Level, (S) 2. Operational Level, and the (O) 3. Tactical Level (T)
Adversary analysts develop perceptions by?
1. Piecing the Indicators Together 2. Conducting a Comparative Analysis identifying Trends 3. Report Observations for Review Cand await Guidance
3 Categories of OPSEC Measures include?
1. Action Control (A) 2. Countermeasures (C) 3. Counter Analysis (C)
Action Control measures are?
Means of Mitigation, to include TRAINING...
Countermeasures can look like?
Signal Jamming
Counter analysis can look like?
Use of Deceptions / Decoys and False leads...
A form of Risk Management is a Table Top Exercise, why is this employed?
It helps leaders learn to make informed decisions regarding available courses of action.
What is the OPSEC definition of Risk?
The "probability" an adversary will compromise Critical Information and the "impact" is the severity of the damage taken when they are successful
What does R = I x ( T x V ) mean?
Risk equals Impact x threat x vulnerability
What is the current risk without OPSEC measures
Failure
FOIA is?
A public record. ANY official writing or recording.
How many FOIA exemptions are there?
(9) Nine
OPSEC Review supports a responsible release of records tagged under?
FOIA documents requests...
DD Form 254
Classified / Uncalssified Contract Review...
PAO is NOT the same as an?
OPSEC Review
How many Functional Elements are there?
(2) Two -- Warfighter & Non Warfighter
What is the purpose / possible uses for OPSEC Working Groups?
1. Awareness for the Cmd 2. Review Websites 3. Review Contracts
OPSEC Measures are?
Directive in nature
Risk Management?
Helps leaders make informed decisions regarding course of action
Probability is referred to as?
Hazard
Impact is referred to as?
Severity
Cyberspace is?
A global domain within the information environment
Cyberspace Operations consist if (3) three functions
1. Offensive cyber ops 2. Defensive cyber ops 3. DoD info network ops
What are some Types of cyber threats
1. FIS 2. Cyber Terrorist 3.. Criminals 4. Insiders 5. Hackers
Social Media uses are
1. Official 2. Professional 3. Personal
Critical Program Information ( CPI )
1. DoD 5230.25 2. DoD 5230.24
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials