Local Government

For Elected Officials, Administrative Officials and Business Managers:


NYS Office of the State Comptroller Local Government Management Guide - Information Technology Governance

NYS Local Government Vulnerability Scanning Project

The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security State Homeland Security Program (SHSP) grant from FY 2007. The objective of the project was to perform vulnerability scans of New York local governments' networks, compile scan results, and recommend mitigation methods, techniques, and procedures based on an analysis of the scan results.


Cyber Security Guides

Brief, practical references intended for smaller entities that may not have the technology or information security expertise of other entities and therefore need a basic "how to get started" resource. The Guides provide a general overview of issues, and is particularly helpful for increasing the information security awareness level of those local government staff in non-technical positions (such as elected officials and administrators). The Cyber Security: Getting Started Guide is supplemented by a series of appendices which cover specific topics in more depth. (Click the images below to access the pdf file)

 

Incident GuideRisk GuideGetting Started GuideCredit Card Guide

Firewall GuideInternet GuideErase GuideBackup Guide

NYS Local Government Vulnerability Scanning Project

The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security State Homeland Security Program (SHSP) grant from FY 2007. The objective of the project was to perform vulnerability scans of New York local governments' networks, compile scan results, and recommend mitigation methods, techniques, and procedures based on an analysis of the scan results.


Webinars

In recognition of October Cyber Security Awareness Month, the Enterprise Information Security Office, in partnership with the NYS Cyber Security Local Government Committee (NYS Association of Towns, NY Conference of Mayors and Municipalities, Digital Towpath, NYS Local Government Information Technology Directors Association, NYS Government Finance Officers' Association, NYS Town Clerks Association, NY Association of Local Government Records Officers, NYS Office of the State Comptroller) hosted a webinar for local government officials. Deborah Snyder, Deputy Chief Information Security Officer, provided a non-technical overview of cyber security concerns and attacks, how government data can be at risk, how attacks threaten fiscal and fiduciary responsibilities, and what local government officials can do to mitigate the risk.

Approximately 200 local government officials across the state registered for the event.

View the archived recording

Articles

Newsletters

  • Monthly Tips Newsletters

    Download a monthly newsletter, add your logo and pass these easy-to-understand tips to your employees.

White Papers and Reports

Education and Awareness Materials



Cyber Security Awareness Toolkit: An Awareness Toolkit was created for State and local governments.  The toolkit is designed to promote the delivery of a consistent cyber security awareness message by reinforcing core themes in practical, informative, entertaining, and usable ways.  Everyone is encouraged to take advantage of the following resources and use the information to promote cyber security awareness. Toolkit items include posters, calendars, bookmarks and other awareness material for download.

    Training Courses:

    Check back here regularly for updated listings of available trainings.

    Training Videos:

    Please Note: The NYS Office of Information Technology Services (ITS) is not responsible for the quality, merchantability and fitness for a particular purpose of products or services available on external sites and listed or described on our menu; nor is the NYS Office of Information Technology Services (ITS) - Cyber Security Events/Training site responsible for the accuracy, reliability or currency of the information contained on the website and supplied by external sources.

    NYS Cyber Security Conference

    Past Presentations

    Local Government Cyber Security Toolkit Training - Recording Available

    On June 7, 2018 a three hour training was delivered at the 21st annual New York State Cyber Security Conference.  This training offered actionable guidance to improve local government security practices by providing a review of "Cyber Security Toolkit" resources and services available from state agencies and partner organizations, including election systems specific resources.  Best practices and controls to lower risk for IT systems was also presented. A recording of the training is available to be viewed at your convenience.  

    Recorded sessions for local government officials:

    Bi-monthly National Webcast Initiative

    Watch or listen to a cyber security expert talk about issues important to you. Miss a session? Catch it again on an archived session.

    Local Government Cyber Security Toolkit

    The toolkit features practical information, risk assessment tools and guidance to help local government minimize cyber risk, and increase cyber security awareness. 

    Toolkit materials include:

    Asset Inventory Guidance and Templates - to help identify critical information assets for risk assessment   Asset Inventory Template Asset Inventory Guidance

    Critical Security Controls Assessment Framework and User Guide - to assist with evaluating, prioritizing and tracking the 20 security measures that reduce the risk of the most pervasive and dangerous cyber-threats. For more information, or to request access to the tool, please contact the Chief Information Security Office by email: [email protected] 

    Application Risk Assessment Tool - The application risk assessment package helps to identify and evaluate application system risk and prioritize remediation efforts in a standardized manner.  This tool will walk you through a series of questions and provide a set of reports with risk scores for each application system evaluated. For more information, or to request access to the tool, please contact the Chief Information Security Office by email: [email protected] 

    Secure System Development Life Cycle (SSDLC) Resources - to help define security requirements and tasks that should be addressed during the creation or updating of business systems

    https://its.ny.gov/secure-system-development-life-cycle-standard

    New York State Information and Cyber Security Awareness Training - this training was designed for New York State employees and is being made available to NYS local government to assist them in their efforts to increase the cyber security awareness among their workforce.

    https://its.ny.gov/eiso/awareness-training

    New York State Cyber Security Policies, Standards and Guidelines -  that can serve as a template for local government policy, standards and practices

    https://its.ny.gov/tables/technologypolicyindex

    Registration for Multi-State Information Sharing and Analysis (MS-ISAC) membership -  to allow access to associated cyber resources and services.  MS-ISAC is a focal point for cyber security resources and election-infrastructure cyber security guidance for state, local territory and tribal (SLTT) governments.

    https://learn.cisecurity.org/ms-isac-registration

    IT Services Available for Local Governments - ITS provides services across New York State government, and is pleased to also offer select shared services to help meet the needs of local governments. 

    Local Government Shared Services Overview