For Elected Officials, Administrative Officials and Business Managers:
The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security State Homeland Security Program (SHSP) grant from FY 2007. The objective of the project was to perform vulnerability scans of New York local governments' networks, compile scan results, and recommend mitigation methods, techniques, and procedures based on an analysis of the scan results.
Cyber Security Guides
Brief, practical references intended for smaller entities that may not have the technology or information security expertise of other entities and therefore need a basic "how to get started" resource. The Guides provide a general overview of issues, and is particularly helpful for increasing the information security awareness level of those local government staff in non-technical positions (such as elected officials and administrators). The Cyber Security: Getting Started Guide is supplemented by a series of appendices which cover specific topics in more depth. (Click the images below to access the pdf file)
In recognition of October Cyber Security Awareness Month, the Enterprise Information Security Office, in partnership with the NYS Cyber Security Local Government Committee (NYS Association of Towns, NY Conference of Mayors and Municipalities, Digital Towpath, NYS Local Government Information Technology Directors Association, NYS Government Finance Officers' Association, NYS Town Clerks Association, NY Association of Local Government Records Officers, NYS Office of the State Comptroller) hosted a webinar for local government officials. Deborah Snyder, Chief Information Security Officer, provided a non-technical overview of cyber security concerns and attacks, how government data can be at risk, how attacks threaten fiscal and fiduciary responsibilities, and what local government officials can do to mitigate the risk.
Approximately 200 local government officials across the state registered for the event.
- Monthly Tips Newsletters
Download a monthly newsletter, add your logo and pass these easy-to-understand tips to your employees.
Education and Awareness Materials
Cyber Security Awareness Toolkit: An Awareness Toolkit was created for State and local governments. The toolkit is designed to promote the delivery of a consistent cyber security awareness message by reinforcing core themes in practical, informative, entertaining, and usable ways. Everyone is encouraged to take advantage of the following resources and use the information to promote cyber security awareness. Toolkit items include posters, calendars, bookmarks and other awareness material for download.
Check back here regularly for updated listings of available trainings.
- New York State Information and Cyber Security Awareness Training
- National Computer Forensics Institute (NCFI)
- DHS/FEMA Certified Cyber Security Training
- SANS Webcast
- U.S. Cyber Challenge
- FedVTE Cyber Security Courses
- Cybrary - Security Skills Training
- CERIAS Training and Awareness
- Information Classification Video
- Cyber Security User Awareness Videos
- Cyber Security Training Videos for Business Managers
- Information Classification Training
The New York State Information Classification Standard and Information Security Controls Standard provide a process for all State agencies to classify their information and apply appropriate controls. The Standards and training provide best practices for local governments as well.
- Cyber Security Videos for Home Users
Please Note: The NYS Office of Information Technology Services (ITS) is not responsible for the quality, merchantability and fitness for a particular purpose of products or services available on external sites and listed or described on our menu; nor is the NYS Office of Information Technology Services (ITS) - Cyber Security Events/Training site responsible for the accuracy, reliability or currency of the information contained on the website and supplied by external sources.
NYS Cyber Security Conference
Local Government Cyber Security Toolkit Training - Recording Available
On June 7, 2018 a three hour training was delivered at the 21st annual New York State Cyber Security Conference. This training offered actionable guidance to improve local government security practices by providing a review of "Cyber Security Toolkit" resources and services available from state agencies and partner organizations, including election systems specific resources. Best practices and controls to lower risk for IT systems was also presented. A recording of the training is available to be viewed at your convenience.
Recorded sessions for local government officials:
- Keeping Your Local Government Running: Part I
Experience with Helping Local Governments Develop Cyber Security and Continuity Plans and Procedures
Presented by: Stan France & Mary Ball, Schoharie County (58 minutes, 25 seconds)
- Keeping Your Local Government Running: Part II
Developing Your Own Local Government Cyber Security Plans
Presented by: Stan France & Mary Ball, Schoharie County (62 minutes, 43 seconds)
Bi-monthly National Webcast Initiative
Watch or listen to a cyber security expert talk about issues important to you. Miss a session? Catch it again on an archived session.
Local Government Cyber Security Toolkit
The toolkit features practical information, risk assessment tools and guidance to help local government minimize cyber risk, and increase cyber security awareness.
Toolkit materials include:
Critical Security Controls Assessment Framework and User Guide - to assist with evaluating, prioritizing and tracking the 20 security measures that reduce the risk of the most pervasive and dangerous cyber-threats. For more information, or to request access to the tool, please contact the Chief Information Security Office by email: [email protected]
Application Risk Assessment Tool - The application risk assessment package helps to identify and evaluate application system risk and prioritize remediation efforts in a standardized manner. This tool will walk you through a series of questions and provide a set of reports with risk scores for each application system evaluated. For more information, or to request access to the tool, please contact the Chief Information Security Office by email: [email protected]
Secure System Development Life Cycle (SSDLC) Resources - to help define security requirements and tasks that should be addressed during the creation or updating of business systems
New York State Information and Cyber Security Awareness Training - this training was designed for New York State employees and is being made available to NYS local government to assist them in their efforts to increase the cyber security awareness among their workforce.
New York State Cyber Security Policies, Standards and Guidelines - that can serve as a template for local government policy, standards and practices
Registration for Multi-State Information Sharing and Analysis (MS-ISAC) membership - to allow access to associated cyber resources and services. MS-ISAC is a focal point for cyber security resources and election-infrastructure cyber security guidance for state, local territory and tribal (SLTT) governments.