What's in your personal threat model? What assets are you trying to protect? Learn how to improve your personal security and privacy online through best practices and security tips. This talk is for everyone, whether your a seasoned security professional or complete novice hopefully you will take away a few areas where you can better protect your personal information.
Video Link: https://www.youtube.com/watch?v=PIwvxSZj5e8
This presentation will take a high level look at the malware life cycle and the role that both hackers and IT professionals play in it. It should be interesting to IT professionals as well as individuals interested in learning more about the general approach used by hackers to gain unauthorized access to systems, applications, and sensitive data.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on servers and review the previous 3 weeks. Librarians and anyone else in a library
An Introduction To IT Security And Privacy In LibrariesBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library
What's in your personal threat model? What assets are you trying to protect? Learn how to improve your personal security and privacy online through best practices and security tips. This talk is for everyone, whether your a seasoned security professional or complete novice hopefully you will take away a few areas where you can better protect your personal information.
Video Link: https://www.youtube.com/watch?v=PIwvxSZj5e8
This presentation will take a high level look at the malware life cycle and the role that both hackers and IT professionals play in it. It should be interesting to IT professionals as well as individuals interested in learning more about the general approach used by hackers to gain unauthorized access to systems, applications, and sensitive data.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on servers and review the previous 3 weeks. Librarians and anyone else in a library
An Introduction To IT Security And Privacy In LibrariesBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.
(Source: RSA USA 2016-San Francisco)
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
This handout was provided as part of our ongoing monthly webinar series on various issues affecting small businesses. This document is a summary of data and Internet security challenges and definitions that can affect small businesses. Please contact us at Frontier.com/Security with any questions.
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.
(Source: RSA USA 2016-San Francisco)
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
This handout was provided as part of our ongoing monthly webinar series on various issues affecting small businesses. This document is a summary of data and Internet security challenges and definitions that can affect small businesses. Please contact us at Frontier.com/Security with any questions.
Ft Riley Winter Guide Dec 2012, Jan and Feb 2013Noel Waterman
MWR’s Winter Guide of Events and Activities is now up and posted on their Page; check out all what is happening for December 2012, January, and February 2013! Lots and Lots to do!!!
B-bread re-framing Assignment3 by Bread-WinnersViroo Mirji
Slide share version of the video clip created with the storyboard for Assignment3- BREAD REFRAMING
Refer to video for details: http://www.youtube.com/watch?v=JHU3uXLLhNM
Presentation on the State of Social to seniors at DePaul University that expands beyond the idea that social is contained only to Facebook and Twitter.
Mar 2012 1 ID Fort Riley Monthly NewsletterNoel Waterman
Please find attached this month’s 1ID and Fort Riley monthly news update. For your convenience it will be posted to the following link in the next few days: http://www.1id.army.mil/DocumentList.aspx?lib=1ID_FRG_Updates
How paranoid should you really be about online security safety? Read Security Engineer Geoff Vaughan's advice on security best practices for regular users.
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
When we talk about security for your library, we should understand some of the tools people may use to harm your network and infrastructure. In this session, learn how hackers may hack and ways to protect yourself. IT security is more than just a buzzword; it’s a necessity to understand and implement the correct measures to keep you, your library, and your patrons safe.
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
The corporate and information security worlds are converging. Explore the impact of physical security threats and how these risks often go hand-in-hand with cyberattacks. Learn how to build and use an IT Security Risk Management Framework (RMF) for data-driven decision making in your organization.
Similar to Brochure protect operational_info_sm1 (20)
The cyber threat to our Army and Nation is pervasive and most often target, human behavior through social engineering. The best mitigation measure for this risk is to increase cyber awareness by educating our Soldiers, Family Members, Government Civilians, and Contractors. HQDA has directed Army Antiterrorism Quarterly Theme Cyber Threat Awareness (2Q/FY13). For more information on Cyber Security, visit http://www.staysafeonline.org/stay-safe-online/
The cyber threat to our Army and Nation is pervasive and most often target, human behavior through social engineering. The best mitigation measure for this risk is to increase cyber awareness by educating our Soldiers, Family Members, Government Civilians, and Contractors. HQDA has directed Army Antiterrorism Quarterly Theme Cyber Threat Awareness (2Q/FY13). For more information on Cyber Security, visit http://www.staysafeonline.org/stay-safe-online/
15 January 2013 1ABCT Weekly NewsletterNoel Waterman
15 January 2013 1ABCT Weekly Newsletter: please pass along to Soldiers, Family and Friends of 1ABCT. You can always stay up to date with local events by going to 1st Infantry Division page at http://www.riley.army.mil/default.aspx or if you are having issues reading this you can click on this link to read the weekly news. http://www.riley.army.mil/UnitPage.aspx?unit=1bct. We are always up and posting new information on FaceBook!
