National Counterintelligence and Security Center
Establish an Insider Risk Program
eLearning Courses
- Insider Threat Awareness Course INT101.16
- Establishing an Insider Threat Program for Your Organization INT122.16
- Developing a Multidisciplinary Insider Threat Capability INT201.16
- Insider Threat Mitigation Responses INT210.16
- Preserving Investigative and Operational Viability in Insider Threat INT220.16
- Insider Threat Records Checks INT230.16
- Insider Threat Basic HUB Operations INT240.16
- Critical Thinking for Insider Threat Analysts INT250.16
- Insider Threat Privacy and Civil Liberties INT260.16
- Maximizing Organizational Trust INT270.16
- Cyber Insider Threat INT280.16
- Behavioral Science in Insider Threat INT290.16Back
Job Aids
- PERSEREC Insider Risk Evaluation and Audit Tool
- DHS CISA Insider Threat Mitigation Resources | CISA
- DHS CISA Insider Risk Self-Assessment Tool | CISA
- DCSA/Center for Development of Security Excellence:
- Behavioral Science and Insider Threat
- Critical Thinking Techniques for Insider Threat Analyst
- Critical Thinking Tools for Insider Threat Analyst
- Cultural Competence and Insider Risk
- Human Resources and Insider Threat Programs
- Insider Risk Implementation Guide for Food and Agriculture
- Insider Risk Programs for the Healthcare and Public Health Sectors
- Insider Threat Program Kinetic Violence Self-Assessment: Lessons Learned from School Safety
- Insider Threat Vigilance Campaign Guidance
- Potential Risk in Informal Banking and Finance
- Potential Risk Indicators: Insider Threat
- Potential Risk Indicators: Kinetic Violence
- Privacy Act Consent Rule Exceptions
- Privacy and Civil Liberties Case Law Examples
- Sample Insider Threat Program Plan
- Tales from the Inside: Volume 1
- Tales from the Inside: Volume 2
- Tales from the Inside: Volume 3
- Tales from the Inside: Volume 4
- The Critical Pathway - Facilitated Discussion Guide
- The Principle of Confidentiality
- Turning People Around, Not Turning Them In - Facilitated Discussion Guide
- Understanding Espionage and National Security Crimes
- Why Threats of Violence Are Not Protected
- Workplace Environment and Organizational Justice
Policy
- Presidential Policy Directive: Critical Infrastructure Security and Resiliency
The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure.
Resources
- Full Catalog of Training Materials for Insider Threat Practitioners
Insider Threat Programs are designed to deter, detect, and mitigate actions by insiders who represent a threat to national security. CDSE has provided an extensive catalog of insider threat resources for your use. - Insider Threat Mitigation
This CISA site is designed to assist individuals, organizations, and communities in improving or establishing an insider threat mitigation program. - National Infrastructure Protection Plan
This job aid discusses the risk management framework and how it is implemented within the context of the unique characteristics and risk landscape of the sector. This website provides the sector specific plan and links to sector resources. - National Insider Threat Task Force
This site provides insider risk resources to assist you in developing your Insider Risk Program.
Promote Awareness in Your Organization
Case Studies
- Case Study Library
Explore a growing repository of U.S. case studies. Learn about the crimes, the sentences, the impact, and the potential risk indicators that, if identified, could have mitigated harm.
eLearning Courses
- Insider Threat Awareness, INT101.16
This course provides a thorough understanding of how Insider Threat Awareness is an essential component of a comprehensive security program.
Job Aids
- Potential Insider Risk Indicators: Insider Threat
Most insider threats exhibit risky behavior prior to committing negative workplace events. If identified early, many risks can be mitigated before harm to the organization occurs. This job aid provides information about the potential risk indicators for which you should be looking. - Potential Risk Indicators: Kinetic Violence
In the weeks and months before an active shooter attack, many active shooters engage in behaviors that may signal impending violence. While some of these behaviors are intentionally concealed, others are observable and — if recognized and reported — may lead to a disruption prior to an attack.
Watch & Learn
- Insider Threat Training Videos
This repository contains 18 training videos about insider threat, including the 4-part award-winning series “Turning People Around, Not Turning Them In.”
