Topics on this page
- Information Sheets
- Monthly Newsletters
- Training and Awareness Materials
- Multi-State Information Sharing and Analysis Center
Access Control Series
- Information Sheet No. 6, Telework Security Considerations (.pdf, 71k)
- Information Sheet No. 7, Does Your Agency Implement Forced Password Changes (pdf, 67k)
- Information Sheet No. 8, Refresher Course on Password Use (.pdf, 70k)
- Information Sheet No. 9, Security Considerations for Multi-Function Devices (.pdf, 135k) [Updated June 1, 2010]
Communications and Operations Management Series
- Information Sheet No. 10, Securing the PBX – Security Considerations for PBX/Phone Systems (.pdf, 44k)
Insider Threats Series
- Information Sheet No. 5, The Hostile Takeover (.pdf, 83k)
Secure Software Series
- Information Sheet No. 1, Secure Coding Practices (.pdf, 80k)
- Information Sheet No. 2, Software Security Checklists (.pdf, 72k)
- Information Sheet No. 3, Web Application Vulnerabilities: More Than A Mere Nuisance (.pdf, 86k)
- Information Sheet No. 4, Web Service Offerings (.pdf, 85k)
Cyber security information that state employees may find useful and helpful in their daily work and while computing at home.
- Managing Your Digital Footprint: Think Before You Post – July 2012 (.doc, 110k): Digital footprint refers to the compilation of content on the Internet that can be associated with you and, thus, potentially available by anyone performing a search on you. The list of possible content visible online is endless: your family videos on YouTube, your comments on a news article or blog, vacation photos on Flickr, your posts on Facebook and Twitter. This Newsletter provides tips on how you can help minimize your online exposure and possibly reduce the risk of identity theft.
- Social Engineering: You are at Risk! – June 2012 (.doc, 113k): There are many ways that a perpetrator might try to gain access to information or systems through social engineering. This Newsletter provides some examples of social engineering methods along with suggestions to minimize the likelihood that such methods will be successful against you.
- Creating a Cyber Secure Environment at Home – May 2012 (.doc, 115k): You can create a more secure environment at home by implementing similar cyber security strategies to your workplace. This Newsletter provides cyber security policies, processes, and technologies that you can implement to create a more cyber-secure environment at home.
- Creating a Secure Password – April 2012 (.doc, 113k): Your password is more than just a key to your computer or online account. It is a gateway to all of your important information. If your password falls into the wrong hands, a cyber-criminal can impersonate you online, access your bank or credit card accounts, sign your name to online service agreements or contracts, engage in financial transactions, or change your account information. This Newsletter provides recommendations on how to create a secure password and provides steps on how to protect it.
- Mobile Apps: How to Use Them Safely – March 2012 (.doc, 117k): The use of mobile applications (apps) is increasing in parallel with the increased use in mobile devices; therefore, hackers are quickly learning how to harvest legitimate apps and repackage them with malicious code before selling or offering them on various channels. This Newsletter identifies the steps users can take to minimize risk when it comes to using mobile device apps.
- Securing Your Web Browser – February 2012 (.doc, 115k): Web browsers are primary tools for interacting with the Internet, thus, making them prime targets for cyber attacks. This Newsletter outlines the risks and steps you can take to help minimize the likelihood of a successful attack.
- Cyber Security Emerging Trends and Threats for 2012 - January 2012 (.doc, 117k): During 2011, cyber security incidents included theft of intellectual property and government data, hacktivism, malware targeting mobile devices and a resurgence of the Zeus Trojan. Protecting against these attacks was a key challenge for organizations of all sizes in both the public and private sectors. This Newsletter identifies some of the challenges we can expect during the next 12 months and provides cyber security practices users and organizations can use to help defend against the myriad of challenges and mitigate potential impacts of incidents.
Resources to assist in establishing or enhancing state agency security and privacy programs.
- Protecting Privacy in State Government, Basic Training for State Employees
PowerPoint Presentation, Self-Training Manual, and Guidelines for the Self-Training Manual produced by the California Office of Privacy Protection.
- Data Classification and Privacy Inventory (ppt)
Materials provided to departmental Information Security Officers and others at workshops conducted in November 2005 by the California Office of Privacy Protection.
- United States Department of Defense
- Texas Engineering Extension Service (TEEX)
Oriented primarily for information technology professionals (previously Act Online).
- 2010-2014 MS-ISAC Toolkits
- 2005–2009 MS-ISAC Cyber Security Toolkits
- MS-ISAC Cyber Security Tips Newsletters
- Educause Information Security Videos
The EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance, and Research Channel sponsored a contest to raise awareness of and increase computer security at colleges and universities. The contest sought videos that explain computer security problems and specific actions college and university students can take to safeguard their computers or personal information. Winning videos were selected for creativity, content, technical quality, and overall effectiveness of delivery and may be used by others to promote security awareness.
- Top 25 Most Dangerous Programming Errors - And How to Fix Them (January 2009)
- Top Ten Information Security Practices You Should Know — November 2008 (.pdf, 174k)
A tri fold brochure that provides sound security practices for all employees to consider.
- Top Ten Cyber Security Tips — October 2006 (.doc, 88k)
The TOP 10 simple, easy and basic things that everyone can and should do to protect their computer systems and data from harm.
- Securing a Wireless Network — February 2008 (.doc, 779k)
A wireless network can provide many benefits and conveniences; however, there are just as many risks if not set-up properly. Instructions for setting up a secure wireless network to minimize the risks.
- Securing your Laptop — January 2008 (.doc, 772k)
The portability of laptops makes them extremely convenient. However, we must be aware of the security risks associated with the loss or theft of laptops, and take proper precautions to prevent such loss or theft. This Newsletter provides practical tips and instructions to minimize these risks.
- CHP Tips for Security Incident Do's and Don'ts
The California Highway Patrol's (CHP) Computer Crimes Investigation Unit shares security incident response do's and don'ts and provides other security tips.
The California Information Security Office website contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.
Cyber Threat Level
- California Security Jumpstart
- California IT Directory
- Forms and Tools
- Policy (SAM /SIMM /MM /BL /TL /Compliance)
- Really Simple Syndication (RSS) Feeds
- Samples and Templates
- California Military Department
- California Government Operations Agency
- California Department of Technology
- California Highway Patrol
- California Governor's Office of Emergency Services
- State of California Office of Health Information Integrity
- Department of Justice´s Privacy Enforcement and Protection Unit