OPSEC Professional's Banner
"(U)pon Secrecy, Success depends in Most Enterprises and for want of it, they are generally defeated." -George Washington, on OPSEC

OPSEC With an "AL", or OPSEC with an "S"?

Operations Security? or Operational Security?

The two terms are often used almost interchangeably, which can lead to a great deal of confusion and miscommunication. In reality, although both terms are often abbreviated as “OPSEC”, they each refer to distinct types of security.

OPSEC (as in OperationS Security) is the process by which we view our operations from an adversarial standpoint. Countermeasures are then recommended to mitigate any potential indicators that may aid an adversary in determining what we are doing.

Compare this to OPSEC (As in OperationAL Security- you can see how this gets confusing!) is best described as the security that is in place to secure a particular Operation.

In simpler terms, Operations Security refers to the program, procedures, mindset, etc., while Operational Security refers to a specific Operation, and is on a case by case basis.

It must be noted that while Operational Security is often abbreviated as OPSEC, this is not technically correct. OPSEC means, and when used correctly, always refers to, Operations Security. This is standardized within the industry so as to avoid this confusion.

To further muddy the waters, the Information Security communinity, as noted in the CISSP exam, uses the term OPSEC, or Operational Security, to refer to the managerial and procedural controls that contribute to the overall security posture.

But- if you see OPSEC on this site, you'll know what we mean!

Creative Commons License
Presentation Software in OPSEC Presentations by OSPA is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
Based on a work at www.opsecprofessionals.org.

    Copyright © 2009. All Rights Reserved.