Cyber Threat Level
Right Column
Overview
Forms and Tools
These resources provide a centralized location for easy access to mandated forms. It also provides state agencies a collection of tools to assist in meeting requirements and in building effective information security programs.
Forms
Forms state agencies must complete to be in compliance with the State Administrative Manual (SAM).
Tools
Recommended resources to assist state agencies in complying with requirements and in building effective information security programs.
Forms
Security Incident Report
The Report is due to the California Office of Information Security (Office) when an information security incident occurs. See SAM Section 5350.
| TOPIC | SECTION |
| Agency Security Incident Report (.doc, 103k) | 65C |
Agency Designation Letter
The Letter provides our office with an agency contact for Information Security Officers and Operational Recovery Coordinators. It is due by January 31st of each year or within 10 business days if changes occur. See SAM Section 5360.1.
| TOPIC | SECTION |
| Agency Designation Letter (.doc, 90k) | 70A |
Operational Recovery Plan (ORP) Certification
Agencies may file this Certification every other year, in place of a full ORP, when no significant changes have occurred since the last full ORP submission. See SAM Section 5350.
| TOPIC | SECTION |
| Agency Operational Recovery Plan Certification (.doc, 30k) | 70B |
Agency Risk Management and Privacy Program Compliance Certification
The signed Certification acknowledges that each state agency is in compliance with policy governing risk management and privacy requirements as defined in SAM Section 5305.2, Government Code Section 11019.9, and the Information Practices Act (Civil Code Section 1798 et seq.). The Certification is due by January 31st of each year. See SAM Section 5350.
| TOPIC | SECTION |
| Agency Risk Management and Privacy Program Compliance Certification (.doc, 56k) | 70C |
Agency Disaster Recovery Plan Transmittal Letter and Cross Reference Worksheet
Agencies must submit this transmittal letter with their DRP submission. Use of the Cross Reference Worksheet is optional if the DRP submission follows the SIMM 65A format.
| TOPIC | SECTION |
| Agency Disaster Recovery Plan Transmittal Letter and Cross Reference Worksheet (.doc, 123k) | 70D |
Tools
Information Security Incident Notification and Reporting
Information Security Incident Notification Roadmap for Information Security Officers
The information in this brochure can be used as a quick reference guide on incident reporting, laws, and regulations related to security and privacy.
| TOPIC | PUBLISHED DATE |
| Information Security Incident Notification Roadmap for Information Security Officers (.pdf, 485k) | September 2007 |
Other Resources
Developing Internal Notification and Reporting Procedures
Guidance for developing and/or updating your agency's internal notification and reporting procedures.
Operational Recovery
Operational Recovery Documentation for Agencies Preparation Instructions
This document identifies ten (10) sections that describe the minimum requirements that an agency must include as components of its Operational Recovery Plan.
| TOPIC | SECTION |
| Operational Recovery Documentation for Agencies Preparation Instructions (.pdf, 218k) | 65A |
Comparison Chart – Existing ORP Requirement and Revised and New Components
The Chart identifies the existing ORP requirements found in SAM Section 5355 and SIMM 140A, with the revisions and new components .
| TOPIC | PUBLISHED DATE |
| ORP Comparison Chart– Existing ORP Requirement and Revised and New Components (.doc, 92k) | January 2007 |
Power Point Presentation
The presentation provides an overview of the ORP requirements identified in Budget Letter 07-03, SAM Section 5355, and SIMM 65A.
| TOPIC | PUBLISHED DATE |
| Power Point Presentation (.ppt, 231k) | May 2007 |
Other Resources
| TOPIC |
| Office of Emergency Services (OES) Training Curriculum for Disaster Preparedness |
| OES Disaster Preparedness Exercise Program |
Risk Management
Information Technology Security Program Guideline
This Guideline can be a valuable tool in assisting state agencies to implement, or those who seek to improve, their information security programs. The Guideline's components provide a framework that enables secure communications and appropriate protection of information resources within the State of California government.
| TOPIC | PUBLISHED DATE |
| Information Security Program Guide for State Agencies (.pdf, 277k) | April 2008 |
These are tools for agencies to use in identifying information security risks and to help mitigate the issues.
Training and Awareness
| TOPIC | PUBLISHED DATE |
| Self Training Manual and Guidelines for Protecting Privacy in State Government | March 2007 |
| Awareness Tools | Various |
The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.
