Supply Chain Risk Management for Industry & Academia
Job Aids
- Deliver Uncompromised: Supply Chain Risk Management
This job aid delivers the basics on Supply Chain Risk Management (SCRM), which is essential to protect supply chains and deliver uncompromised. It defines the supply chain, highlights external supply chain threats, and helps you make a self-assessment of your own supply chain security. - Exploitation of Global Supply Chain
This job aid from the Defense Counterintelligence and Security Agency (DCSA) and National Counterintelligence and Security Center (NCSC) focuses on the perils of supply chain exploitation. This job aid is best suited for facility security personnel, senior leaders, and employees in acquisitions-type roles. - Software Supply Chain Attacks
This is a more advanced job aid from the Office of the Director of National Intelligence (ODNI) that details the compromise of software code that may come from legitimate sources. This job aid is best suited for security personnel, network administrators/information technology personnel, and technically minded employees.
Toolkits
- Supply Chain Risk Management
This toolkit from the National Counterintelligence and Security Center (NCSC) on Supply Chain Risk Management(SCRM) hosts multiple resources for developing a more advanced supply chain center security plan. This toolkit is best suited for facility security personnel, senior leaders, and employees in acquisitions-type roles. - CDSE Supply Chain Risk Management
This toolkit from the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) contains resources, including policy documents pertaining to supply chain risk management.
Watch & Learn
- Know The Risk – Raise Your Shield: Supply Chain Risk Management Video Lesson
This is a five minute video on YouTube developed by the Office of the Director of National Intelligence (ODNI). This short video gives the basics of Supply Chain Risk Management (SCRM) and is best suited for security personnel and senior leaders.
Webinars
- Counterintelligence, the Supply Chain, and You
This hour long webinar provides the basics on Supply Chain Risk Management (SCRM). A Defense Counterintelligence and Security Agency (DCSA) CI Special Agent (CISA) also talks about some tactics, techniques, and procedures for SCRM as seen in the field. This is a good introductory for anyone involved in the facility’s supply chain. - Supply Chain Resiliency
This hour long webinar conducted by the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) and National Counterintelligence and Security Center (NCSC) gives amore holistic look at Supply Chain Risk Management within the Federal Government. This webinar may be especially helpful for those in a facility’s acquisitions department.
Establish an Insider Risk Program
eLearning Courses
- Insider Threat Awareness Course INT101.16
- Establishing an Insider Threat Program for Your Organization INT122.16
- Developing a Multidisciplinary Insider Threat Capability INT201.16
- Insider Threat Mitigation Responses INT210.16
- Preserving Investigative and Operational Viability in Insider Threat INT220.16
- Insider Threat Records Checks INT230.16
- Insider Threat Basic HUB Operations INT240.16
- Critical Thinking for Insider Threat Analysts INT250.16
- Insider Threat Privacy and Civil Liberties INT260.16
- Maximizing Organizational Trust INT270.16
- Cyber Insider Threat INT280.16
- Behavioral Science in Insider Threat INT290.16Back
Job Aids
- PERSEREC Insider Risk Evaluation and Audit Tool
- DHS CISA Insider Threat Mitigation Resources | CISA
- DHS CISA Insider Risk Self-Assessment Tool | CISA
- DCSA/Center for Development of Security Excellence:
- Behavioral Science and Insider Threat
- Critical Thinking Techniques for Insider Threat Analyst
- Critical Thinking Tools for Insider Threat Analyst
- Cultural Competence and Insider Risk
- Human Resources and Insider Threat Programs
- Insider Risk Implementation Guide for Food and Agriculture
- Insider Risk Programs for the Healthcare and Public Health Sectors
- Insider Threat Program Kinetic Violence Self-Assessment: Lessons Learned from School Safety
- Insider Threat Vigilance Campaign Guidance
- Potential Risk in Informal Banking and Finance
- Potential Risk Indicators: Insider Threat
- Potential Risk Indicators: Kinetic Violence
- Privacy Act Consent Rule Exceptions
- Privacy and Civil Liberties Case Law Examples
- Sample Insider Threat Program Plan
- Tales from the Inside: Volume 1
- Tales from the Inside: Volume 2
- Tales from the Inside: Volume 3
- Tales from the Inside: Volume 4
- The Critical Pathway - Facilitated Discussion Guide
- The Principle of Confidentiality
- Turning People Around, Not Turning Them In - Facilitated Discussion Guide
- Understanding Espionage and National Security Crimes
- Why Threats of Violence Are Not Protected
- Workplace Environment and Organizational Justice
Policy
- Presidential Policy Directive: Critical Infrastructure Security and Resiliency
The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure.
