Vulnerabilities. (OPSEC vulnerabilities are normally found in the processes and procedures routinely used by organizations. This section should discuss the process by which vulnerabilities to critical information will be determined. This section will become more focused as the program/activity matures. This part of the plan will require periodic updating based on new threat information and changes in the scope of the program/activity. Determining vulnerabilities involves a systematic analysis of how an operation or activity is actually conducted by the primary and supporting organizations. The organization and activity must be viewed as an adversary might view it. Actions and things that can be observed, or other data that can be interpreted or pieced together to drive critical information, must be identified. These potential vulnerabilities must be matched with specific threats. Once you determine what an adversary needs to know and where that information is available, it is necessary to determine if it is possible that the adversary could acquire and exploit the information in time to capitalize on it. If so, a vulnerability exists.)
Appears in 2 contracts
Sources: Contract (Flight International Group Inc), Contract (Flight International Group Inc)