Cybersecurity Awareness for Industry & Academia

eLearning Courses

• Cyber Security Awareness, CS130.16
  This 30-minute course provides a working knowledge of cyber intrusion methods and cybersecurity countermeasures to assist employees in preventing cyber attacks and protecting their systems and information.

Job Aids

• Cyber Essentials Guide
  This guide developed by CISA is for leaders of small businesses as well as leaders of small and local government agencies to enable them to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
• Mobile Device Safety
  This job aid from the Office of the Director of National Intelligence (ODNI) provides basic tips for mobile device safety in the current environment.
• Spearfishing and Common Cyber Attacks
  This job aid from the Office of the Director of National Intelligence provides information about spearfishing and current cyber attack methods.
• Top 10 Routinely Exploited Vulnerabilities
  This job aid provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats.
• Joint Cyber Intelligence Tool Suite (JCITS)
  In partnership with industry, JCITS uses mapping of cleared contractor public infrastructure and fuses those maps with known cyber-attack patterns of foreign adversaries.
• CISA Regional Offices
  This job aid provides a map with CISA Regional Office contact information.

Posters

• Phishing 8.5 x 11 / 17 x 22
• Protect Your Information 8.5 x 11 / 17 x 22
• Secure Your Information 8.5 x 11 / 17 x 22
• Stronger Passwords 8.5 x 11 / 17 x 22

Reports

• NIST Framework for Improving Critical Infrastructure Cybersecurity
  Executive Order 13636 directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the voluntary framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

Toolkits

• Cyber Essentials Toolkit
  The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the interrelated aspects of an organizational culture of cyber readiness.
• NSA Cybersecurity Advisories and Technical Guidance
  This site provides advisories and mitigations on evolving cybersecurity threats. Some resources on this site have access requirements.
• OnGuardOnline
  This Federal Trade Commission website contains general information and tips to protect information and devices online.
• NCSC Awareness Materials
  The materials in this toolkit will enable personnel to better understand existing threats to and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.

Watch & Learn

• Cybersecurity Attacks - The Insider Threat
  This 15-minute video teaches the viewer to recognize and mitigate the attacks performed by witting and unwitting entities that comprise the cybersecurity environment.
• NCSC Cyber Training Series
  This is a series of three courses designed for professionals new to the cyber realm. It introduces users to the computer'scomponent layers and associated functions, virtualization concepts, and security methods.
• Protect Your Computer from Malware
  Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobiledevice without your consent. Learn more about how to avoid, detect, and get rid of malware.

Webinars

• Creating a Workplace Culture of Cybersecurity
  This CDSE webcast is designed for those with responsibility for ensuring a secure cybersecurity environment in theworkplace and will give practical tips for how to develop a culture that promotes good cybersecurity practices.

Games

• Cybersecurity: Tomorrow’s Internet
  InternetTest your knowledge of cybersecurity and earn badges as you go.
• Cybersecurity Magic 8 Ball
  Can you correctly predict how the Magic 8 Ball will answer these cybersecurity questions?
• Cybersecurity Trivia Twirl
  This game features a wheel with six segments, each representing a different Cybersecurity category. Spin the wheel andcorrectly answer the question to “collect” that category segment. Play continues until you successfully collect all sixcategory segments.

National Cybersecurity Policy for Industry & Academia

Policy

• NIST Special Publications Library (800 Series)
• NIST SP 800-146 Cloud Computing Synopsis and Recommendations
• Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (OMB Memo)
• Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Social Media Considerations for Industry & Academia

Job Aids

• Social Media Safety
  This job aid from ODNI provides best practices for navigating social media safely.
• Social Media: Leveraging Value while Mitigating Risk
  The slides from a presentation by David Etue, Vice President of Corporate Development Strategy at SafeNet, discuss theimportance, impact and risk of social media in protection health information, and discuss some best practices in mitigation ofthose risks.
• Facebook Smartcard (Configuration Guide)
  This is a quick configuration guide for Facebook.
• Facebook Smartcard (Trifold)
  This trifold brochure is an easy way to provide employees with the basics of configuring their Facebook profile to mitigatetheir risk.
• LinkedIn Smartcard (Trifold)
  This trifold brochure is an easy way to provide employees with the basics of configuring their LinkedIn profile to mitigatetheir risk.
• Twitter Smartcard (Configuration Guide)
  This is a quick configuration guide for Twitter.
• Twitter Smartcard (Trifold)
  This trifold brochure is an easy way to provide employees with the basics of configuring their Twitter account to mitigatetheir risk.

Posters

• Social Networking 8.5 x 11 / 17 x 22
• Twitter 8.5 x 11 / 17 x 22

Reports

• Internet Social Networking Risks
  This ODNI report provides definitions of terms associated with internet and social networking risks and provides practicaltips and best practices for mitigating the risk.

Watch & Learn

• Social Media Video Lesson
  This video lesson explores the risks associated with social media and why you should be concerned.

Safeguarding Science

Safeguarding Science

An Outreach Initiative for Protecting Research and Innovation
in Emerging Technologies

An informed, empowered scientific community is best positioned to assess emerging technologies and their applications and to design measures to guard against the potential misuse or theft of these technologies. The National Counterintelligence and Security Center (NCSC) has partnered with multiple federal agencies to develop an outreach initiative, “Safeguarding Science,” designed to raise awareness of the spectrum of risk in emerging technologies and to help stakeholders in these fields to develop their own methods to protect research and innovation. The initiative focuses on emerging technology sectors where the stakes are potentially greatest for U.S. economic and national security, including the following:

Please click the above images for additional information.

