California IT Directory
- Information Security Office Leader List – Updated December 2024
- Technology Recovery Coordinator Leader List – Updated December 2024
- Privacy Program Coordinator Leader List – Updated December 2024
Guidance
- Does Your Agency Implement Forced Password Changes (Info Sheet 7) (PDF) – Updated May 2017
- Norstar – Reducing Toll Fraud Issues (PDF) – Updated May 2017
- PBX Security It’s Your Business (PDF) – Updated May 2017
- Phishing Training Guidance (PDF) – Updated May 2017
- Secure Coding Practices (Info Sheet 1) (PDF) – Updated May 2017
- Security Considerations for Multi-Function Devices (MFD) (PDF) – Updated May 2017
- Software Security Checklists (Info Sheet 2) (PDF) – Updated May 2017
- Telework Security Considerations (Info Sheet 6) (PDF) – Updated May 2017
- The Hostile Takeover (Info Sheet 5) (PDF) – Updated May 2017
- Use of Web Service Offerings (Info Sheet 4) (PDF) – Updated February 2021
- Web Application Vulnerabilities (Info Sheet 3) (PDF) – Updated May 2017
Information Security Alerts
- Department of Energy Cyber Incident Response Capability (DOE-CIRC)
- Multi-State Information Sharing and Analysis Center (MS-ISAC)
- SANS Internet Storm Center
- Cybersecurity and Infrastructure Security Agency
- CISA News and Events
- MS-ISAC CIS Cyber Security Advisories
- 2016 MS-ISAC CIS Cyber Alerts
RSS Feeds
Related Websites
Samples & Templates
Information Security Policy Templates
For the templates released in waves, please contact Office of Information Security at (916) 445-5239
Incident Management Templates
- Incident Cost Estimator Workbook (XLS)
- Incident Communications Log (XLS)
- Sample Breach Notification Templates
- Security Incident Reporting Steps – California Office of Information Security
- SIMM 5340-C – Requirements to Respond to Incidents Involving a Breach of Personal Information
- Breach Notification Templates
- Appendix A – Breach Response and Notification Assessment Checklist (PDF)
- Appendix B – Sample Breach Notice: Social Security Number Only (DOCX) (PDF)
- Appendix C – Sample Breach Notice: Driver’s License or California ID Card Number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual. (DOCX) (PDF)
- Appendix D – Sample Breach Notice: Debit or Credit Card or Financial Account Number Only (DOCX) (PDF)
- Appendix E – Sample Breach Notice: Medical Information Only (DOCX) (PDF)
- Appendix F – Sample Breach Notice: Health Insurance Information Only (DOCX) (PDF)
- Appendix G – Sample Breach Notice: Unique Biometric Data (DOCX) (PDF)
- Appendix H – Sample Breach Notice: Hybrid for SSN and Health Information (DOCX) (PDF)
- Appendix I – Sample Breach Notice: Automated License Plate Recognition System (DOCX) (PDF)
- Appendix J – Sample Breach Notice: Genetic Data (PDF) – New June 2022
- Appendix K – Sample Breach Notice: User Name or E-Mail Address (PDF) – New June 2022
- Breach Help – Consumer Tips
- Breach Response for Call Centers (PDF)
- Frequently Asked Questions About Notifying Individuals About An Incident Involving Their Personal Information
Additional Resources for Incident Management
Asset Management Forms
Agreements & Contract Language Templates
- BL-04-35 Contract Provisions
- Sample of Business Associate HIPAA Agreement Provisions
- Model Contract Language
Request for Proposals (RFP’s) & Requests for Offers (RFO’s) Templates
Training Resources
CA CyberScholar Support
- CA CyberScholar is the Office of Information Security’s (OIS) Statewide learning management system. This system will be used for trainings offered by OIS. CA CyberScholar provides a means for users to track their course attendance and academic progress as it relates to OIS-offered trainings across the span of their State security career, regardless of current department. CA CyberScholar also allows for the consolidation and management of the courses offered by OIS; thus removing the need for users to access multiple platforms to attend and participate in trainings.
- Supported browsers include Chrome, Firefox, Edge, and Safari. Internet Explorer is not supported.
CA CyberScholar Support Contact Information
- Email:
ciooisadvisoryservices@state.ca.gov
security@state.ca.gov - Phone:
(916) 445-5239 - Organization:
California Department of Technology – Office of Information Security – Advisory Services Program Unit - Mailing Address:
P.O. Box 1810, MS Y-01
Rancho Cordova, CA 95741-1810
Cal OES Training Resources
Cyber Security Symposium (recorded sessions)
OIS Training Videos
California Compliance and Security Incident Reporting System (Cal-CSIRS)
- Cal-CSIRS Common Controls
- Cal-CSIRS Designee Access
- Cal-CSIRS Incident Reporting
- Cal-CSIRS Risk Reporting (COMING SOON!)
Security and Privacy Basics
- Data Classification & System Categorization
Course Materials:- Policy Definitions (PDF)
- Data Classification and Categorization Worksheet (PDF)
- NIST Special Publication 800-53B – Control Baselines for Information Systems and Organizations (PDF)
- NIST FIPS 199_Table 1: Security Objective and Potential Impact (PDF)
- Examples of Legally Defined Information Classifications (PDF)
- Incident Management Program
- Managing Privacy Risks With Privacy Impact Assessments – PIAs
- Privacy
- Risk Management
- Technology Recovery Planning
Other
Contact the Office of Information Security (OIS)
Office of Information Security, California Department of Technology
P.O. Box 1810, Mail Stop Y-01, Rancho Cordova, CA 95741-1810
Main: 916-245-2583 l E-Mail: security@state.ca.gov