Related Websites

• State and Consumer Services Agency
• State Chief Information Officer
• CA Highway Patrol
• CA Office of HIPAA Implementation
• CA Office of Homeland Security
• CA Office of Emergency Services

Right Column

Awareness Materials

Overview

Resources to promote information security awareness.

• Information Sheets
• Monthly Newsletters
• Training and Awareness Materials
  

Information Sheets

• Insider Threats Series
  • Information Sheet No. 5, The Hostile Takeover (.pdf, 83k)
• Secure Software Series
  
  • Information Sheet No. 1, Secure Coding Practices (.pdf, 80k)
    
  • Information Sheet No. 2, Software Security Checklists (.pdf, 72k)
    
  • Information Sheet No. 3, Web Application Vulnerabilities: More Than A Mere Nuisance (.pdf, 86k)
    
  • Information Sheet No. 4, Web Service Offerings (.pdf, 85k)

Monthly Newsletters

Cyber security information that state employees may find useful and helpful in their daily work and while computing at home.

• Firewalls - August 2008 (.doc, 781k) Firewalls add a layer of protection by blocking unauthorized and potentially dangerous data from entering your computer or network. Firewalls are especially critical for users who have an “always on” connection to the Internet.
• Web Browser Attacks - July 2008 (.doc, 789k) Web Browsers are vulnerable to attack or exploit. This newsletter provides information on what you can do to protect yourself from Browser attacks.
• Data Breach - June 2008 (.doc, 779k) Would your organization know what to do if a data breach occurred?  This newsletter provides guidance and information regarding data breaches, including information about privacy laws and regulations, and steps to take when a breach occurs.
• Encryption - May 2008 (.doc, 783k) One method of increasing security is through data encryption. This newsletter provides background on encryption and some appropriate considerations for its use.
• Social Engineering - April 2008 (.doc, 763k) Social engineering is an attack approach that relies on the trusting nature of individuals in order to gain access to a target (e.g., information or facility) through misrepresentation.  This newsletter provides examples of social engineering techniques and ways to avoid becoming a victim of such attacks. 
• Annual Maintenance for Computers - March 2008 (.doc, 781k)  Just like an automobile, if not maintained properly, a computer can malfunction and breakdown; the result, a potential loss of important information. This Newsletter provides instructions and guidance for regular computer maintenance to minimize these risks.
• Securing a Wireless Network - February 2008 (.doc, 777k) A wireless network can provide many benefits and conveniences; however, there are just as many risks if not set-up properly. This Newsletter provides instructions for setting up a secure wireless network to minimize the risks.
• Securing Your Laptop - January 2008 (.doc, 776k) The portability of laptops makes them extremely convenient.  However, we must be aware of the security risks associated with the loss or theft of laptops, and take proper precautions to prevent such loss or theft. This Newsletter provides practical tips and instructions to minimize these risks.

• Online Shopping - December 2007 (.doc, 107k) Tis the season for online shopping! However, the ease and convenience of online shopping is not achieved without some risk. This Newsletter explains how to enhance your online shopping experience while minimizing your risk.

