Local Government

For Elected Officials, Administrative Officials and Business Managers:

NYS Office of the State Comptroller Local Government Management Guide - Information Technology Governance

Cyber Security Guides

Brief, practical references intended for smaller entities that may not have the technology or information security expertise of other entities and therefore need a basic "how to get started" resource. The Guides provide a general overview of issues, and is particularly helpful for increasing the information security awareness level of those local government staff in non-technical positions (such as elected officials and administrators). The Cyber Security: Getting Started Guide is supplemented by a series of appendices which cover specific topics in more depth. (Click the images below to access the pdf file)


Incident GuideRisk GuideGetting Started GuideCredit Card Guide

Firewall GuideInternet GuideErase GuideBackup Guide


In recognition of October Cyber Security Awareness Month, the Enterprise Information Security Office, in partnership with the NYS Cyber Security Local Government Committee (NYS Association of Towns, NY Conference of Mayors and Municipalities, Digital Towpath, NYS Local Government Information Technology Directors Association, NYS Government Finance Officers' Association, NYS Town Clerks Association, NY Association of Local Government Records Officers, NYS Office of the State Comptroller) hosted a webinar for local government officials. Deborah Snyder, Chief Information Security Officer, provided a non-technical overview of cyber security concerns and attacks, how government data can be at risk, how attacks threaten fiscal and fiduciary responsibilities, and what local government officials can do to mitigate the risk.

Approximately 200 local government officials across the state registered for the event.

View the archived recording


  • Monthly Tips Newsletters

    Download a monthly newsletter, add your logo and pass these easy-to-understand tips to your employees.

Education and Awareness Materials

Cyber Security Awareness Toolkit: An Awareness Toolkit was created for State and local governments.  The toolkit is designed to promote the delivery of a consistent cyber security awareness message by reinforcing core themes in practical, informative, entertaining, and usable ways.  Everyone is encouraged to take advantage of the following resources and use the information to promote cyber security awareness. Toolkit items include posters, calendars, bookmarks and other awareness material for download.

    Training Courses:

    Check back here regularly for updated listings of available trainings and valuable resources.

    Please Note: The NYS Office of Information Technology Services (ITS) is not responsible for the quality, merchantability and fitness for a particular purpose of products or services available on external sites and listed or described on our menu; nor is the NYS Office of Information Technology Services (ITS) - Cyber Security Events/Training site responsible for the accuracy, reliability or currency of the information contained on the website and supplied by external sources.

    NYS Cyber Security Conference

    June 8-9, 2021- Virtual Event

    Past Presentations

    Local Government Cyber Security Toolkit Training - Recording Available

    On June 7, 2018 a three hour training was delivered at the 21st annual New York State Cyber Security Conference.  This training offered actionable guidance to improve local government security practices by providing a review of "Cyber Security Toolkit" resources and services available from state agencies and partner organizations, including election systems specific resources.  Best practices and controls to lower risk for IT systems was also presented. A recording of the training is available to be viewed at your convenience.  

    Recorded sessions for local government officials:

    Local Government Cyber Security Toolkit

    The toolkit features practical information, risk assessment tools and guidance to help local government minimize cyber risk, and increase cyber security awareness. 

    Toolkit materials include:

    Asset Inventory Guidance and Templates - to help identify critical information assets for risk assessment  


    Critical Security Controls Assessment Framework and User Guide - to assist with evaluating, prioritizing and tracking the 20 security measures that reduce the risk of the most pervasive and dangerous cyber-threats. For more information, or to request access to the tool, please contact the Chief Information Security Office by email: [email protected] 

    Application Risk Assessment Tool - The application risk assessment package helps to identify and evaluate application system risk and prioritize remediation efforts in a standardized manner.  This tool will walk you through a series of questions and provide a set of reports with risk scores for each application system evaluated. For more information, or to request access to the tool, please contact the Chief Information Security Office by email: [email protected] 

    Secure System Development Life Cycle (SSDLC) Resources - to help define security requirements and tasks that should be addressed during the creation or updating of business systems


    New York State Information and Cyber Security Awareness Training - this training was designed for New York State employees and is being made available to NYS local government to assist them in their efforts to increase the cyber security awareness among their workforce.


    New York State Cyber Security Policies, Standards and Guidelines -  that can serve as a template for local government policy, standards and practices


    NYS Chief Information Security Policies and Standards Smart Sheet

    Registration for Multi-State Information Sharing and Analysis (MS-ISAC) membership -  to allow access to associated cyber resources and services.  MS-ISAC is a focal point for cyber security resources and election-infrastructure cyber security guidance for state, local territory and tribal (SLTT) governments.