"(U)pon Secrecy, Success depends in Most Enterprises and for want of it, they are generally defeated." -George Washington, on OPSEC


OPSEC Glossary of Terms
  Information provided by IOSS
 
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
Abbreviations & Acronyms
 
 
 A
 Top of Page
 

acceptable level of risk: An authority's determination of the level of potential harm to an operation, program, or activity due to the loss of information that the authority is willing to accept.

access control mechanisms: Measures or procedures designed to prevent unauthorized access to protected information or facilities.

ACINT: See Acoustic Intelligence.

Acoustic Intelligence: Intelligence information derived from the collection and analysis of acoustical phenomena (DOD JP 1997a).

adversary: An individual, group, organization or government that must be denied critical information. Synonymous with competitor/enemy.

adversary collection methodology: Any resource and method available to and used by an adversary for the collection and exploitation of sensitive/critical information or indicators thereof.

adversary threat strategy: The process of defining, in narrative or graphical format, the threat presented to an operation, program, or project. The adversary threat strategy should define the potential adversaries, the courses of action those adversaries might take against the operation, and the information needed by the adversaries to execute those actions.

agent: A person who engages in a clandestine activity.

AIS: See Automated Information Systems.

analysis: The process by which information is examined in order in order to identify significant facts and/or derive conclusions.

assessment: To evaluate the worth, significance, or status of something; especially to give an expert judgment of the value or merit of something.

asset: 1. Any resource-a person, group, relationship, instrument installation, supply-at the disposition of an intelligence agency for use in an operational or support role. 2. A person who contributes to a clandestine mission but is not a fully controlled agent (ICS 1989).

authentication: Security measures designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information (NSTISSI 1997).

authenticity: Having an undisputed identity or origin.

Automated Information Systems: An assembly of computer hardware, software, or firmware configured to collect, create, communicate, compute, disseminate, process, store, or control data or information (NSC EO 1995).

availability: The assurance that data transmissions, computer processing systems, and/or communications are not denied to those who are authorized to use them (JCS 1997).

 
 B
 Top of Page
 

No Definitions

 
 C
 Top of Page
 


camouflage: The use of natural or artificial material on personnel, objects, or positions (e.g., tactical) in order to confuse, mislead, or evade the enemy/adversary (DOD JP 1997a).

case officer: A professional employee of an intelligence organization who is responsible for providing direction for an agent operation. CCD. See the individual components: camouflage; concealment; and deception. (ICS 1989).

clandestine operation: 1. An operation sponsored or conducted by government departments or agencies in such a way as to insure secrecy or concealment (JCS 1997). 2. An operation sponsored or conducted in such a way as to insure the secrecy or concealment of the person or organization doing the sponsoring/conducting. See also covert operation; overt operation.

classification: The determination that official information requires, in the interest of national security, a specific degree of protection against unauthorized disclosure, coupled with a designation signifying that such a determination has been made; the designation is normally termed a security classification and includes Confidential, Secret, and Top Secret (ICS 1989).

classification guide: A documentary form of classification guidance, issued by an original classification authority. It identifies the elements of information, regarding a specific subject, that must be classified and establishes the level and duration of classification for each such element (NSC EO 1995).

classified information: Information that has been determined, pursuant to Executive Order 12598 or any predecessor order, to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form (NSC EO 1995).

COMINT: See Communications Intelligence.

Command and Control Warfare: The integrated use of operations security (OPSEC), military deception, psychological operations (PSYOP), electronic warfare (EW), and physical destruction. C2W is mutually supported by intelligence to deny information to, influence, degrade, or destroy adversary command and control capabilities. This process is accomplished while protecting friendly command and control capabilities against such actions. Command and control warfare applies across the operational continuum and all levels of conflict (DOD JP 1997a).

C2W: See Command and Control Warfare.

commercial-off-the-shelf: Any commercially available hardware or software. communications deception. Deliberate transmission, retransmission, or alteration of communications in order to mislead an adversary's interpretation of the communications (NSTISSI 1997).

Communications Intelligence: Technical and intelligence information derived from the intercept of foreign communications by other than the intended recipients of those communications (DOD JP 1997a; ICS 1989).

communications profile: An analytic model of communications associated with an organization or activity. The model is prepared from a systematic examination of communications content and patterns, the functions they reflect, and the COMSEC measures applied (NSTISSI 1997).