3 January 2013 1ABCT Weekly Newsletter: please pass along to Soldiers, Family and Friends of 1ABCT. You can always stay up to date with local events by going to 1st Infantry Division page at http://www.riley.army.mil/default.aspx or if you are having issues reading this you can click on this link to read the weekly news. http://www.riley.army.mil/UnitPage.aspx?unit=1bct. We are always up and posting new information on FaceBook!
19 December 2012 1ABCT Weekly NewsletterNoel Waterman
19 December 2012 1ABCT Weekly Newsletter: please pass along to Soldiers, Family and Friends of 1ABCT. You can always stay up to date with local events by going to 1st Infantry Division page at http://www.riley.army.mil/default.aspx or if you are having issues reading this you can click on this link to read the weekly news. http://www.riley.army.mil/UnitPage.aspx?unit=1bct. We are always up and posting new information on FaceBook!
December 2012 1ID Fort Riley Monthly News UpdateNoel Waterman
Please find attached this month’s 1ID and Fort Riley monthly news update*. For your convenience it will be posted to the following link in the next few days: http://www.1id.army.mil/DocumentList.aspx?lib=1ID_FRG_Updates
1. Resources
National Cyber-Alert System:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0076
National Crime Prevention Association:
http://www.ncpc.org/
Army Information Assurance Portal:
https://www.milsuite.mil/login/Login?goto=https%3A%2F%2Fwww.milsuite.
mil%3A443%2Fwiki%2FPortal%3AArmy_Information_Assurance
Homeland Security Cyber Security Tips:
http://www.dhs.gov/cybersecurity
National Cyber Awareness System:
http://www.us-cert.gov/alerts-and-tips/
DoD Chief Information Officer:
http://dodcio.defense.gov/Home/Topics/InformationAssurance.aspx
12 1
2. BE VIGILANT. REPORT SUSPICIOUS ACTIVITY.
Image credits:
Front cover:
U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B
Inside back cover:
U.S Army photo by Staff Sgt. Mike Pryor, 2nd BCT, 82nd Abn. Div. Public Affairs
2 11
3. Safe home computing Operations Security (OPSEC)
Home computers are typically not well secured and therefore are often Terrorists select targets that offer the most opportunity for success.
easy to break into. Intruders want what you've stored (i.e., credit card Information passed unknowingly by military personnel, and increasingly via
numbers, bank account information, passwords) and anything else they cyberspace, is being used by terrorists in their planning efforts. OPSEC
find useful. Intruders also want your computer's resources, meaning your denies terrorists information about potential targets and reduces the
hard disk space, your fast processor, and your Internet connection. They availability of this information.
use these resources to attack other computers on the Internet. The more
computers an intruder uses, the harder it is for law enforcement to find the OPSEC focus areas for Antiterrorism include:
originating source. If intruders can't be located, they can't be stopped, and
• Deny intelligence and information to terrorists
they can't be prosecuted.
• Avoid rigid operational routines that produce observable patterns
What should I do to secure my home computer? • Know terrorist collection methods and techniques as well as the terrorist
• Install and use anti-virus programs planning cycle and cyber attack methods
• Keep your system patched • Integrate OPSEC into organizational security programs and individual
personal protection measures
• Use care when reading email with attachments
• Install and use a firewall program Sample Cyberspace OPSEC procedures:
• Install, use, and enable strong security measures on a home wireless • Coordinate physical security measures to prevent unauthorized access
router to computer networks, equipment, facilities, and documents
• Make backups of important files • Password protect or restrict computer access to itineraries, travel plans,
personnel rosters, building and base plans, billeting assignments, and
• Use strong passwords and change them frequently
very important person (VIP) guest lists
• Use care when downloading and installing programs
• Don’t post personal, work, or family information to open social media
• Understand the risk of downloading files and programs websites
• Install and use a file encryption program and access controls • Be careful who you allow into your social network; if you do not know a
person who attempts to connect with you, investigate who they are and
why they want to join your social network.