• Phishing - November 2007 (.doc, 107k) Phishing is a technique using email or other types of electronic messaging to obtain personal information for fraudulent purposes, such as identity theft. This Newsletter explains what it is and what steps you can take to minimize your risk and how to avoid becoming a victim. 
• Protect Your Child Online - October 2007 (.doc, 219k)
  Children present unique risks when using computers, especially computers connected to the Internet. This Newsletter identifies some simple steps you can take to keep children safe online and a list of resources geared toward protecting children online. 
• Botnets - September 2007 (.doc, 62k)
  Botnets are a significant problem on the Internet. They are a growing source for staging denial of service attacks, stealing personal information for identity theft, and sending out email-based phishing attacks and spam. This Newsletter explains what these are and how you can mitigate the risk.  
• Grid Computing — August 2007 (.doc, 63k)
  Seemingly innocuous, downloading programs which claim to share the unused resources of your computer to assist with scientific research efforts, such as, finding a cure for a disease, or search for extraterrestrial life on other planets, are risky business.  This Newsletter explains the risks, current state policy and why the risk of running these programs on state systems may outweigh the potential benefits. 
• Internet Hoaxes and Urban Legends — August 2007 (.doc, 61k)
  Tired of receiving emails promising get-rich-quick schemes, warnings of major computer meltdowns or images exploiting the latest natural disaster?  These emails are more than just an annoyance; they do have a purpose, which is often malicious.  This Newsletter explains some of the tactics used and provides steps to help stop them from bogging down networks and clogging in boxes. 
• Telecommuting Security Risks — July 2007 (.doc, 55k)
  Telecommuting is used by organizations for a multitude of reasons, including cost and environmental benefits. This Newsletter provides steps that should be taken to address security when telecommuting is implemented.
• Recognizing and Avoiding Spyware — June 2007 (.doc, 62k)
  Spyware is a type of computer program that attaches itself to your operating system, generally without your permission or knowledge.  This month's Newsletter will help you detect, remove and prevent instances of Spyware on your computer.
• Unintended Information Disclosure — May 2007 (.doc, 68k)
  This Newsletter will help you understand what unintended disclosure means and how serious the issue is. It will also outline how your organization’s protected information can become exposed, how you can respond to such an incident, and how you can help prevent such incidents from occurring.
• Security Concerns Regarding Peer To Peer (P2P) File Sharing — April 2007 (.doc, 59k)
  Peer-to-Peer (P2P) networking has become a popular method for sharing files, music, photographs and other information. Although the concept of file sharing seems benign, there are a number of risks associated with P2P.
• Safeguarding Your Data — March 2007 (.doc, 57k)
  How do you safeguard sensitive/confidential data? The manner of protection often depends on what kinds of data you are safeguarding, and how important or sensitive it is to you and your organization.
• Protecting Portable Devices — February 2007 (.doc, 55k)
  These devices are popular and convenient, they are also easily lost or an ideal target for thieves. Learn more tips toprotect both the device and the information contained on the device.
• What is cyberbullying? — January 2007 (.doc, 56k)
  It is a new, and growing, practice of using technology to harass, or bully individuals. Learn some helpful smalls on how you can protect yourself.
• Preventing and Responding to Identity Theft — December 2006 (.doc, 56k)
  Identity theft, or identity fraud, is a crime that can have substantial financial and emotional consequences. Learn some helpful smalls on how you can protect your own personal information.
• Safe Online Shopping — November 2006 (.doc, 53k)
  Shopping online has become more popular and convenience. The following ten tips can help stay secure while doing online shopping.
• Top Ten Cyber Security Tips — October 2006 (.doc, 80k)
  The TOP 10 simple, easy and basic things that everyone can and should do to protect their computer systems and data from harm.
• Staying Safe on Social Networking Sites — September 2006 (.doc, 48k)
  The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so certain precautions should be taken.
• Erasing Information and Disposal of Media — August 2006 (.doc, 48k)
  Protecting confidential and sensitive data from accidental disclosure is very important. We should all strive to properly handle data erasure and the disposal of media.
• How Anonymous Are you? — July 2006 (.doc, 48k)
  What information is collected when you visit a web site? Learn more about the use of cookies.
• Why Cyber Security is Important — June 2006 (.doc, 40k)
  Learn more about the risks and protecting information by preventing, detecting, and responding to attacks.

Training and Awareness Materials

Resources to assist in establishing or enhancing state agency security and privacy programs.

• Protecting Privacy in State Government, Basic Training for State Employees
  PowerPoint Presentation, Self-Training Manual, and Guidelines for the Self-Training Manual produced by the California Office of Privacy Protection.
• Data Classification and Privacy Inventory
  Materials provided to departmental Information Security Officers and others at workshops conducted in November 2005 by the California Office of Privacy Protection.

Multi-State Information Sharing and Analysis Center - Cyber Security Awareness Toolkit

• 2008 Cyber Security Calendar (pdf, 2207k)
• Information Security Awareness Brochure — October 2007 (pdf, 67k)
• Parent Guide to Cyberbullies Brochure — October 2007 (pdf, 110k)
• Internet Safe Kids Pledge — October 2007(pdf, 187k)
• Cyber Security Awareness Posters — October 2007(pdf, 1186k)
• Cyber Security Awareness Bookmarks (Front) — October 2007(pdf, 482k)
• Cyber Security Awareness Bookmarks (Back) — October 2007(pdf, 859k)

Posters

• Laptop Safety Poster — October 2005 (pdf, 610k)
• Email Safety Poster — October 2005 (pdf, 2.9m)

Videos

• 2007 Educause Information Security Videos
  The EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance, and Research Channel sponsored a contest to raise awareness of and increase computer security at colleges and universities. The contest sought videos that explain computer security problems and specific actions college and university students can take to safeguard their computers or personal information. Winning videos were selected for creativity, content, technical quality, and overall effectiveness of delivery and may be used by others to promote security awareness.

Tips

• Top Ten Information Security Practices You Should Know — March 2007 (.pdf, 174k)
  A tri fold brochure that provides sound security practices for all employees to consider.
• Internet Safety — March 2006 (.doc, 63k)
  Tips for protecting yourself online, with a section about reducing the risks associated with internet downloads and music file sharing.
• Wireless Safeguards — July 2005 (.pdf, 24k)
  Manage wireless connections properly at home and at work. If appropriate precautions are not taken, others may be able to gain access to personal information on the wireless device or gain unauthorized access to your wireless network.
• Protecting Laptops and Portable Devices — August 2005 (.pdf, 29k)
  Remember to protect your laptop, PDA, blackberry, and other devices that store or contain data. Thefts of portable computing devices continue to rise. Don't leave your portable equipment in visible places, including on the tabletop at the local coffeehouses! A competent thief can make them disappear in an instant. DO NOT store personal, sensitive or confidential information on your portable equipment unless the data is encrypted, and make sure the data is backed up.
• CHP Tips for Security Incident Do's and Don'ts
  The California Highway Patrol's (CHP) Computer Crimes Investigation Unit shares security incident response do's and don'ts and provides other security tips.

---

The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.