Additional Resources
- National Insider Threat Awareness Month
Participating in Insider Threat Awareness Month can help your program detect, deter, and mitigate insider risk by increasing awareness and promoting reporting. This website will help you identify a variety of activities and engagements available to your organization. - More Awareness Materials
Instilling a sense of vigilance in the general workforce is a basic tenet of establishing an insider risk program. Developing avigilance campaign for your organization is an effective solution. Deploying regular messaging, awareness, and communications materials ensures that the general workforce is prepared to recognize and respond to the insider risk.
Counterintelligence Program for Industry & Academia
The National Counterintelligence and Security Center (NCSC) provides resources and best practices for organizations looking to implement counterintelligence (CI) programs. These resources cover various aspects related to CI awareness, risk mitigation, and countering foreign intelligence threats. Please review the following information:
- Enterprise Risk Mitigation Blueprint for Non-Intelligence Agencies: Although geared towards federal agencies, this 2023 brochure from the NCSC provides best practices for any organization looking to implement an enterprise risk mitigation program.
- Countering Foreign Intelligence Threats – Implementation and Best Practices Guide: This job aid gives best practices for implementing a CI Program. It is well-suited for facility security personnel and senior leaders.
- Counterintelligence (CI) Awareness Integration Plan: This job aid provides basic guidelines on setting up a CI program. It addresses universal principles applicable anywhere, not just within the Department of Defense (DOD).
- Understanding Espionage and National Security Crimes: This resource discusses the difference between economic espionage, trade secret theft, and violations related to Export Administration Regulation (EAR) or International Traffic in Arms Regulation (ITAR).
- Computer Security Resource Center Toolkit: The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) toolkit for computer security resources has a wealth of information for incorporating both CI and cyber into a security program. It is more applicable for network administrators and information technology and security personnel.
- Watch & Learn CDSE Counterintelligence Awareness Video Lesson: A four-minute YouTube video that serves as a basic primer on Counterintelligence and Security. It is suited for all facility personnel.
These resources provide valuable insights and best practices for implementing effective counterintelligence measures in both industry and academia.
Operations Security for Industry & Academia
National OPSEC Program Office - Operations Security (dni.gov)
Toolkits
Academic Resources
The Association of American Universities is composed of America’s leading research universities. AAU’s 65 research universities transform lives through education, research, and innovation. Visit the AAU Science & Security website to learn about their role in protecting research and innovation.
The National Science Foundation is committed to maintaining the integrity of international scientific collaborations. They have developed resources to enhance research security practices that are reliable and adaptive to emerging and evolving threats. Visit the NSF Research Security site for more information.
Cybersecurity Awareness for Industry & Academia
eLearning Courses
- Cyber Security Awareness, CS130.16
This 30-minute course provides a working knowledge of cyber intrusion methods and cybersecurity countermeasures to assist employees in preventing cyber attacks and protecting their systems and information.
Job Aids
- Cyber Essentials Guide
This guide developed by CISA is for leaders of small businesses as well as leaders of small and local government agencies to enable them to develop an actionable understanding of where to start implementing organizational cybersecurity practices. - Mobile Device Safety
This job aid from the Office of the Director of National Intelligence (ODNI) provides basic tips for mobile device safety in the current environment. - Spearfishing and Common Cyber Attacks
This job aid from the Office of the Director of National Intelligence provides information about spearfishing and current cyber attack methods. - Top 10 Routinely Exploited Vulnerabilities
This job aid provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats. - CISA Regional Offices
This job aid provides a map with CISA Regional Office contact information.
Reports
- NIST Framework for Improving Critical Infrastructure Cybersecurity
Executive Order 13636 directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the voluntary framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
Toolkits
- Cyber Essentials Toolkit
The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the interrelated aspects of an organizational culture of cyber readiness. - NSA Cybersecurity Advisories and Technical Guidance
This site provides advisories and mitigations on evolving cybersecurity threats. Some resources on this site have access requirements. - OnGuardOnline
This Federal Trade Commission website contains general information and tips to protect information and devices online. - NCSC Awareness Materials
The materials in this toolkit will enable personnel to better understand existing threats to and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.
Watch & Learn
- NCSC Cyber Training Series
This is a series of three courses designed for professionals new to the cyber realm. It introduces users to the computer'scomponent layers and associated functions, virtualization concepts, and security methods. - Protect Your Computer from Malware
Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobiledevice without your consent. Learn more about how to avoid, detect, and get rid of malware.
