Thanks to the Western Region Homeland Security Advisory Council for funding this workshop series, and to Novus Insight for conducting the workshops!
All slide decks, workshop materials, and recordings are posted below.

Please contact Amanda Doster at adoster@frcog.org with any questions!

Workshop 1:  Positioning Technology & Cybersecurity as a Strategic Imperative

Target Audience: Executive Leadership, Selectboard Members

Session 1 – Support and Planning. Tuesday, September 14, 2021. 9am-10:30am.

• Myth-busting – “Tech is overhead.” No, it’s not.
• Why secure technology is the foundation of modern government services
• Solving the budget problem starts with cultivating buy-in
  • How to talk tech without talking tech
  • How to (more) confidently sell stakeholders and constituents on the need for tech & cyber budgeting
• Creating strategic plans that are supported by technology
• Workshop Materials:
  • Click here for the workshop recording.
  • Click here to download the workshop slides.
  • Risk Assessment Template (FRCOG)
  • Asset Inventory (FRCOG)

Session 2 – Internal Change Management. Thursday, September 30, 2021. 1pm-2:30pm.

• Breaking old habits – creating a culture to support change
• Incorporating policy & procedure development and incident response planning into municipal budgets
• Creating more of a culture of cybersecurity
• Workshop Materials: 
  • Click here to download the workshop slides.
  • Click here to view the workshop recording.

Workshop 2:  Best Practices in IT/Cybersecurity Policies and Procedures Workshop

Target Audience: Executive Leadership, IT Personnel

Session 1 – Overview of a Cybersecurity Program. Thursday, October 14^th, 2021. 9am-10:30am.

• Understanding the important distinctions and interrelationship between policies, procedures, guidelines, and standards
• Relevance — How does my cybersecurity program relate to and impact the day-to-day operations of the municipality?
• Components of a cybersecurity program and the importance of each
• Workshop Materials:
  • Click here to view the workshop recording.
  • Click here to download the workshop slides.
  • Click here to read more about the “Rick Roll” incident referenced in the presentation.

Session 2 – Building a Cybersecurity Program. Tuesday, October 26^th, 1pm-2:30pm

• Templates that will get you started
  • Using the templates to drive other components of your overall IT program such as backup and recovery, incident response, and IT asset management
• The role of executive leadership
• Regulatory requirements
• Making the program understandable and relevant to all — employees, board and commission members, external parties, the public
• Workshop Materials:
  • Click here to view the workshop recording.
  • Click here for the workshop slides.
  • Policy & Procedure templates:
    • Acceptable Use of Information Technology Resources Policy
    • Change Process
    • Information Classification Standard
    • Information Security Policy
    • Security Assessment and Authorization Policy
    • System and Services Acquisition Policy
    • Third Party Risk Management

Workshop 3:  Incident Response Planning Workshop

Target Audience: Executive Leadership, IT Personnel, Emergency Operations & Critical Infrastructure (i.e. WPC)

Session 1 – Introduction of the cyber incident response plan template and implementation checklist tool. Wednesday, November 3, 2021. 9am-10:30am.

• Identifying and understanding the municipality’s key information assets and the risk of them being breached or removed
  • Novus will provide an asset inventory worksheet for collecting and categorizing assets
• Identifying whether assets are within your control or a third party’s, or if it is a shared responsibility
• Understanding your in-house capabilities vs. need for external expertise/resources
• How to assemble an incident response team
• Workshop Materials: 
  • Click here for the workshop slides.
  • Click here to view the workshop recording.
  • Click here for the link to the Mass Cyber Center resources shared during the workshop.

Session 2 – Implementing an IRP and addressing tool implementation barriers and questions. Wednesday, November 17, 2021. 1pm-2:30pm

• Preparing a tailored Incident Response Plan including:
  • Guidelines for who to inform when data is breached or exposed
  • Establishing the severity of a breach and the level of response required
• How your IRP should fit within your business continuity and disaster recovery strategies
• How to test your incident response plan
• Workshop Materials:
  • Click here for the workshop slides.
  • Click here to view the workshop recording.
  • Click here for a sample Incidence Response Policy

Workshop 4:  Security and Compliance Workshop

Target Audience: Executive Leadership, Any departments dealing with sensitive information (i.e. Police, Fire, HR)

Thursday, December 2, 2021. 9am-11am.

• Most common sensitive data types in a municipality
  • PII
  • PHI (the 2 things needed with data for it to be considered PHI and regulated by HIPAA)
  • FERPA
  • CJIS
  • PCI
• Identifying sensitive data in your environment
• Strategies for protecting sensitive data and end user education
• When all else fails, there’s insurance. An overview of cyber insurance and what’s included.
• FOIA, record retention, and e-discovery
• Baseline standards and best practices for a security and compliance program
• Workshop Materials
  • Click here for the workshop recording.
  • Click here for the workshop slides.
  • Additional resources regarding HIPAA and radio dispatch communications:
    • HIPAA and Emergency Dispatch (naemsp.org)
    • HIPAA Didn’t Kill the Radio Star – Public Safety Communications (apcointl.org)

Workshop 5:  State IT/Cybersecurity Efforts and Resources Workshop

Target Audience: Executive Leadership, IT Personnel

Thursday, December 16, 2021. 9am-10:30am.

• Overview of Massachusetts-specific municipal IT and security resources
• Presentations by representatives from state agencies, MIIA, and potentially federal resources
• Workshop Materials:
  • Click here for the workshop slides.
  • Click here for the workshop recording.