• Don’t post sensitive work information or photographs on the internet;
always assume a threat adversary is reading your material
10 3
4. Advances in technology increase risk Privacy tips for social networking
Advancements in technology pose new threats to security of critical Social networking sites like Facebook, Google+, Twitter, Foursquare,
information. In order to counter an adversary from employing these LinkedIn, and others are a great way to keep family & friends updated on
technologies, we must first know the technologies that exist and how they your life and to connect with colleagues, business associates, and
might be used within close proximity of our critical information. communities that share your interests. Make sure you are comfortable with
the information you share and use privacy settings to protect your
Defense measures include: information.
• Educate Army computer users on restrictions for use of information
technologies Protect personal information
• Work closely with information systems administrators to establish control STOP! THINK! THEN CONNECT. Think carefully about the kinds of
measures information, comments, photos, and videos you share online.
• Ensure personnel responsible for entry/exit inspections are properly Do not post job related information about: Personnel movements
trained (itineraries, rosters, time tables, travel plans); current or future operations
(movement of forces, capabilities & limitations, coalition & participating
Commander at all levels must: forces); intelligence, reconnaissance & surveillance (TTPs, capabilities and
limitations, operational reporting); or communication in support of
• Apply the OPSEC review process outlined in AR 530-1 (Operations
operations (work email addresses, logins and passwords, details of specific
Security)
equipment, infrastructure and call signs).
• Review their Web Pages and ensure they are OPSEC compliant
KNOW YOUR AUDIENCE: Consider who may have access to your profile:
• Ensure all Army web sites are registered family, friends, friends of friends, your school, college admissions officers,
• Limit details about the organization's specific capabilities, potential employers. Use available privacy settings to manage your
readiness, and operational matters audience.
• Verify there is a valid mission need to disseminate the
information
Your privacy is only as protected as your least reliable
friend allows it to be. When you choose to share
information with friends, those friends can make their
own decisions about forwarding your content. Think
carefully before sharing.
4 9
5. Vulnerabilities on websites: Critical information is information that is vital to a specified mission. If a
terrorist or spy obtains critical information, correctly analyzes it, and acts
• Installation or facility maps designating points of interest (such as
upon it, the compromise of the information may prevent or seriously
barracks, work areas, headquarters, dining facilities) degrade mission success. Critical information can be classified or
• Security force schedules and rotation plans unclassified. Classified information requires OPSEC measures for
• Security operating procedures additional protection because it can be revealed through unclassified
indicators. The use of essential elements of friendly information (EEFI)
• Tactics, techniques, and procedures protects critical information because it prevents the release of sensitive or
• Capabilities and intent classified details.
• Indicators of unit morale Example of EEFI for threat countermeasures
• Information which may undermine leadership • When do security guards or law enforcement change shifts?
• Photographs particularly when they are accompanied by descriptive • Are guards armed?
captions • Is there a security response team alarm – how quick is the response?
• Personal information about patterns and routines • Where is the security alarm / power system – is it protected?
• Work email addresses • Are external CCTV cameras operated and are they actually monitored?
• How many security guards are there in a specific building (day and
What we can do to reduce risk on the internet: night)?
• Ensure any information you post has no significant value to the enemy • Does the building practice fire drills and where are the assembly areas
• Consider the audience when you are posting personal information on a (do they change the assembly areas or keep them the same for every
blog or website, or sending an email evacuation)?
• Always assume a threat adversary is reading your material • Are mail/packages accepted at night? How are packages processed –
must they go through a centralized screening location?
• If you are threatened as a result of something you have posted or
through an open forum such as blog – believe the threat and report it
immediately
• Avoid posting work email addresses if possible; they can provide targets
for phishing attacks
• Follow OPSEC policies and procedures
• Work with your OPSEC officer
8 5
6. OPSEC in the Blogosphere
“Our adversaries derive up to 80% of their intelligence A Blog (short for Web Log) is a frequent, chronological publication of
personal thoughts and web links, including a mix of what’s happening in a
from open-source information.” CRS Report for
person’s life. Blogs may include forms of personal diaries or guides for
Congress, Sensitive But Unclassified Information and others.
Other Controls: Policy and Options for Scientific and Military blogs, by their nature, attract the attention of a variety of threats to
Technical Information, December 29, 2006 include terrorists and spies. Tidbits of information gathered from blogs and
other open source information make up pieces of a puzzle, which when
combined, can complete a picture of what may become a terrorist’s or
How can OPSEC help protect my organization against spy’s target.
terrorism?
