Cybersecurity Tip of the Week

Use Unique Passwords

Make sure each of your accounts has a separate, unique password. By using different passwords for each of your accounts if one of them is compromised, the others remain secure. If you can't remember all of your passwords consider using a password manager to securely store all of them for you. Learn more here.


Red exclamation point in a red circle

Latest Information Security Alerts and Advisories

CIS Advisory 2015-116 - Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution

CIS Advisory 2015-115 - Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR Could Allow for Remote Code Execution (APSB15-23)

CIS Advisory 2015-114 - Multiple vulnerabilites in Apple Products Could Allow Remote Code Execution

CIS Advisory 2015-113 - Multiple Vulnerabilities in Adobe Shockwave Player Could Allow for Remote Code Execution

CIS Advisory 2015-111 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Security Alert Archive



    Information Security News   


National Cyber Security Awareness Month Is Coming!

October of each year is National Cyber Security Awareness Month (NCSAM). NCSAM was started as a partnership between the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance with the goal of raising awareness about cyber security. We live increasingly connected lives and more than ever cyber security is vital to protecting our identities, our finances, our businesses, and our safety. Each of us plays a critical role in creating a more secure world.

The Enterprise Security Program (ESP) has signed on as a NCSAM Champion as well as a member of the Stop.Think.Connect Cyber Awareness Coaliton. Beginning in October 2015 the ESP will be holding seucrity awarenss events with activites, informational handouts, treats, giveaways, and prizes. The events will continue throught the year under the theme "Stay Safe on the Information Highway" with different topics as the focus each month. Be sure to check this page regularly for the latest event information.

October 2015 - Social Engineering

  • Oct 8, 2015 - 2:00-4:00 p.m. at the State of Montana Data Center - Helena
  • Oct 14, 2015 - 10:30-2:00 at the Mitchell Bldg, Room 53
  • Oct 21, 2015 - 11:00-4:00 at the Capitol Rotunda
  • Oct 22, 2015 - 10:30-2:00 at the Cogswell Bldg, Room TBD
  • Oct 27, 2015 - 10:30 - 2:00 at the Mitchell Bldg, Room 53

See you there!


Information Security Training Available

Looking for information security training for your technical staff? The Enterprise Security Program has several opportunities for both free and paid training.

SANS Securing the Human Developer Training

The STH Developer training is an extension of the Securing the Human End User training most state employees have completed the past two years. It focuses on the OWASP top ten web vulnerabilities and the system development life cycle.  There are 18 7-10 minute modules in the program. During the discount purchase period licenses are $250 per person. We need to purchase a minimum of 10 seats. For more information and samples of the modules visit:


SANS Online Training and Certification

SANS offers a variety of long courses, most of which prepare students for security certifications. During the discount purchase period courses are $2,330 each, with a minimum of three courses (all agencies combined). Certification exam vouchers can be purchased at the same time for $629 each. Courses can be taken either through SANS OnDemand or SANS vLive. For more information about available courses visit:



The current discount purchase window for SANS courses ends on July 31, 2015. If you are interested, but this timing doesn’t work, there will be another discount purchase period this winter – usually from December until the end of January. 

Federal Virtual Training Environment (FedVTE)

Just when you thought we were teasing about the FREE courses available, we’ll tell you about the FedVTE cybersecurity training system.  Courses range from beginner to advanced levels and are available at no cost to users. Sign up is easy at: www.Fedvte.usalearning.gov and a catalog of available courses is on the site.

If you’d like to purchase any of the SANS courses or have questions, please contact lisa vasa



    Hyperlink Information Security Home
    Hyperlink Information Security Alerts
    Hyperlink Information Security Training
    Hyperlink Information Security Incident Reports
    Hyperlink SITSD Disaster Recovery Services
    Hyperlink About Information Security
    Hyperlink Information Security Resources




It's up to each of us to take responsibility for staying safe online. Simple things like strong passwords, updated software, anti-malware solutions, and paying attention to what you do and share online all make a big difference to your security. The Center for Internet Security has kicked off a new campaign to encourage the practice of good Cyber Hygiene. Take the pledge to do your part today!


From the Desk of 

Lynne Pizzini, CISO

Keep Calm and Think Security logo

The Harm in Password Reuse

Every day malicious cyber actors compromise websites and post lists of usernames, email addresses, and passwords online. While this can be embarrassing, such as when thousands of government employees email addresses and passwords were exposed during the recent Ashley Madison breach, it also leaves users open to follow-on potential attacks due to password reuse.

Password reuse is when someone reuses the same password on multiple websites or accounts.This is a vulnerability when the password is exposed in coordination with other information that identifies who is using the password, such as first and last names, login names, or email addresses.

How Password Reuse is a Threat

Password reuse is a threat because malicious actors can take advantage of a reused password if there is other associated information that identifies you. This typically occurs through one of two potential scenarios:

In the first, and most common scenario, the malicious actors can search for other accounts you use and try to login with the same password. In some cases the actors might try to find personal accounts such as Facebook, Twitter, or banking websites. If they can identify those accounts, and you reuse your password, they can login as you. In other instances the malicious actors may try to determine where you are employed and attempt to use for remote access, such as through a remote email or timecard access.

Continue reading...



Today's Cyber Alert Level