A process to identify, control and protect information that is generally available to the public regarding sensitive or classified information and activities that could be used by a potential adversary to the disadvantage of a governmental agency, nongovernmental organization or private entity/individual. Application of the OPSEC process promotes operational effectiveness by helping prevent the inadvertent compromise of sensitive or classified information regarding the activities, capabilities, or intentions of a governmental agency, non-governmental organization or private entity/individual. The operations security process involves five steps. (1) Identify critical information: what must be protected? (2) Analyze the threat: who is the potential adversary? (3) Analyze direct and indirect vulnerabilities: how might the adversary collect the information that must be protected? (4) Assess the risk: balance the cost of correcting the vulnerabilities as compared to the cost of losing the information that must be protected. (5) Implement appropriate countermeasures: eliminate or reduce vulnerabilities, and/or disrupt the adversary's collection capabilities and efforts and/or prevent the accurate interpretation of the information that must be protected. (FEMA, IIFOG Version 3 Draft, Feb 2008, pp. 38-39)