I. INTRODUCTION

Once an adversary or competitor acquires critical information, significant harm or damage may occur to an operation or program. To acquire this damaging critical information the adversary may choose to indirectly acquire pieces of sensitive information (possibly unclassified or unclassifiable) and then infer and aggregate. Hence, it is important to protect both critical and sensitive information from adversaries. To be effective, one must first determine which information is indeed critical or sensitive. This manual presents a step-by-step procedure to aid a decision maker in determining the critical information and the sources of sensitive information for which he' has responsibility by identifying:

A. Organization
B. Operations
C. Adversaries, Goals, and Objectives
D. Generic Operation Categories
E. Critical Information Components
F. The Critical Information (an aggregation from step 5)
G. Sources of Information
H. Major Vulnerabilities
I. Sources of Sensitive Information (Indicator Categories).

"... want to read the full article? - Join OPS or order a Journal."