Training resources

• Information Security Office Leader List ^{Updated March 2026}
• Technology Recovery Coordinator Leader List ^{Updated November 2025}
• Privacy Program Coordinator Leader List ^{Updated November 2025}

• Does Your Agency Implement Forced Password Changes (Info Sheet 7) (PDF)opens in a new window ^{Updated May 2017}
• Norstar – Reducing Toll Fraud Issues (PDF)opens in a new window ^{Updated May 2017}
• PBX Security It's Your Business (PDF)opens in a new window ^{Updated May 2017}
• Phishing Training Guidance (PDF)opens in a new window ^{Updated May 2017}
• Secure Coding Practices (Info Sheet 1) (PDF)opens in a new window ^{Updated May 2017}
• Security Considerations for Multi-Function Devices (MFD) (PDF)opens in a new window ^{Updated May 2017}
• Software Security Checklists (Info Sheet 2) (PDF)opens in a new window ^{Updated May 2017}
• Telework Security Considerations (Info Sheet 6) (PDF)opens in a new window ^{Updated May 2017}
• The Hostile Takeover (Info Sheet 5) (PDF)opens in a new window ^{Updated May 2017}
• Use of Web Service Offerings (Info Sheet 4) (PDF) ^{Updated February 2021}
• Web Application Vulnerabilities (Info Sheet 3) (PDF)opens in a new window ^{Updated May 2017}

Alerts

• Department of Energy Cyber Incident Response Capability (DOE-CIRC)opens in a new window
• Multi-State Information Sharing and Analysis Center (MS-ISAC)
• SANS Internet Storm Centeropens in a new window
• Cybersecurity and Infrastructure Security Agencyopens in a new window
• CISA News and Eventsopens in a new window
• MS-ISAC CIS Cyber Security Advisoriesopens in a new window
• 2016 MS-ISAC CIS Cyber Alertsopens in a new window

RSS feeds

• US Department of Defense RSS Feedsopens in a new window
• US Department of Homeland Securityopens in a new window
• SANS Securityopens in a new window

• California Security Jumpstart
• The California Military Departmentopens in a new window
• California Government Operations Agencyopens in a new window
• California Highway Patrolopens in a new window
• California Governor's Office of Emergency Servicesopens in a new window
• Center For Data Insights and Innovation
• Department of Justice's Privacy Enforcement and Protection Unitopens in a new window

• Employee Acknowledgement (DOC)opens in a new window
• Simple Network Banner Language (DOC)opens in a new window

For the templates released in waves, please contact Office of Information Security at 916-445-5239

Incident Management Templates

• Incident Cost Estimator Workbook (XLS)opens in a new window
• Incident Communications Log (XLS)opens in a new window
• Sample Breach Notification Templates
  • Security Incident Reporting Steps – California Office of Information Security
  • SIMM 5340-C – Requirements to Respond to Incidents Involving a Breach of Personal Information
  • Breach Notification Templates
    • Appendix A – Breach Response and Notification Assessment Checklist (PDF)
    • Appendix B – Sample Breach Notice: Social Security Number Only (DOCX)opens in a new window (PDF)
    • Appendix C – Sample Breach Notice: Driver's License or California ID Card Number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual. (DOCX) (PDF)
    • Appendix D – Sample Breach Notice: Debit or Credit Card or Financial Account Number Only (DOCX)opens in a new window (PDF)
    • Appendix E – Sample Breach Notice: Medical Information Only (DOCX)opens in a new window (PDF)
    • Appendix F – Sample Breach Notice: Health Insurance Information Only (DOCX)opens in a new window (PDF)
    • Appendix G – Sample Breach Notice: Unique Biometric Data (DOCX) (PDF)opens in a new window
    • Appendix H – Sample Breach Notice: Hybrid for SSN and Health Information (DOCX)opens in a new window (PDF)
    • Appendix I – Sample Breach Notice: Automated License Plate Recognition System (DOCX)opens in a new window (PDF)
    • Appendix J – Sample Breach Notice: Genetic Data (PDF) ^{New June 2022}
    • Appendix K – Sample Breach Notice: User Name or E-Mail Address (PDF) ^{New June 2022}
  • Breach Help – Consumer Tips
    • SIMM 5340 C APPENDIX L: Breach Help – Consumer Tips Enclosure (English) (PDF) ^{New June 2022}
    • SIMM 5340 C APPENDIX M: Breach Help – Consumer Tips Enclosure (Spanish) (PDF) ^{New June 2022}
  • Breach Response for Call Centers (PDF)opens in a new window
  • Frequently Asked Questions About Notifying Individuals About An Incident Involving Their Personal Informationopens in a new window