Communications Security: Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material (NSTISSI 1997).

compartmentation: 1. A formal system for restricting access to selected activities or information. 2. The establishment and management of an organization so that information about the personnel, internal organization, or activities of one component is made available to any other component only to the extent required for the performance of assigned duties (DOD JP 1997a).

competitor: See adversary.

compromise: Unauthorized intentional or unintentional disclosure of information or data to unauthorized persons. Compromise is also a security policy violation of a system in which, modification, destruction, or loss of an object may have occurred (NSTISSI 1997).

compromising emanations: Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems equipment (NSTISSI 1997). NOTE: This is also known as TEMPEST.

COMPUSEC: See Computer Security.

Computer Security: Measures and controls that ensure confidentiality, integrity, and^ availability of information systems assets including hardware, software, firmware, and information being processed, stored, and communicated (NSTISSI 1997).

COMSEC: See Communications Security.

COMSEC monitoring: The act of listening to, copying, or recording transmissions of one's own official telecommunications in order to analyze the degree of security (NSTISSI 1997).

concealment: The act of remaining hidden.

confidential source: Any individual or organization that provides information to the United States government on matters pertaining to the national security and expects, in return, that the information or relationship, or both, will be held in confidence (NSC EO 1995).

confidentiality: An assurance that information is not disclosed to unauthorized entities or processes (DOD JP 1994; JCS 1997).

contingency plan: Plan maintained for emergency response, backup operations, and post-disaster recovery for an information system, to ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation (NSTISSI 1997).

controlled information: Information and indicators deliberately conveyed or denied to foreign targets in order to evoke invalid official estimates that result in foreign official actions advantageous to U.S. interests and objectives (DOD JP 1997a).

COTS: See commercial-off-the-shelf

counterintelligence: 1. That phase of intelligence covering all activity designed to neutralize the effectiveness of adversary intelligence collection activities. 2. Those activities that are concerned with identifying and counteracting the security threat posed by hostile intelligence services, organizations, or by individuals engaged in espionage, sabotage, subversion, or terrorism. (DOD JP 1997a).

countermeasure: Anything which effectively negates or mitigates an adversary's ability to exploit vulnerabilities.

cover: Protective action taken to mask or conceal an operation or activity from an adversary.

covert operation: An operation that is so planned and executed as to conceal the identity of, or permit plausible denial by, the sponsor (JCS 1997). A covert operation differs from a clandestine operation in that emphasis is placed on concealment of the identity of the sponsor, rather than on concealment of the operation. Synonymous with law enforcement's undercover operation.

Critical and Sensitive Information List: Those areas, activities, functions, or other matters that a facility/organization considers most important to keep from adversaries (DOE 1992).

critical information: Specific facts about friendly (e.g., U.S.) intentions, capabilities, or activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for accomplishment of friendly objectives.

critical infrastructures: Certain national infrastructures so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. These critical infrastructures include telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services (including medical, police, fire, and rescue), and continuity of government (JCS 1997; EO n.d.).

cryptanalysis: Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption (NSTISSI 1997).

crypto-equipment: The equipment used to render plain information unintelligible and restore encrypted information to intelligible form.

cryptography: Art or science concerning the principles, means, and methods for rendering plain information unintelligible and of restoring encrypted information to intelligible form (JCS 1997; NSTISSI 1996).

cryptosecurity: A component of communications security resulting from the provisions of technically sound cryptosystems and their proper use (NSTISSI 1996).

CSIL: See Critical and Sensitive Information List.

 
 D
 Top of Page
 


damage: A loss of friendly effectiveness due to adversary action. Synonymous with harm.

deception: Those measures designed to mislead the enemy/adversary by manipulation, distortion, or falsification of evidence in order to induce a reaction from that adversary which is prejudicial to the adversary's interests (DOD JP 1997a).

Defense Information Infrastructure: The Dn encompasses information transfer and processing resources, including information and data storage, manipulation, retrieval, and display. More specifically, the DII is the shared or interconnected system of computers, communications, data, applications, security, people, training, and other support structure, serving the DOD's local and worldwide information needs. The Dn (a) connects DOD mission support, command and control, and intelligence computers and users through voice, data, imagery, video, and multimedia services, and (b) provides information processing and value-added services to subscribers over the DISN. Unique user data, information, and user applications are not considered part of the DII (JCS 1997).

