Related Websites

• State and Consumer Services Agency
• State Chief Information Officer
• CA Highway Patrol
• CA Office of Health Information Integrity
• CA Office of Homeland Security
• CA Office of Emergency Services

Right Column

Awareness Materials

Overview

Resources to promote information security awareness.

• Information Sheets
• Monthly Newsletters
• Training and Awareness Materials
• Multi-State Information Sharing and Analysis Center - Cyber Security Awareness Toolkit
• Posters
• Videos
• Tips

Information Sheets

• Access Control Series
  • Information Sheet No. 6, Telework Security Considerations (.pdf, 71k)
  • Information Sheet No. 7, Does Your Agency Implement Forced Password Changes (pdf, 67k)
• Insider Threats Series
  • Information Sheet No. 5, The Hostile Takeover (.pdf, 83k)
• Secure Software Series
  
  • Information Sheet No. 1, Secure Coding Practices (.pdf, 80k)
    
  • Information Sheet No. 2, Software Security Checklists (.pdf, 72k)
    
  • Information Sheet No. 3, Web Application Vulnerabilities: More Than A Mere Nuisance (.pdf, 86k)
    
  • Information Sheet No. 4, Web Service Offerings (.pdf, 85k)

Monthly Newsletters

Cyber security information that state employees may find useful and helpful in their daily work and while computing at home.

• Pop-Ups - December 2008 (.doc, 777k) What pop-ups are and what you can do to keep them from affecting the security of your computer and data.
• Internet Shopping - November 2008 (.doc, 790k) While online shopping can be convenient and time-saving, you must shop smart and take precautions to mitigate the risks.
• Phishing - October 2008 (.doc, 784k)  The newsletter expands upon the material and recommendations from the November 2007 newsletter.  October is National Cyber Security Awareness Month.
• Personal Privacy - September 2008 (.doc, 793k) Personal information has become a frequent target for data thieves and the volume of breaches involving personal information continues to grow. According to the Privacy Rights Clearinghouse, there have been more than 240 million records containing sensitive personal information involved in security breaches to-date nationally.
• Firewalls - August 2008 (.doc, 781k) Firewalls add a layer of protection by blocking unauthorized and potentially dangerous data from entering your computer or network. Firewalls are especially critical for users who have an “always on” connection to the Internet.
• Web Browser Attacks - July 2008 (.doc, 789k) Web Browsers are vulnerable to attack or exploit. This newsletter provides information on what you can do to protect yourself from Browser attacks.
• Data Breach - June 2008 (.doc, 779k) Would your organization know what to do if a data breach occurred?  This newsletter provides guidance and information regarding data breaches, including information about privacy laws and regulations, and steps to take when a breach occurs.
• Encryption - May 2008 (.doc, 783k) One method of increasing security is through data encryption. This newsletter provides background on encryption and some appropriate considerations for its use.
• Social Engineering - April 2008 (.doc, 763k) Social engineering is an attack approach that relies on the trusting nature of individuals in order to gain access to a target (e.g., information or facility) through misrepresentation.  This newsletter provides examples of social engineering techniques and ways to avoid becoming a victim of such attacks. 
• Annual Maintenance for Computers - March 2008 (.doc, 781k)  Just like an automobile, if not maintained properly, a computer can malfunction and breakdown; the result, a potential loss of important information. This Newsletter provides instructions and guidance for regular computer maintenance to minimize these risks.
• Securing a Wireless Network - February 2008 (.doc, 777k) A wireless network can provide many benefits and conveniences; however, there are just as many risks if not set-up properly. This Newsletter provides instructions for setting up a secure wireless network to minimize the risks.
• Securing Your Laptop - January 2008 (.doc, 776k) The portability of laptops makes them extremely convenient.  However, we must be aware of the security risks associated with the loss or theft of laptops, and take proper precautions to prevent such loss or theft. This Newsletter provides practical tips and instructions to minimize these risks.

• Online Shopping - December 2007 (.doc, 107k) Tis the season for online shopping! However, the ease and convenience of online shopping is not achieved without some risk. This Newsletter explains how to enhance your online shopping experience while minimizing your risk.

