Cybersecurity Tip of the Week

  Shop Securely This Holiday Season

Thanksgiving is nearly here and Christmas decorations are going up all around town. You know what that means -- time to shop! It's also a time cybercriminals exploit. Protect yourself by doing these things:

  • Shop with reputable vendors.
  • Use a credit card to get additional legal protections over what is provided for debit cards.
  • Use and maintain anti-virus software, a firewall, and anti-spyware software on any devices you use for online shopping.
  • Keep software, particularly your web browser, up to date.
  • Watch out for "special offers" in your email. Many of them are phishing attempts.
  • Check your bank and credit cards statements and if your financial institutions offer it, set up account alerts to notify you of activity on your accounts.

For more tips and information, check out US-CERT's guide to Shopping Securely Online.


Red exclamation point in a red circle

Latest Information Security Alerts and Advisories


Oracle Quarterly Critical Patches

CIS Advisory 2015-127 - Vulnerability in Adobe Shockware Player Could Allow for Arbitrary Code Execution

CIS Advisory 2015-125 - Multiple Vulnerabilities in Apple Products Could Allow Remote Code Execution

CIS Advisory 2015-124 - Multiple Vulnerabilities in Google Chrome Allow for Arbitrary Code Execution

CIS Advisory 2015-123 - Security Updates for Microsoft Office to Address Remote Code Execution

CIS Advisory 2015-121 - Cumulative Security Update for Internet Explorer

CIS Advisory 2015-120 - Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Remote Code Execution UPDATED 11/2/2015

Security Alert Archive



    Information Security News   


Montana Information Security Is On Social Media!

Follow @MontanaSecurity on Twitter and like the Montana Information Security page on Facebook for cybersecurity news and tips.


National Cyber Security Awareness Month Is Coming!

October of each year is National Cyber Security Awareness Month (NCSAM). NCSAM was started as a partnership between the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance with the goal of raising awareness about cyber security. We live increasingly connected lives and more than ever cyber security is vital to protecting our identities, our finances, our businesses, and our safety. Each of us plays a critical role in creating a more secure world.

The Enterprise Security Program (ESP) has signed on as a NCSAM Champion as well as a member of the Stop.Think.Connect Cyber Awareness Coaliton. Beginning in October 2015 the ESP will be holding seucrity awarenss events with activites, informational handouts, treats, giveaways, and prizes. The events will continue throught the year under the theme "Stay Safe on the Information Highway" with different topics as the focus each month. Be sure to check this page regularly for the latest event information.

October 2015 - Social Engineering

  • Oct 8, 2015 - 2:00-4:00 p.m. at the State of Montana Data Center - Helena
  • Oct 14, 2015 - 10:30-2:00 at the Mitchell Bldg, Room 53
  • Oct 21, 2015 - 11:00-4:00 at the Capitol Rotunda
  • Oct 22, 2015 - 10:30-2:00 at the Cogswell Bldg, SITSD Conference Rm 51
  • Oct 27, 2015 - 10:30 - 2:00 at the Mitchell Bldg, Room 53

Check our events page often for the latest schedule updates.


Governor Bullock Supports National Cyber Security Awareness Month

Governor Steve Bullock has signed a letter of support for October 2015 as National Cyber Security Awarness Month.

"I am pleased to recognize October as "National Cyber Security Awareness Month" in the State of Montana.

I commend the U.S. Department of Homeland Security (DHS), the Center for Internet Security (CIS)/Multi-State Information Sharing and Analysis Center (MSISAC), the National Associalion of State Chief Information Officers (NASCIO), and the National Cyber Security Alliance (NCSA) for promoting cyber awareness through guidance for government and businesses, and promoting innovation, strengthening cybersecurity investment and enhacing resilience acorss all sectors. Maintaining the security of cyberspace is a shared responsibility in which each of us has a critical role to play, and awareness of computer security essentials will improve the security of Montana's information infrastructure and economy. 

To being putting this knowledge into practice in our homes, schools, workplaces, and businesses, please visit the Stop.Think.Connect website: www.dhs.gov/stopthinkconnect or www.stopthinkconnect.org. Thank you for all your hard work and I encourage Montanansto acknowledge October 2015 as "National Cyber Security Awareness Month".

The letter can be viewed here.


Information Security Training Available

Looking for information security training for your technical staff? The Enterprise Security Program has several opportunities for both free and paid training.

SANS Securing the Human Developer Training

The STH Developer training is an extension of the Securing the Human End User training most state employees have completed the past two years. It focuses on the OWASP top ten web vulnerabilities and the system development life cycle.  There are 18 7-10 minute modules in the program. During the discount purchase period licenses are $250 per person. We need to purchase a minimum of 10 seats. For more information and samples of the modules visit:


SANS Online Training and Certification

SANS offers a variety of long courses, most of which prepare students for security certifications. During the discount purchase period courses are $2,330 each, with a minimum of three courses (all agencies combined). Certification exam vouchers can be purchased at the same time for $629 each. Courses can be taken either through SANS OnDemand or SANS vLive. For more information about available courses visit:



The current discount purchase window for SANS courses ends on July 31, 2015. If you are interested, but this timing doesn’t work, there will be another discount purchase period this winter – usually from December until the end of January. 

Federal Virtual Training Environment (FedVTE)

Just when you thought we were teasing about the FREE courses available, we’ll tell you about the FedVTE cybersecurity training system.  Courses range from beginner to advanced levels and are available at no cost to users. Sign up is easy at: www.Fedvte.usalearning.gov and a catalog of available courses is on the site.

If you’d like to purchase any of the SANS courses or have questions, please contact lisa vasa



    Hyperlink Information Security Home
    Hyperlink Information Security Alerts
    Hyperlink Information Security Training
    Hyperlink Information Security Incident Reports
    Hyperlink SITSD Disaster Recovery Services
    Hyperlink About Information Security
    Hyperlink Information Security Resources



It's up to each of us to take responsibility for staying safe online. Simple things like strong passwords, updated software, anti-malware solutions, and paying attention to what you do and share online all make a big difference to your security. The Center for Internet Security has kicked off a new campaign to encourage the practice of good Cyber Hygiene. Take the pledge to do your part today!


From the Desk of 

Lynne Pizzini, CISO

Yellow road sign with text "Stay Safe on the Information Highway"

New Credit Card Chip Technology

Maybe you’ve gotten a new credit or debit card in the mail or heard something about the U.S. moving to the “Chip and Signature” or “Chip and PIN” standard. The U.S. is moving toward adopting these standards, and October 1st, 2015, is a major deadline for U.S. payment companies and merchants.

What is Chip and Signature/Chip and PIN?

The Europay, MasterCard, Visa(EMV) standard uses payment cards with a chip and requires either a PIN (Chip and PIN) or a signature (Chip and Signature) to authorize a payment. The chip is a small metal square, typically silver or gold, on the payment card that stores encrypted, dynamic data. After payment approval during a transaction, the data on the chip will change. This is different from the older magnetic strip cards, where the data on the magnetic strip never changed, which made it easy for malicious actors to copy. With the new chips, it will be more much difficult for malicious actors to read the data on the chip and then, because it constantly changes, to counterfeit it.

Chip and Signature/Chip and PIN cards are only new to the United States. Many countries around the world already uses these new technologies because they help to reduce credit card fraud through the use of authentication, verification, and authorization.

  • Authenticating a card through its chip helps to prevent counterfeit cards.
  • Verifying the card holder through the signature/PIN helps protect against lost or stolen cards.
  • Authorization of the transaction indicates that both the merchant and buyer agree to the transaction.

Continue reading...



Today's Cyber Alert Level