I. INTRODUCTION

Operations Security methodologies and techniques have evolved in response to the needs and requirements of the OPSEC customer. The application of OPSEC methodologies and techniques has been dependent upon the technical skills and experience of the individual OPSEC practitioner in the customer environment. As a result, these methodologies and techniques are not uniformly utilized. The purpose of this paper is to: Argue variability in applying OPSEC methodologies and techniques is undesirable Offer a quantifiable methodology for structuring the OPSEC process; and Initiate dialog within the community to address structuring of the OPSEC process and the use of concepts from the risk analysis community to support Step 4 of the OPSEC process.

 II. HISTORICAL PERSPECTIVE

Operations Security can be traced to communications security (COMSEC) assessment activities of the early 1960's. COMSEC assessments relied on monitoring to determine the vulnerability of communications to analytic exploitation. While monitoring provided a sampling of U.S. communications. it did not satisfactorily identify vulnerabilities. As a needed alternative to monitoring, the COMSEC survey was initiated. The COMSEC survey was a process of interviewing operational and communications personnel to identify vulnerabilities to existing threats. These interviews sought the operational requirements and modus operandi of the communicating parties.

"... want to read the full article? - Join OPS or order a Journal."