Defense Information Systems Network: 1. A sub-element of the DII, the DISN is the DOD's consolidated worldwide enterprise level telecommunications infrastructure that provides the end-to-end information transfer network for supporting military operations. It is transparent to its users, facilitates the management of information resources, and is responsive to national security and defense needs under all conditions in the most efficient manner (JCS 1997; ASD C311994) 2. The DISN is an information transfer network with value-added services for supporting national defense C31 decision support requirements and CIM functional business areas. As a[n] information transfer utility, the DISN provides dedicated point-to-point, switched voice and data, imagery and video teleconferencing communications services (JCS 1997).

denial: 1. The act of disowning or disavowing. 2. The refusal to grant something. See also deception; denial of service.

denial of service: When action(s) result in the inability to communicate and/or the inability of an AIS or any essential part to perform its designated mission, either by loss or degradation of a signal or operational capability (JCS 1997). detectable actions. Physical actions or whatever can be heard, observed, imaged, or detected by human senses, or by active and/or passive technical sensors, including emissions that can be intercepted.

DF: See Direction Finding.

DIL: See Defense Information Infrastructure.

Direction Finding: A procedure for obtaining bearings of radio frequency emitters by using a highly directional antenna and a display unit on an intercept receiver or ancillary equipment (DOD JP 1997a). disclosure. The release of information through approved channels.

DISN: See Defense Information Systems Network.

 
 E
 Top of Page
 

economic intelligence: Intelligence regarding economic resources, activities, and policies.

EEFL: See Essential Elements of Friendly Information.

EEL: See Essential Elements of Information.

Electronic Intelligence: Technical and geolocation intelligence derived from foreign non-communications transmissions (e.g., radar) by other than nuclear detonations or radioactive sources (DOD JP 1997a).

Electronic Security: Protection resulting from measures designed to deny unauthorized persons information from the interception and analysis of noncommunication electromagnetic emissions, such as radar (NSTISSI 1997).

Electronic Warfare: Any military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy. The three major subdivisions within electronic warfare are: electronic attack, electronic protection, and electronic warfare support (DOD JP 1994; JCS 1997).

ELINT: See Electronic Intelligence.

ELSEC: See Electronic Security.

Emissions Security: Protection resulting from measures taken to deny unauthorized persons information derived from the intercept and analysis of compromising emanations from crypto- equipment or an information system (NSTISSI 1997).

EMSEC: See Emission Security.

enemy: See adversary.

espionage: 1. The act or practice of spying or of using spies to obtain secret intelligence. 2. Overt, covert, or clandestine activity. A term which is usually used in conjunction with the country against which such an activity takes place. For example, espionage against the U.S.

Essential Elements of Friendly Information: In the context of "friend or foe," these are specific pieces of information regarding friendly (i.e., our) intentions, capabilities, and activities which are likely to be sought by our foes (i.e., our enemies/competitors).

Essential Elements of Information: In the context of "friend or foe," these are specific pieces of information which are likely to be sought by friendly planners about specific adversaries' intentions, capabilities, and activities. essential secrecy. The condition achieved by denial of critical information to adversaries (DOD JP 1997a).

EW: See Electronic Warfare.

exploitation: The process of obtaining intelligence information from any source and taking advantage of it.

 
 F
 Top of Page
 

facilities: Buildings, structures, or other real property. Entities such as military bases, industrial sites, and office complexes may be identified as facilities.

firewall: A system designed to prevent unauthorized access to or from a private network. (JCS 1997).

foe: An opponent; the antithesis of friend.

FOIA: See Freedom of Information Act.

foreign intelligence service: An organization of a foreign government that engages in intelligence activities (ICS 1989).

Freedom of Information Act: A provision that any person has a right, enforceable in court, of access to federal agency records, except to the extent that such records (or portions thereof) are protected from disclosure by one of nine exemptions (DOD 1997).

friend: A country, individual, or organization with whom one is allied in a struggle or cause.

friendly: An adjective that describes an operation or activity that is carried out by a friend (e.g., friendly fire).

 
 G
 Top of Page
 
GIL: See Global Information Infrastructure.

