Cybersecurity Tip of the Week

Plan for a Safe Summer Vacation

Summer is here and for many people that means a fun summer trip. Here are some tips to help you avoid being taken in by travel scams:

  • Watch out for free travel offers.  If it sounds too good to be true, it probably is. “Free” isn’t always free – there may be hidden fees or obligations attached.
  • Check out the company before paying for anything.
  • Get the details about the trip in writing, including total costs, any restrictions that might apply, and the exact names of the hotels, airlines or other services which are part of the trip.
  • Use your credit card while traveling. If you think you’ve been taken in by a scam, you can dispute the charges.

Then, before you go, check out the National Cyber Security Alliance’s Trip Advisor to stay safe before, during, and after your vacation.



Red exclamation point in a red circle

Information Security Alerts and Advisories

CIS Advisory 2015-050 - Multiple Vulnerabilities in Google Chrome Could Allow For Remote Code Execution

CIS Advisory 2015-049 - Vulnerability in WordPress Content Management System Could Allow Remote Code Execution

CIS Advisory 2015-046 - Multiple Vulnerabilities in Mozilla Firefox Could Allow For Remote Code Execution

CIS Advisory 2015-045 - Multiple Vulnerabilities in Google Chrome Could Allow For Remote Code Execution

CIS Advisory 2015-042 - Vulnerability in Microsoft HTTP.sys Could Allow Remote Code Execution

Security Alert Archive



    Information Security News   



Information Security Training Available

Looking for information security training for your technical staff? The Enterprise Security Program has several opportunities for both free and paid training.

SANS Securing the Human Developer Training

The STH Developer training is an extension of the Securing the Human End User training most state employees have completed the past two years. It focuses on the OWASP top ten web vulnerabilities and the system development life cycle.  There are 18 7-10 minute modules in the program. During the discount purchase period licenses are $250 per person. We need to purchase a minimum of 10 seats. For more information and samples of the modules visit:


SANS Online Training and Certification

SANS offers a variety of long courses, most of which prepare students for security certifications. During the discount purchase period courses are $2,330 each, with a minimum of three courses (all agencies combined). Certification exam vouchers can be purchased at the same time for $629 each. Courses can be taken either through SANS OnDemand or SANS vLive. For more information about available courses visit:



The current discount purchase window for SANS courses ends on July 31, 2015. If you are interested, but this timing doesn’t work, there will be another discount purchase period this winter – usually from December until the end of January. 

Federal Virtual Training Environment (FedVTE)

Just when you thought we were teasing about the FREE courses available, we’ll tell you about the FedVTE cybersecurity training system.  Courses range from beginner to advanced levels and are available at no cost to users. We’ve attached a training catalog for the FedVTE program. Sign up is easy at: www.Fedvte.usalearning.gov

If you’d like to purchase any of the SANS courses or have questions, please contact lisa vasa




    Hyperlink Information Security Home
    Hyperlink Information Security Alerts
    Hyperlink Information Security Training
    Hyperlink Information Security Incident Reports
    Hyperlink SITSD Disaster Recovery Services
    Hyperlink About Information Security
    Hyperlink Information Security Resources




It's up to each of us to take responsibility for staying safe online. Simple things like strong passwords, updated software, anti-malware solutions, and paying attention to what you do and share online all make a big difference to your security. The Center for Internet Security has kicked off a new campaign to encourage the practice of good Cyber Hygiene. Take the pledge to do your part today!


From the Desk of 

Lynne Pizzini, CISO

Keep Calm and Think Security logo

Social Engineering Through The Internet

Social engineering refers to the methods attackers use to manipulate people into sharing sensitive information, or taking an action, such as downloading a file. Sometimes a social engineer is able to rely solely on information posted online or will sometimes interact with the victim to persuade the victim to share details or perform an action.

Oversharing Online

Information posted online can seem harmless, until you think about how a social engineer could use the same information. By gathering multiple pieces of information from various sources, a cyber criminal could have enough facts about you to craft a very convincing social engineering scam. Think about how these seemingly innocuous details might be valuable to the cyber criminal:

  • Posting a picture of your pet might give away your pet’s name, or posting a photo of your car would identify its color. Pet’s name and car color are common security questions.
  • Answering a “meme” can give away personally identifiable information (PII) such as your date of birth or other sensitive information, including answers to security questions.

Be careful about how much information you post and think about how the various pieces might be combined for use by a cyber criminal.

Continue reading...




Today's Cyber Alert Level