What is Operational Security (OPSEC)?
The process of identifying, controlling, and protecting information that could give an adversary insight into your activities, intentions, or capabilities.
OPSEC originated in military intelligence but applies to anyone who needs to protect sensitive information.
The Five Steps
- Identify critical information: What do you need to protect?
- Analyze threats: Who might want this information?
- Analyze vulnerabilities: How could they get it?
- Assess risk: How likely is each vulnerability to be exploited?
- Apply countermeasures: What can you do to reduce risk?
Digital OPSEC Checklist
- Use unique passwords for every account
- Enable strong 2FA everywhere
- Compartmentalize identities (separate email, browser, devices)
- Review what you share publicly (social media, forums)
- Use encrypted communications for sensitive discussions
- Regularly audit your digital footprint
The Weakest Link
OPSEC is only as strong as the weakest link in the chain. Technical security is worthless if you discuss sensitive information in person near someone's phone, or post about it on social media under your real name.
Related Terms
Compartmentalization
The practice of separating different activities, identities, or data into isolated compartments so that a compromise in one doesn't affect the others.
OPSEC Mistakes
Common operational security failures that compromise privacy or anonymity, often involving small details that link a protected identity to a real one.
Threat Model
A systematic analysis of what you're trying to protect, from whom, the consequences of failure, and what resources you can apply. Threat modeling helps prioritize security efforts by focusing on realistic threats rather than theoretical ones.
Have more questions?
Use our guided flow to get the right next privacy step for Operational Security (OPSEC).
Open Guided Flow