Additional Resources for Incident Management

• NIST Federal Agency Security Practices (FASP)opens in a new window

Asset Management Forms

• Employee Appointment Checklist (PDF)opens in a new window
• Employee Exit Checklist (DOC)opens in a new window

Agreements & Contract Language Templates

• BL-04-35 Contract Provisionsopens in a new window
• Sample of Business Associate HIPAA Agreement Provisionsopens in a new window
• Model Contract Languageopens in a new window

Request for Proposals (RFP's) & Requests for Offers (RFO's) Templates

• Requests for Proposals (RFP's) Templateopens in a new window
• Requests for Offer (RFO's) Template (DOCX)opens in a new window

CA CyberScholar support

• CA CyberScholar is the Office of Information Security's (OIS) Statewide learning management system. This system will be used for trainings offered by OIS. CA CyberScholar provides a means for users to track their course attendance and academic progress as it relates to OIS-offered trainings across the span of their State security career, regardless of current department. CA CyberScholar also allows for the consolidation and management of the courses offered by OIS; thus removing the need for users to access multiple platforms to attend and participate in trainings.
• Supported browsers include Chrome, Firefox, Edge, and Safari. Internet Explorer is not supported.
• Documentation:
  • Creating an Account (PDF)
  • Log In Instructions (PDF)
  • Multi-Factor Authentication (MFA) (PDF)
  • Register for Training (PDF)
  • Supported Browsers – CA CyberScholar (runs on the Blackboard platform) (PDF)

CA CyberScholar Support Contact Information

Email

ciooisadvisoryservices@state.ca.gov
security@state.ca.gov

Phone

916-445-5239

Organization

California Department of Technology
Office of Information Security
Advisory Services Program Unit

Mailing Address

P.O. Box 1810, MS Y-01
Rancho Cordova, CA 95741-1810

Cal OES Training Resources

• Cal OES Training Divisionopens in a new window
• Cal OES Exercise Programopens in a new window

Cyber Security Symposium (recorded sessions)

• 2013 Cyber Security Symposium (recorded sessions)opens in a new window
• 2012 Cyber Security Symposium (recorded sessions)opens in a new window

OIS Training Videos

California Compliance and Security Incident Reporting System (Cal-CSIRS)

• Cal-CSIRS Common Controlsopens in a new window
• Cal-CSIRS Designee Accessopens in a new window
• Cal-CSIRS Incident Reportingopens in a new window
• Cal-CSIRS Risk Reporting (COMING SOON!)

Security and Privacy Basics

• Data Classification & System Categorizationopens in a new window
  Course Materials:
  • Policy Definitions (PDF)opens in a new window
  • Data Classification and Categorization Worksheet (PDF)opens in a new window
  • NIST Special Publication 800-53B – Control Baselines for Information Systems and Organizations (PDF)opens in a new window
  • NIST FIPS 199_Table 1: Security Objective and Potential Impact (PDF)opens in a new window
  • Examples of Legally Defined Information Classifications (PDF)
• Incident Management Programopens in a new window
• Managing Privacy Risks With Privacy Impact Assessments – PIAsopens in a new window
• Privacyopens in a new window
• Risk Managementopens in a new window
• Technology Recovery Planningopens in a new window

Other

• Completing the SIMM 5330-A Designation Letteropens in a new window

Office of Information Security, California Department of Technology

P.O. Box 1810, Mail Stop Y-01
Rancho Cordova, CA 95741-1810

Phone

916-245-2583

Email

security@state.ca.gov