Cybersecurity for Municipalities Workshop Series – Fall 2021

Thanks to the Western Region Homeland Security Advisory Council for funding this workshop series, and to Novus Insight for conducting the workshops!
All slide decks, workshop materials, and recordings will be posted here after each workshop. Municipal leaders in Franklin, Hampshire, Hampden, and Berkshire Counties are invited to participate in any (or all) of the workshops.
Please contact Amanda Doster at with any questions!

Workshop 1:  Positioning Technology & Cybersecurity as a Strategic Imperative

Target Audience: Executive Leadership, Selectboard Members

Session 1 – Support and Planning. Tuesday, September 14, 2021. 9am-10:30am.

Session 2 – Internal Change Management. Thursday, September 30, 2021. 1pm-2:30pm.

Workshop 2:  Best Practices in IT/Cybersecurity Policies and Procedures Workshop

Target Audience: Executive Leadership, IT Personnel

Session 1 – Overview of a Cybersecurity Program. Thursday, October 14th, 2021. 9am-10:30am.

Session 2 – Building a Cybersecurity Program. Tuesday, October 26th, 1pm-2:30pm
Registration link:

  • Templates that will get you started
    • Using the templates to drive other components of your overall IT program such as backup and recovery, incident response, and IT asset management
  • The role of executive leadership
  • Regulatory requirements
  • Making the program understandable and relevant to all — employees, board and commission members, external parties, the public

Workshop 3:  Incident Response Planning Workshop

Target Audience: Executive Leadership, IT Personnel, Emergency Operations & Critical Infrastructure (i.e. WPC)

Session 1 – Introduction of the cyber incident response plan template and implementation checklist tool. Wednesday, November 3, 2021. 9am-10:30am.
Registration link:

  • Identifying and understanding the municipality’s key information assets and the risk of them being breached or removed
    • Novus will provide an asset inventory worksheet for collecting and categorizing assets
  • Identifying whether assets are within your control or a third party’s, or if it is a shared responsibility
  • Understanding your in-house capabilities vs. need for external expertise/resources
  • How to assemble an incident response team

Session 2 – Implementing an IRP and addressing tool implementation barriers and questions. Wednesday, November 17, 2021. 1pm-2:30pm
Registration link:

  • Preparing a tailored Incident Response Plan including:
    • Guidelines for who to inform when data is breached or exposed
    • Establishing the severity of a breach and the level of response required
  • How your IRP should fit within your business continuity and disaster recovery strategies
  • How to test your incident response plan

* Each participant will leave with a set of materials and templates allowing them to custom tailor their plan.

Workshop 4:  Security and Compliance Workshop

Target Audience: Executive Leadership, Any departments dealing with sensitive information (i.e. Police, Fire, HR)

Thursday, December 2, 2021. 9am-11am.
Registration link:

  • Most common sensitive data types in a municipality
    • PII
    • PHI (the 2 things needed with data for it to be considered PHI and regulated by HIPAA)
    • FERPA
    • CJIS
    • PCI
  • Identifying sensitive data in your environment
  • Strategies for protecting sensitive data and end user education
  • When all else fails, there’s insurance. An overview of cyber insurance and what’s included.
  • FOIA, record retention, and e-discovery
  • Baseline standards and best practices for a security and compliance program

Workshop 5:  State IT/Cybersecurity Efforts and Resources Workshop

Target Audience: Executive Leadership, IT Personnel

Thursday, December 16, 2021. 9am-10:30am.
Registration link:

  • Overview of Massachusetts-specific municipal IT and security resources
  • Presentations by representatives from state agencies, MIIA, and potentially federal resources