[ISN] DOD to re-emphasize security

From: InfoSec News (isnat_private)
Date: Thu Jun 05 2003 - 23:05:18 PDT

Next message: InfoSec News: "RE: [ISN] This computer security column is banned in Canada (Three messages)"

Previous message: InfoSec News: "[ISN] 'High Risk' Virus Spreading Rapidly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.fcw.com/fcw/articles/2003/0602/web-opsec-06-05-03.asp

By Dan Caterinicchia 
June 5, 2003

FORT LAUDERDALE, Fla. -- The secretary of Defense will soon issue a
directive placing a renewed emphasis on operational security (OPSEC)  
throughout the department.

Tom Mauriello, director of the interagency OPSEC support staff, said a
document has been awaiting DOD Secretary Donald Rumsfeld's signature
since before Operation Iraqi Freedom began that would infuse more
funding and guidance in the realm of operational security.

Mauriello's comments came during a June 4 speech at the Army Small
Computer Program's IT conference. He refused to answer any follow-up
questions, and would only tell FCW that there will soon be a
"resurgence of emphasis" on OPSEC coming down from the Pentagon.

During a high-energy, wide-ranging 90-minute presentation, Mauriello
discussed all aspects of OPSEC from the physical through the cyber
realm and explained the five-part process:

* Collection of critical information, which is not difficult since 80
  percent of all data is open source.

* Threat analysis.

* Vulnerability analysis.

* Risk assessment.

* Counter measures.

Everyone from the acquisition community to human resources personnel
to building maintenance are involved in OPSEC, but more work is
needed, he said.

"A good OPSEC program educates people in all parts of an organization
to think this way," Mauriello said.

As an example, a government intelligence agency decided to outsource
its building maintenance and gave all of its structural plans to 12
potential contractors. Those blueprints included detailed schematics
of the buildings, the locations of electronic and electric equipment
and sources, and other critical information.

Mauriello refused to name the agency, but said officials from there
only called him after they realized the magnitude of the mistake they
had made. "Many times [people] give information away and don't even
know it."
 
 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "RE: [ISN] This computer security column is banned in Canada (Three messages)"
Previous message: InfoSec News: "[ISN] 'High Risk' Virus Spreading Rapidly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 06 2003 - 01:19:26 PDT