Resources
- Full Catalog of Training Materials for Insider Threat Practitioners
Insider Threat Programs are designed to deter, detect, and mitigate actions by insiders who represent a threat to national security. CDSE has provided an extensive catalog of insider threat resources for your use. - Insider Threat Mitigation
This CISA site is designed to assist individuals, organizations, and communities in improving or establishing an insider threat mitigation program. - National Infrastructure Protection Plan
This job aid discusses the risk management framework and how it is implemented within the context of the unique characteristics and risk landscape of the sector. This website provides the sector specific plan and links to sector resources. - National Insider Threat Task Force
This site provides insider risk resources to assist you in developing your Insider Risk Program.
Promote Awareness in Your Organization
Case Studies
- Case Study Library
Explore a growing repository of U.S. case studies. Learn about the crimes, the sentences, the impact, and the potential risk indicators that, if identified, could have mitigated harm.
eLearning Courses
- Insider Threat Awareness, INT101.16
This course provides a thorough understanding of how Insider Threat Awareness is an essential component of a comprehensive security program.
Job Aids
- Potential Insider Risk Indicators: Insider Threat
Most insider threats exhibit risky behavior prior to committing negative workplace events. If identified early, many risks can be mitigated before harm to the organization occurs. This job aid provides information about the potential risk indicators for which you should be looking. - Potential Risk Indicators: Kinetic Violence
In the weeks and months before an active shooter attack, many active shooters engage in behaviors that may signal impending violence. While some of these behaviors are intentionally concealed, others are observable and — if recognized and reported — may lead to a disruption prior to an attack.
Watch & Learn
- Insider Threat Training Videos
This repository contains 18 training videos about insider threat, including the 4-part award-winning series “Turning People Around, Not Turning Them In.”
Additional Resources
- National Insider Threat Awareness Month
Participating in Insider Threat Awareness Month can help your program detect, deter, and mitigate insider risk by increasing awareness and promoting reporting. This website will help you identify a variety of activities and engagements available to your organization. - More Awareness Materials
Instilling a sense of vigilance in the general workforce is a basic tenet of establishing an insider risk program. Developing avigilance campaign for your organization is an effective solution. Deploying regular messaging, awareness, and communications materials ensures that the general workforce is prepared to recognize and respond to the insider risk.
Operations Security for Industry & Academia
National OPSEC Program Office - Operations Security (dni.gov)
Toolkits
Counterintelligence Program for Industry & Academia
The National Counterintelligence and Security Center (NCSC) provides resources and best practices for organizations looking to implement counterintelligence (CI) programs. These resources cover various aspects related to CI awareness, risk mitigation, and countering foreign intelligence threats. Please review the following information:
- Enterprise Risk Mitigation Blueprint for Non-Intelligence Agencies: Although geared towards federal agencies, this 2023 brochure from the NCSC provides best practices for any organization looking to implement an enterprise risk mitigation program.
- Countering Foreign Intelligence Threats – Implementation and Best Practices Guide: This job aid gives best practices for implementing a CI Program. It is well-suited for facility security personnel and senior leaders.
- Counterintelligence (CI) Awareness Integration Plan: This job aid provides basic guidelines on setting up a CI program. It addresses universal principles applicable anywhere, not just within the Department of Defense (DOD).
- Understanding Espionage and National Security Crimes: This resource discusses the difference between economic espionage, trade secret theft, and violations related to Export Administration Regulation (EAR) or International Traffic in Arms Regulation (ITAR).
- Computer Security Resource Center Toolkit: The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) toolkit for computer security resources has a wealth of information for incorporating both CI and cyber into a security program. It is more applicable for network administrators and information technology and security personnel.
- Watch & Learn CDSE Counterintelligence Awareness Video Lesson: A four-minute YouTube video that serves as a basic primer on Counterintelligence and Security. It is suited for all facility personnel.
These resources provide valuable insights and best practices for implementing effective counterintelligence measures in both industry and academia.
Academic Resources
The Association of American Universities is composed of America’s leading research universities. AAU’s 65 research universities transform lives through education, research, and innovation. Visit the AAU Science & Security website to learn about their role in protecting research and innovation.
The National Science Foundation is committed to maintaining the integrity of international scientific collaborations. They have developed resources to enhance research security practices that are reliable and adaptive to emerging and evolving threats. Visit the NSF Research Security site for more information.