Examples include:
Terrorists require intelligence to accomplish their objectives. You can apply
the OPSEC process to identify critical information that terrorists can use • Posting sensitive photographs on the internet, such as battle scenes,
against you and control those indicators that give away that critical casualties, destroyed or damaged equipment, and especially the effects
information. of threat weapon systems such as improvised explosive devices
• Some photographs include geo-location and date/time information.
Terrorists seek—and OPSEC is intended to deny—
• Enemies can use this information for propaganda purposes, battle
information about: damage assessments, targeting, and refinement of TTPs
• What is important to Army units, personnel, and families • Enemies can also use personal information to target individual soldiers
• How accessible it is and their families for attack, both overseas and at home
• If we are able to replace the item of interest
• How vulnerable it is (security weaknesses)
• What it is vulnerable to (threat tactics)
• What outcome can be achieved if attacked
• How easy it is to find or locate
6 7
7. OPSEC in the Blogosphere
“Our adversaries derive up to 80% of their intelligence A Blog (short for Web Log) is a frequent, chronological publication of
personal thoughts and web links, including a mix of what’s happening in a
from open-source information.” CRS Report for
person’s life. Blogs may include forms of personal diaries or guides for
Congress, Sensitive But Unclassified Information and others.
Other Controls: Policy and Options for Scientific and Military blogs, by their nature, attract the attention of a variety of threats to
Technical Information, December 29, 2006 include terrorists and spies. Tidbits of information gathered from blogs and
other open source information make up pieces of a puzzle, which when
combined, can complete a picture of what may become a terrorist’s or
How can OPSEC help protect my organization against spy’s target.
terrorism?
Examples include:
Terrorists require intelligence to accomplish their objectives. You can apply
the OPSEC process to identify critical information that terrorists can use • Posting sensitive photographs on the internet, such as battle scenes,
against you and control those indicators that give away that critical casualties, destroyed or damaged equipment, and especially the effects
information. of threat weapon systems such as improvised explosive devices
• Some photographs include geo-location and date/time information.
Terrorists seek—and OPSEC is intended to deny—
• Enemies can use this information for propaganda purposes, battle
information about: damage assessments, targeting, and refinement of TTPs
• What is important to Army units, personnel, and families • Enemies can also use personal information to target individual soldiers
• How accessible it is and their families for attack, both overseas and at home
• If we are able to replace the item of interest
• How vulnerable it is (security weaknesses)
• What it is vulnerable to (threat tactics)
• What outcome can be achieved if attacked
• How easy it is to find or locate
6 7
8. Vulnerabilities on websites: Critical information is information that is vital to a specified mission. If a
terrorist or spy obtains critical information, correctly analyzes it, and acts
• Installation or facility maps designating points of interest (such as
upon it, the compromise of the information may prevent or seriously
barracks, work areas, headquarters, dining facilities) degrade mission success. Critical information can be classified or
• Security force schedules and rotation plans unclassified. Classified information requires OPSEC measures for
• Security operating procedures additional protection because it can be revealed through unclassified
indicators. The use of essential elements of friendly information (EEFI)
• Tactics, techniques, and procedures protects critical information because it prevents the release of sensitive or
• Capabilities and intent classified details.
• Indicators of unit morale Example of EEFI for threat countermeasures
• Information which may undermine leadership • When do security guards or law enforcement change shifts?
• Photographs particularly when they are accompanied by descriptive • Are guards armed?
captions • Is there a security response team alarm – how quick is the response?
• Personal information about patterns and routines • Where is the security alarm / power system – is it protected?
• Work email addresses • Are external CCTV cameras operated and are they actually monitored?
• How many security guards are there in a specific building (day and
What we can do to reduce risk on the internet: night)?
• Ensure any information you post has no significant value to the enemy • Does the building practice fire drills and where are the assembly areas
• Consider the audience when you are posting personal information on a (do they change the assembly areas or keep them the same for every
blog or website, or sending an email evacuation)?
• Always assume a threat adversary is reading your material • Are mail/packages accepted at night? How are packages processed –
must they go through a centralized screening location?
• If you are threatened as a result of something you have posted or
through an open forum such as blog – believe the threat and report it
immediately
• Avoid posting work email addresses if possible; they can provide targets
for phishing attacks
• Follow OPSEC policies and procedures
• Work with your OPSEC officer
8 5
9. Advances in technology increase risk Privacy tips for social networking
Advancements in technology pose new threats to security of critical Social networking sites like Facebook, Google+, Twitter, Foursquare,
information. In order to counter an adversary from employing these LinkedIn, and others are a great way to keep family & friends updated on
technologies, we must first know the technologies that exist and how they your life and to connect with colleagues, business associates, and
might be used within close proximity of our critical information. communities that share your interests. Make sure you are comfortable with
the information you share and use privacy settings to protect your
Defense measures include: information.