• Phishing - November 2007 (.doc, 107k) Phishing is a technique using email or other types of electronic messaging to obtain personal information for fraudulent purposes, such as identity theft. This Newsletter explains what it is and what steps you can take to minimize your risk and how to avoid becoming a victim. 
• Protect Your Child Online - October 2007 (.doc, 219k)
  Children present unique risks when using computers, especially computers connected to the Internet. This Newsletter identifies some simple steps you can take to keep children safe online and a list of resources geared toward protecting children online. 
• Botnets - September 2007 (.doc, 62k)
  Botnets are a significant problem on the Internet. They are a growing source for staging denial of service attacks, stealing personal information for identity theft, and sending out email-based phishing attacks and spam. This Newsletter explains what these are and how you can mitigate the risk.  
• Grid Computing — August 2007 (.doc, 63k)
  Seemingly innocuous, downloading programs which claim to share the unused resources of your computer to assist with scientific research efforts, such as, finding a cure for a disease, or search for extraterrestrial life on other planets, are risky business.  This Newsletter explains the risks, current state policy and why the risk of running these programs on state systems may outweigh the potential benefits. 
• Internet Hoaxes and Urban Legends — August 2007 (.doc, 61k)
  Tired of receiving emails promising get-rich-quick schemes, warnings of major computer meltdowns or images exploiting the latest natural disaster?  These emails are more than just an annoyance; they do have a purpose, which is often malicious.  This Newsletter explains some of the tactics used and provides steps to help stop them from bogging down networks and clogging in boxes. 
• Telecommuting Security Risks — July 2007 (.doc, 55k)
  Telecommuting is used by organizations for a multitude of reasons, including cost and environmental benefits. This Newsletter provides steps that should be taken to address security when telecommuting is implemented.
• Recognizing and Avoiding Spyware — June 2007 (.doc, 62k)
  Spyware is a type of computer program that attaches itself to your operating system, generally without your permission or knowledge.  This month's Newsletter will help you detect, remove and prevent instances of Spyware on your computer.
• Unintended Information Disclosure — May 2007 (.doc, 68k)
  This Newsletter will help you understand what unintended disclosure means and how serious the issue is. It will also outline how your organization’s protected information can become exposed, how you can respond to such an incident, and how you can help prevent such incidents from occurring.
• Security Concerns Regarding Peer To Peer (P2P) File Sharing — April 2007 (.doc, 59k)
  Peer-to-Peer (P2P) networking has become a popular method for sharing files, music, photographs and other information. Although the concept of file sharing seems benign, there are a number of risks associated with P2P.
• Safeguarding Your Data — March 2007 (.doc, 57k)
  How do you safeguard sensitive/confidential data? The manner of protection often depends on what kinds of data you are safeguarding, and how important or sensitive it is to you and your organization.
• Protecting Portable Devices — February 2007 (.doc, 55k)
  These devices are popular and convenient, they are also easily lost or an ideal target for thieves. Learn more tips toprotect both the device and the information contained on the device.
• What is cyberbullying? — January 2007 (.doc, 56k)
  It is a new, and growing, practice of using technology to harass, or bully individuals. Learn some helpful smalls on how you can protect yourself.
• Preventing and Responding to Identity Theft — December 2006 (.doc, 56k)
  Identity theft, or identity fraud, is a crime that can have substantial financial and emotional consequences. Learn some helpful smalls on how you can protect your own personal information.
• Safe Online Shopping — November 2006 (.doc, 53k)
  Shopping online has become more popular and convenience. The following ten tips can help stay secure while doing online shopping.
• Top Ten Cyber Security Tips — October 2006 (.doc, 80k)
  The TOP 10 simple, easy and basic things that everyone can and should do to protect their computer systems and data from harm.
• Staying Safe on Social Networking Sites — September 2006 (.doc, 48k)
  The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so certain precautions should be taken.
• Erasing Information and Disposal of Media — August 2006 (.doc, 48k)
  Protecting confidential and sensitive data from accidental disclosure is very important. We should all strive to properly handle data erasure and the disposal of media.
• How Anonymous Are you? — July 2006 (.doc, 48k)
  What information is collected when you visit a web site? Learn more about the use of cookies.
• Why Cyber Security is Important — June 2006 (.doc, 40k)
  Learn more about the risks and protecting information by preventing, detecting, and responding to attacks.

Training and Awareness Materials

Resources to assist in establishing or enhancing state agency security and privacy programs.

• Protecting Privacy in State Government, Basic Training for State Employees
  PowerPoint Presentation, Self-Training Manual, and Guidelines for the Self-Training Manual produced by the California Office of Privacy Protection.
• Data Classification and Privacy Inventory
  Materials provided to departmental Information Security Officers and others at workshops conducted in November 2005 by the California Office of Privacy Protection.

Multi-State Information Sharing and Analysis Center - Cyber Security Awareness Toolkit

• 2009 Cyber Security Calendar (pdf, 23mb)
• Cyber Security Awareness Brochure — August 2008 (pdf, 84k)
• Parent Guide to Cyberbullies Brochure — August 2008 (pdf, 128k)
• Social Networking Brochure — August 2008 (pdf, 139k)
• Internet Safe Kids Pledge — August 2008 (pdf, 210k)
• Cyber Security Awareness Posters — August 2008 (pdf, 4mb)
• Cyber Security Awareness Bookmarks — August 2008 (pdf, 482k)
  • Avoid Phishing (pdf, 561k)
  • Dispose of Information Properly (pdf, (449k)
  • Keep Sensitive Data Secure (pdf, 434k)
  • Protect Portable Devices (pdf, 508k)
• Instructions for Printing and Customized Branding

Posters

• Laptop Safety Poster — October 2005 (pdf, 610k)
• Email Safety Poster — October 2005 (pdf, 2.9m)

Videos

• 2007 Educause Information Security Videos
  The EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance, and Research Channel sponsored a contest to raise awareness of and increase computer security at colleges and universities. The contest sought videos that explain computer security problems and specific actions college and university students can take to safeguard their computers or personal information. Winning videos were selected for creativity, content, technical quality, and overall effectiveness of delivery and may be used by others to promote security awareness.

Tips

• Top Ten Information Security Practices You Should Know — November 2008 (.pdf, 174k)
  A tri fold brochure that provides sound security practices for all employees to consider.
• Top Ten Cyber Security Tips — October 2006 (.doc, 88k)
  The TOP 10 simple, easy and basic things that everyone can and should do to protect their computer systems and data from harm.
• Securing a Wireless Network — February 2008 (.doc, 779k)
  A wireless network can provide many benefits and conveniences; however, there are just as many risks if not set-up properly. Instructions for setting up a secure wireless network to minimize the risks.
• Securing your Laptop — January 2008 (.doc, 772k)
  The portability of laptops makes them extremely convenient. However, we must be aware of the security risks associated with the loss or theft of laptops, and take proper precautions to prevent such loss or theft. This Newsletter provides practical tips and instructions to minimize these risks.
• CHP Tips for Security Incident Do's and Don'ts
  The California Highway Patrol's (CHP) Computer Crimes Investigation Unit shares security incident response do's and don'ts and provides other security tips.

---

The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.