OPSEC is defined as what?

• A. OPSEC is the process of denying information about friendly capabilities and intentions to the enemy
• B. The process of protecting sensitive information across the enterprise
• C. A method of encrypting data
• D. A process of training personnel to handle information securely

Answer: (B)

Protecting sensitive information across the enterprise is OPSEC. It’s a systematic, risk-management approach that aims to prevent information that could reveal capabilities, intentions, or vulnerabilities from reaching adversaries. OPSEC looks at what information is sensitive, what threats could exploit it, where weaknesses exist, and what the potential impact would be if that information were exposed. It’s broader than any single tactic like encryption or training alone; those can be part of OPSEC, but the concept covers people, processes, and technology across the whole organization. By identifying critical information and applying appropriate safeguards—such as access controls, proper handling procedures, and careful information sharing—OPSEC helps reduce the likelihood that an adversary can assemble useful intelligence.