Webinars
- Creating a Workplace Culture of Cybersecurity
This CDSE webcast is designed for those with responsibility for ensuring a secure cybersecurity environment in theworkplace and will give practical tips for how to develop a culture that promotes good cybersecurity practices.
National Cybersecurity Policy for Industry & Academia
Policy
- NIST Special Publications Library (800 Series)
- NIST SP 800-146 Cloud Computing Synopsis and Recommendations
- Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (OMB Memo)
- Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Social Media Considerations for Industry & Academia
Job Aids
- Social Media Safety
This job aid from ODNI provides best practices for navigating social media safely. - Social Media: Leveraging Value while Mitigating Risk
The slides from a presentation by David Etue, Vice President of Corporate Development Strategy at SafeNet, discuss theimportance, impact and risk of social media in protection health information, and discuss some best practices in mitigation ofthose risks. - Facebook Smartcard (Configuration Guide)
This is a quick configuration guide for Facebook. - Facebook Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their Facebook profile to mitigatetheir risk. - LinkedIn Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their LinkedIn profile to mitigatetheir risk. - Twitter Smartcard (Configuration Guide)
This is a quick configuration guide for Twitter. - Twitter Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their Twitter account to mitigatetheir risk.
Reports
- Internet Social Networking Risks
This ODNI report provides definitions of terms associated with internet and social networking risks and provides practicaltips and best practices for mitigating the risk.
Watch & Learn
- Social Media Video Lesson
This video lesson explores the risks associated with social media and why you should be concerned.
Safeguarding Science
Safeguarding Science
An Outreach Initiative for Protecting Research and Innovation
in Emerging Technologies
An informed, empowered scientific community is best positioned to assess emerging technologies and their applications and to design measures to guard against the potential misuse or theft of these technologies. The National Counterintelligence and Security Center (NCSC) has partnered with multiple federal agencies to develop an outreach initiative, “Safeguarding Science,” designed to raise awareness of the spectrum of risk in emerging technologies and to help stakeholders in these fields to develop their own methods to protect research and innovation. The initiative focuses on emerging technology sectors where the stakes are potentially greatest for U.S. economic and national security, including the following:
Please click the above images for additional information.
SAFEGUARDING SCIENCE GOALS
- Promote a U.S. research ecosystem that emphasizes collaboration, openness, equity, integrity, and security, all of which facilitate innovation
- Provide curated resources for our stakeholders to support best practices in protecting research and innovation
- Supplement existing ethics training with security education to provide case studies relating to misuse and exploitation of research
- Provide inclusive educational opportunities for domestic / international students and faculty that are germane to the fields of research and development
- Assist academia and industry in developing their own methods to protect research from theft, misuse, abuse, or exploitation.
- Highlight shared responsibility of scientific community and U.S. government to protect research and innovation in emerging technologies
- Develop a culture of security awareness to supplement existing compliance measures, fostering scientific citizenship
- Evolve from a “do no harm” mentality to an explicit “not on my watch” mentality
- Foster information exchanges to better identify emerging technology security challenges
- Establish liaison contacts between scientific community and the U.S. government
- Facilitate tripwire/suspicious activity reporting
SAFEGUARDING SCIENCE TOOLKIT
The resources categorized on the upper left side of the page have been developed with partners at the National Science Foundation (NSF), National Institute for Standards and Technology (NIST), the Department of Health and Human Services (HHS), the Federal Aviation Administration (FAA), the Department of Defense (DOD), and other federal agencies.
The toolkit provides partners with a range of resources to choose from to help them better protect their research and innovation. The resources include training, best practices, videos, awareness materials, policy references, and other materials from across the U.S. government, as well as from academia (including training for research institutions made by research institutions). The toolkit will remain a dynamic resource that is maintained and updated. Select a category to start accessing resources. Links to any non-Governmental information are provided for reference and awareness, and not as directions or NCSC recommendations.
As mandated by Congress, a core NCSC mission is to conduct counterintelligence (CI) outreach to the U.S. private sector, academic and research communities, as well as other external stakeholders to arm them with information about foreign intelligence threats to their organizations and ways to mitigate risk.