Global Information Infrastructure: The information systems of all countries, international and multinational organizations and multi-international commercial communications services (JCS 1997; CJCS 1997).

GOTS: See government-off-the-shelf.

government-off-the-shelf: An item that has been developed by the government and produced to military or commercial standards and specifications, is readily available for delivery from an industrial source, and may be procured without change to satisfy a military requirement (ASD C3I1997).

 
 H
 Top of Page
 

hacker: An individual who gains unauthorized access to an automated information system.

Human Intelligence: A category of intelligence derived from information collected and/or provided by human sources (DOD JP 1997a).

HUMINT: See Human Intelligence.

 
 I
 Top of Page
 

IA: See Information Assurance.

1C: See Intelligence Community.

identification: See authentication.

imagery: Collectively, the representations of objects reproduced electronically or by optical means on film, electronic display devices, or other media (DOD JP 1997a).

Imagery Intelligence: Intelligence derived from the exploitation of collection by visual photography, infrared sensors, lasers, electro-optics, and radar sensors such as synthetic aperture radar wherein images of objects are reproduced optically or electronically on film, electronic display devices, or other media (DOD JP 1997a).

IMINT: See Imagery Intelligence.

imitative communications deception: Introduction of deceptive messages or signals into an adversary's telecommunications signals (NSTISSI 1997).

inadvertent disclosure: Accidental exposure of information to a person not authorized access (NSTISSI 1997).

incident: An assessed event of attempted entry, unauthorized entry, and/or attack against a facility, operation, or an AIS (JCS 1997).

indicator: See Operations Security indicator.

industrial espionage: The act of seeking a competitive, commercial advantage by obtaining a competitor's trade secrets and/or logistics. The acquisition of industrial information through clandestine operations.

information: Any knowledge that can be communicated andd/or any documentary material regardless of its physical form or characteristics (NSC EO 1995).

Information Assurance: Information operations that proteect and defend information an information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities (JCS 1997; DoDD 1996).

information integrity: The state that exists when information is unchanged from its source and has not been accidentally or intentionally modified, altered, or destroyed (NSC EO 1995; JCS 1997). See also integrity.

Information Operation: Any action involving the acquisition, transmission, storage, or transformation of information that enhances the employment of military forces (ICS 1989).

information security: The result of any system of policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information whose protection is authorized by executive order or statute (ICS 1989).

Information Systems Security: The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats (NSTISSI 1997).

Information Warfare: 1. Actions taken to achieve information superiority by adversely affecting an adversary's information, information-based processes, and/or information systems while defending one's own information, information-based processes, and/or information systems (DOD JP 1994). 2. Information operations conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries (JCS 1997; DoDD 1996).

INFOSEC: See Information Systems Security.

INFOWAR: See Information Warfare.

integrity: Absolute verification that data or information has not been modified in transmission or during computer processing (JCS 1997). See also information integrity.

intelligence: Information and/or knowledge about an adversary obtained through observation, investigation, analysis, or understanding (DOD JP 1994).

intelligence collection: The act of gathering information from all available sources to meet an intelligence requirement.

Intelligence Community: The aggregate of the following executive branch organizations and agencies involved in intelligence activities: the Central Intelligence Agency; the National Security Agency; the Defense Intelligence Agency; offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs; the Bureau of Intelligence and Research of the Department of State; intelligence elements of the military services, the Federal Bureau of Investigation, the Department of the Treasury, and the Department of Energy; and staff elements of the Office of the Director of Central Intelligence (ICS 1989).

intelligence cycle: The steps by which information is converted into intelligence and made available to users. The cycle has been described as including five steps: planning and direction; collection; processing; production; and dissemination.

intelligence data: See intelligence information.

intelligence information: Unevaluated material that may be used in the production of intelligence.

Information of intelligence value: Synonymous with intelligence data.

intelligence system: Any system (formal or informal) which is used to manage data gathering, obtain and process the data, interpret the data, and provide analytically-sound opinions to decision makers in order that they may make informed decisions with regard to various courses of action. The term is not limited to intelligence organizations or services but includes any system, in all its parts, that accomplishes the listed tasks (DOD JP 1994).

intention: An aim or design (as distinct from a capability) to execute a specified course of action (DOD JP 1994).

intercept: 1. Data which is obtained through the passive collection of signals. Interrupting access, communication, or the flow of a process.

