Protection of information Published Sept. 4, 2008 By Victor Duckarmenn 21st Space Wing OPSEC Program Manager PETERSON AIR FORCE BASE, Colo. -- Information protection, operations security and information security combine to protect your personal and professional information from the "adversary." How do we protect critical information? The basic principle, central to all three disciplines, is "need to know." The application of a strict need-to-know policy is your personal responsibility. It's a condition of your employment with the Air Force. If you deal with classified or controlled unclassified information, you must determine a need to know to prevent compromise of the mission information, as well as your personal data. If you collect unclassified, sensitive or critical information, you must protect it. Does just anyone need to know all the information on a recall roster? Do we just give out "For Official Use Only" information on a whim or to anyone that requests it? Do you leave your ID card in the computer and walk off? Have you "gabbed" a little too much about the deployment you are assigned to with friends, family and the kid next door? Without the application of need to know both on and off base, you place information in danger of being used against your fellow Airman. What measures or tools are available in order for you to secure and protect critical information? Let's look at some of the available tools. We all must use available security tools to maintain control of critical information. This includes secure videoconferencing, secure internal networks, classified faxes, encryption of internal military e-mail, push-to-talk phones, sanitized voice mail, sanitized out-of-office replies, safes, locked file cabinets, cover sheets and a host of other generic measures used to preserve our control of information and activities. Failure to apply the need-to-know principle and these everyday tools leads to the neglect of our personal and professional information. Critical information, sensitive information, privacy act and personal information is endangered when neglected and is irreplaceable when lost. Yes, you can replace information. However, if the enemy has it, you run higher risk of compromising your personal information and possibly the mission. Whose responsibility is information protection? Yours! So, don't forget, it all boils down to you protecting your identity, your mission data, securing your wireless communications and protecting life and property in the bargain. Practice good OPSEC and you practice good information protection and information security.