SAFEGUARDING SCIENCE GOALS

• Promote a U.S. research ecosystem that emphasizes collaboration, openness, equity, integrity, and security, all of which facilitate innovation
• Provide curated resources for our stakeholders to support best practices in protecting research and innovation
  • Supplement existing ethics training with security education to provide case studies relating to misuse and exploitation of research
  • Provide inclusive educational opportunities for domestic / international students and faculty that are germane to the fields of research and development
• Assist academia and industry in developing their own methods to protect research from theft, misuse, abuse, or exploitation.
  • Highlight shared responsibility of scientific community and U.S. government to protect research and innovation in emerging technologies
  • Develop a culture of security awareness to supplement existing compliance measures, fostering scientific citizenship
  • Evolve from a “do no harm” mentality to an explicit “not on my watch” mentality
• Foster information exchanges to better identify emerging technology security challenges
  • Establish liaison contacts between scientific community and the U.S. government
  • Facilitate tripwire/suspicious activity reporting

SAFEGUARDING SCIENCE TOOLKIT

The resources categorized on the upper left side of the page have been developed with partners at the National Science Foundation (NSF), National Institute for Standards and Technology (NIST), the Department of Health and Human Services (HHS), the Federal Aviation Administration (FAA), the Department of Defense (DOD), and other federal agencies.

The toolkit provides partners with a range of resources to choose from to help them better protect their research and innovation. The resources include training, best practices, videos, awareness materials, policy references, and other materials from across the U.S. government, as well as from academia (including training for research institutions made by research institutions). The toolkit will remain a dynamic resource that is maintained and updated. Select a category to start accessing resources. Links to any non-Governmental information are provided for reference and awareness, and not as directions or NCSC recommendations.

As mandated by Congress, a core NCSC mission is to conduct counterintelligence (CI) outreach to the U.S. private sector, academic and research communities, as well as other external stakeholders to arm them with information about foreign intelligence threats to their organizations and ways to mitigate risk.

Operations Security

NCSC executes the roles and responsibilities of the National Operations Security (OPSEC) Program Office, as described in National Security Presidential Memorandum 28 (NSPM-28) and supports department and agency implementation of OPSEC programs. NCSC/ETD provides additional guidance, works with all Executive Branch departments and agencies to develop their programs, and provides program development, training, and awareness materials.

As set forth in NSPM-28, the National Operations Security Program (NOP) supports the establishment, implementation, and standardization of stakeholder OPSEC programs across the Executive Branch of the U.S. Government (USG) and, as appropriate, beyond to trusted partners.

NSPM-28 requires all Executive Branch departments and agencies to implement OPSEC capabilities that identify and protect their most critical assets, identify and mitigate vulnerabilities, consider foreign adversarial threats in their organization’s risk management activities, and apply sufficient threat mitigation practices to counter the threat. NOP requirements are set forth in NSPM-28.

National OPSEC Awareness Month

January 2024 —

• National OPSEC Awareness Month Flyer 2024

Enterprise Risk Mitigation

October 2023 —

• Enterprise Risk Mitigation Blueprint for Non-Intelligence Agencies

OPSEC Bulletins

April 2024 —

• Enterprise Threat Bulletin – Conference Tracking Tags: Risk Considerations

March 2023 —

• OPSEC Advisory – TikTok Concerns and Vulnerabilities

NOP Authorities & Policies

• NSPM – 28 Requirements

  Please Note: National Security Presidential Memorandum (NSPM) 28 is Unclassified but not approved for public release and therefore cannot be posted on this website. Stakeholders within the US government may reach out to This email address is being protected from spambots. You need JavaScript enabled to view it. to obtain a copy.

• NCSC Memo – National Security Operations Security

OPSEC Training

• Registrar: This email address is being protected from spambots. You need JavaScript enabled to view it.
• 2024 OPSEC Training Schedule
• OPSEC for All

OPSEC Resources & Templates

• Critical Information List (CIL) Example
• OPSEC Analysis Resources
• OPSEC for Publicly Facing Websites Checklist
• OPSEC Program Manager Appointment Letter Sample
• OPSEC Program Continuity Book (Table of Contents) Example
• OPSEC Program Plan Template 1
• OPSEC Program Plan Template 2
• OPSEC Program Plan Template 3
• OPSEC Program Policy Checklist
• OPSEC Program Policy Template
• OPSEC Program Self-Evaluation Checklist
• OPSEC Working Group Appointment Letter Template
• OPSEC Working Group Charter Template
• NCSC Memo on National Operations Security Program
• OPSEC Training Standards NOP PMO ADVISORY
• NSPM 28 List Of Requirements Appendix A
• OPSEC Awareness Month Messaging Champion Communications Packet for Universities/Colleges

OPSEC Posters

• World for Targets
• Two Faces
• Trash
• The World is Always Watching
• Talk 2 Much
• Release Your Inner Dragon
• Identify vulnerabilities
• Fleet Tweets
• Combat Boots
• Career Day
• Advertising Family
• Eye Chart
• Insider Threat
• Eagle
• Critical Information