I0: See Information Operation.

IW: See Information Warfare.

 

 J

 Top of Page
 

No Definitions

 
 K
 Top of Page
 

No Definitions

 
 L
 Top of Page
 

Low Probability of Detection: The result of measures used to hide or disguise intentional electromagnetic transmissions (NSTISSI 1997).

Low Probability of Intercept: Result of measures to prevent the intercept of intentional electromagnetic transmissions (NSTISSI 1997).

LPD: See Low Probability of Detection.

LPL: See Low Probability of Intercept.

 
 M
 Top of Page
 

manipulative communications deception: Alteration or simulation of friendly telecommunications for the purpose of deception (NSTISSI 1997).

MASINT: See Measurement and Signature Intelligence.

Measurement and Signature Intelligence: Scientific and technical intelligence obtained by quantitative and qualitative analysis of data (metric, angle, spatial, wavelength, time dependence, modulation, plasma, and hydromagnetic). This data is derived from specific technical sensors for the purpose of identifying any distinctive features associated with the source, emitter, or sender. This facilitates subsequent identification and or measurement of the same (DOD JP 1994).

MLS: See Multilevel Security.

Multilevel Security: The concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization (NSTISSI 1997).

 
 N
 Top of Page
 

National Information Infrastructure: 1. The nation-wide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. It includes both public and private networks, the Internet, the public switched network, and cable, wireless, and satellite communications (JCS 1997- DOD JP 1997a; IITF 1995).

national security: Measures adopted by the government of a nation in order to assure the safety of its citizens, guard against attack, and prevent disclosure of sensitive or classified information which might threaten or embarrass said nation.

need-to-know: A determination which is made by an authorized holder of classified or proprietary information as to whether or not a prospective recipient requires access to specific the information in order to perform or assist in a lawful and authorized governmental function (NSC EO 1995).

NIL: See National Information Infrastructure.

nonrepudiation: Assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so that neither can later deny having processed the data. Digital signatures are the current non-repudiation technique of choice for the Nil (DOD JP 1994; JCS 1997; NSTISSI 1996).

 
 O
 Top of Page
 

observables: Any actions that reveal indicators which are exploitable by adversaries.

Open Source Intelligence: Information of potential intelligence value that is available to the general public (DOD JP 1994).

Operations Security: 1. A systematic, proven process by which a government, organization, or individual can identify, control, and protect generally unclassified information about an operation/activity and, thus, deny or mitigate an adversary's/competitor's ability to compromise or interrupt said operation/activity (NSC 1988). 2. OPSEC is a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to (a) identify those actions that can be observed by adversary intelligence systems, (b) determine indicators adversary intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries, and select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation (DOD JP 1994; JCS 1997).

Operations Security assessment: A thorough evaluation of the effectiveness of a customer's implementation of OPSEC methodology, resources, and tools. Assessments (a) are used to evaluate the effectiveness of the customer's corporate level OPSEC program and (b) can be used at the program level to determine whether or not a program is a viable candidate for an OPSEC survey.

Operations Security indicator: Any detectable activity and/or information that, when looked at by itself or in conjunction with something else, allows an adversary to obtain critical or sensitive information.

Operations Security plan: A strategy that analyzes an operation or activity and includes specific operations security measures.

Operations Security process: An analytical process that involves five components: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures (NSC 1988).

Operations Security program: An OPSEC program is the vehicle by which the principles and practices of OPSEC are employed within an organization.

Operations Security survey: The application of OPSEC methodology at the program level. It is a detailed analysis of all activities associated with a specific operation, project or program in order to determine what exploitable evidence of classified or sensitive activity could be acquired in light of the known collection capabilities of potential adversaries.

Operations Security working group A (normally formally) designated body representing a broad range of line and staff activities within an organization that provides OPSEC advice and support to leadership and all elements of the organization.

OPSEC: See Operations Security.

OSINT: See Open Source Intelligence.

overt collection: The acquisition of information via the public domain.

overt operation An operation conducted openly, without concealment.

