Because of the increasing criminal threat, information security is second nature to law enforcement. Protocols for the protection of sensitive information are routinely incorporated into police department policies and practices. These information security measures are intended to maintain the integrity and security of criminal investigations. The most common information security measures are admonitions against speaking about case or operational information in inappropriate settings and insistence on adherence to police department policies for contact with the media. Typically, the greatest threats to sensitive information result from inadvertent disclosure by informed individuals and from passive collection of information by persons outside the law enforcement organization. Efforts of criminal and extremist groups to target sensitive law enforcement information rely on print and other media, public filings, overt and covert observations, and the exploitation of witting and unwitting human sources within the police department. Operational security (OPSEC) denies actual or potential adversaries information regarding the capabilities and intentions of the law enforcement organization. Steps in the OPSEC process are outlined to help police departments implement countermeasures and protect sensitive information.