• Educate Army computer users on restrictions for use of information
technologies Protect personal information
• Work closely with information systems administrators to establish control STOP! THINK! THEN CONNECT. Think carefully about the kinds of
measures information, comments, photos, and videos you share online.
• Ensure personnel responsible for entry/exit inspections are properly Do not post job related information about: Personnel movements
trained (itineraries, rosters, time tables, travel plans); current or future operations
(movement of forces, capabilities & limitations, coalition & participating
Commander at all levels must: forces); intelligence, reconnaissance & surveillance (TTPs, capabilities and
limitations, operational reporting); or communication in support of
• Apply the OPSEC review process outlined in AR 530-1 (Operations
operations (work email addresses, logins and passwords, details of specific
Security)
equipment, infrastructure and call signs).
• Review their Web Pages and ensure they are OPSEC compliant
KNOW YOUR AUDIENCE: Consider who may have access to your profile:
• Ensure all Army web sites are registered family, friends, friends of friends, your school, college admissions officers,
• Limit details about the organization's specific capabilities, potential employers. Use available privacy settings to manage your
readiness, and operational matters audience.
• Verify there is a valid mission need to disseminate the
information
Your privacy is only as protected as your least reliable
friend allows it to be. When you choose to share
information with friends, those friends can make their
own decisions about forwarding your content. Think
carefully before sharing.
4 9
10. Safe home computing Operations Security (OPSEC)
Home computers are typically not well secured and therefore are often Terrorists select targets that offer the most opportunity for success.
easy to break into. Intruders want what you've stored (i.e., credit card Information passed unknowingly by military personnel, and increasingly via
numbers, bank account information, passwords) and anything else they cyberspace, is being used by terrorists in their planning efforts. OPSEC
find useful. Intruders also want your computer's resources, meaning your denies terrorists information about potential targets and reduces the
hard disk space, your fast processor, and your Internet connection. They availability of this information.
use these resources to attack other computers on the Internet. The more
computers an intruder uses, the harder it is for law enforcement to find the OPSEC focus areas for Antiterrorism include:
originating source. If intruders can't be located, they can't be stopped, and
• Deny intelligence and information to terrorists
they can't be prosecuted.
• Avoid rigid operational routines that produce observable patterns
What should I do to secure my home computer? • Know terrorist collection methods and techniques as well as the terrorist
• Install and use anti-virus programs planning cycle and cyber attack methods
• Keep your system patched • Integrate OPSEC into organizational security programs and individual
personal protection measures
• Use care when reading email with attachments
• Install and use a firewall program Sample Cyberspace OPSEC procedures:
• Install, use, and enable strong security measures on a home wireless • Coordinate physical security measures to prevent unauthorized access
router to computer networks, equipment, facilities, and documents
• Make backups of important files • Password protect or restrict computer access to itineraries, travel plans,
personnel rosters, building and base plans, billeting assignments, and
• Use strong passwords and change them frequently
very important person (VIP) guest lists
• Use care when downloading and installing programs
• Don’t post personal, work, or family information to open social media
• Understand the risk of downloading files and programs websites
• Install and use a file encryption program and access controls • Be careful who you allow into your social network; if you do not know a
person who attempts to connect with you, investigate who they are and
why they want to join your social network.
• Don’t post sensitive work information or photographs on the internet;
always assume a threat adversary is reading your material
10 3
11. BE VIGILANT. REPORT SUSPICIOUS ACTIVITY.
Image credits:
Front cover:
U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B
Inside back cover:
U.S Army photo by Staff Sgt. Mike Pryor, 2nd BCT, 82nd Abn. Div. Public Affairs
2 11
12. Resources
National Cyber-Alert System:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0076
National Crime Prevention Association:
http://www.ncpc.org/
Army Information Assurance Portal:
https://www.milsuite.mil/login/Login?goto=https%3A%2F%2Fwww.milsuite.
mil%3A443%2Fwiki%2FPortal%3AArmy_Information_Assurance
Homeland Security Cyber Security Tips:
http://www.dhs.gov/cybersecurity
National Cyber Awareness System:
http://www.us-cert.gov/alerts-and-tips/
DoD Chief Information Officer:
http://dodcio.defense.gov/Home/Topics/InformationAssurance.aspx
12 1