 
 P
 Top of Page
 

perceived collection threat: An estimate of the present and future resource allocations and capabilities of an adversary to gain information. Synonymous with potential threat.

physical security: 1. The application of physical barriers and control procedures as countermeasures against threats to resources and sensitive information (NCSC 1994). 2. The security discipline concerned with physical measures designed to safeguard personnel; prevent unauthorized access to equipment, installations, material, and documents; and to safeguard them against espionage, sabotage, damage, and theft.

potential threat: See perceived collection threat.

procurement: The process of obtaining personnel, services, supplies, and equipment (DOD JP 1994).

profile: A collection and/or display (e.g., a written or graphical descrription) of the signatures an patterns of an individual or organization.

proprietary information: Material and information relating to, or associated with, a company's products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that have been clearly identified and properly marked by the company as proprietary information, trade secrets, or company confidential information. The information must have been developed by the company and not be available to the government or to the public without restriction from another source (NSTISSI 1997).

protected information: Includes sensitive, critical and/or classified information.

protective measures: Those actions, procedures, or designs implemented to safeguard protected information.

Psychological Operations: Planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and, ultimately, the behavior of foreign governments, organizations, groups, and individuals. The purpose of PSYOP is to induce or reinforce foreign attitudes and behavior favorable to the originator's objectives. (JCS 1997; DOD JP 1993).

PSYOP: See Psychological Operations.

public domain: In open view; before the public at large and not in private or employing secrecy or other protective measures.

 
 Q
 Top of Page
 

No Definitions

 
 R
 Top of Page
 

risk: A measure of the potential degree to which protected information is subject to loss through adversary exploitation.

risk analysis: A method by which individual vulnerabilities are compared to perceived or actual security threat scenarios in order to determine the likelihood of compromise of critical information.

risk assessment: An OPSEC process of evaluating the risks of information loss based on an analysis of threats to, and vulnerabilities of, a system, operation or activity.

risk avoidance: A security philosophy which postulates that adversaries are all-knowing and highly competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities (JSCR 1994).

risk management: A security philosophy which considers actual threats, inherent vulnerabilities, and the availability and costs of countermeasures as the underlying basis for making security decisions (JSCR 1994).

 
 S
 Top of Page
 

SAP: See Special Access Program.

security: Precautions taken to establish and maintain an acceptable level of protection.

secure communications: Telecommunications deriving security through use of type 1 products and/or protected distribution systems (NSTISSI 1997).

sensitive information: Information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy (NSTISSI 1997).

SIGINT: See Signals Intelligence.

Signals Intelligence: A category of intelligence comprising either individually or in combination all communications intelligence, electronic intelligence, and foreign instrumentation signals intelligence, however transmitted (DOD JP 1994).

Signals Security: Generic term encompassing communications security and electronic security (NSTISSI 1997).

SIGSEC: See Signals Security.

Special Access Program: A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level (NSC EO 1995).

surveillance: The systematic observation ofaerospace, surface or subsurface areas, places, persons,, or things, by visual, aural, photographic, or other means (DOD JP 1994).

 
 T
 Top of Page
 

TAISS: See Telecommunications and Automated Information Systems Security.

target: An individual, operation, or activity which an adversary has determined possesses information that might prove useful in attaining his/her objective.

telecommunications: Preparation, transmission, communication or related processing of information (writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro-optical, or electronic means (NSTISSI 1997).

Telecommunications and Automated Information Systems Security: Superseded by Information Systems Security (NSTISSI 1997).

telemetry: The science and technology of automatic data measurement and transmission, as by wire or radio, from remote sources, such as space vehicles, to a receiving station for recording and analysis.

Telemetry Intelligence: Technical and intelligence information derived from intercept, processing, and analysis of foreign telemetry; a subcategory of foreign instrumentation signals intelligence (ICS 1989).

TELINT: See Telemetry Intelligence.

TEMPEST: Short name referring to investigation, study, and control of compromising emanations from telecommunications and information systems equipment (NSTISSI 1997).

terrorism: The calculated use of violence or threat of violence to inculcate fear; intended to coerce or to intimidate governments or societies in the pursuit of goals that are generally political, religious, or ideological (DOD JP 1994).

threat: The capability of an adversary coupled with his intentions to undertake any actions detrimental to the success of program activities or operations.

threat analysis: An OPSEC process, which examines an adversary's technical and operational capabilities, motivation, and intentions, designed to detect and exploit vulnerabilities.

threat assessment: An evaluation of the intelligence collection threat to a program activity, system, or operation.

trade secret: See proprietary information.

TRANSEC See Transmission Security.

Transmission Security: Component of communications security from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis (JCS 1997; NSTISSI 1996).

Type 1 products: Classified or controlled cryptographic item endorsed by the National Security Agency for securing classified and sensitive U.S. government information, when appropriately keyed. The term refers only to products, and not to information, key, services, or controls. They are available to U.S. government users, their contractors, and federally sponsored non-U.S. government activities subject to export restrictions in accordance with International Traffic in Arms Regulation (NSTISSI 1997).

 
 U
 Top of Page
 

unauthorized disclosure: A communication or physical transfer to an unauthorized recipient (NSC EO 1995).

undercover operation: A phrase that is usually associated with the law enforcement community and which describes an operation that is so planned and executed as to conceal the identity of, or permit plausible denial by, the sponsor (JCS 1997). Synonymous with covert operation.

 
 V
 Top of Page
 

vulnerability: The susceptibility of information to exploitation by an adversary.

vulnerability analysis: A process which examines a friendly operation or activity from the point of view of an adversary, seeking ways in which the adversary might determine critical information in time to disrupt or defeat the operation or activity.

vulnerability assessment: The results of vulnerability analysis expressed as a degree of probable exploitation by an adversary.

 
 W
 Top of Page
 

No Definitions

 
 X
 Top of Page
 

No Definitions

 
 Y
 Top of Page
 

No Definitions

 
 Z
 Top of Page
 

No Definitions

 
 Abbreviations & Acronyms
 Top of Page
 
  • ACINT - Acoustic Intelligence
  • AIS - Automated Information Systems
  • ASD - Assistant Secretary of Defense
  • CCD - Camouflage, Cover, and Deception
  • CJCS - Chairman of the Joint Chiefs of Staff
  • CJCSI - Chairman Joint Chief of Staff Instruction
  • C3I - Command, Control, Communications, and Intelligence
  • C2W - Command and Control Warfare
  • COMINT - Communication Intelligence
  • COMPUSEC - Computer Security
  • COMSEC - Communications Security
  • COTS - Commercial-off-the-shelf
  • CSIL - Critical and Sensitive Information List
  • DF - Direction Finding
  • DII - Defense Information Infrastructure
  • DISN - Defense Information System Network
  • DOD - Department of Defense
  • DoDD - Department of Defense Directive
  • DOE - Department of Energy
  • EEFI - Essential Elements of Friendly Information
  • EEI - Essential Elements of Information
  • ELINT - Electronics Intelligence
  • ELSEC - Electronics Security
  • EMSEC - Emissions Security
  • EO - Executive Order
  • EW - Electronic Warfare
  • FOIA - Freedom of Information Act
  • GIL - Global Information Infrastructure
  • GOTS - Government-off-the-shelf
  • HUMINT - Human Intelligence
  • IA - Information Assurance
  • IC - Intelligence Community
  • ICS - Intelligence Community Staff
  • IITF - Information Infrastructure Task Force
  • IMINT - Imagery Intelligence
  • INFOSEC - Information Security
  • INFOWAR - Information Warfare
  • IO - Information Operation
  • IOSS - Interagency OPSEC Support Staff
  • IW - Information Warfare
  • JCS - Joints Chiefs of Staff
  • JP - Joint Publication
  • JSCR - Joint Security Commission Report
  • LPD - Low Probability of Detection
  • LPI - Low Probability of Intercept
  • MASINT - Measurement and Signature Intelligence
  • MLS - Multilevel Security
  • NCSC - National Computer Security Center
  • NII - National Information Infrastructure
  • NSC - National Security Council
  • NSDD 298 - National Security Decision Directive 298
  • NSTISSI - National Security Telecommunications and Information Systems Security Instruction
  • OPSEC - Operations Security
  • OSINT - Open Source Intelligence
  • PSYOP - Psychological Operations
  • SAP - Special Access Program
  • SIGINT - Signals Intelligence
  • SIGSEC - Signals Security
  • TAISS - Telecommunications and Automated Information Systems Security
  • TELIN. - Telemetry Intelligence
  • TRANSEC - Transmission Security