Friday, August 21 2020
20 Cyber Topics in 20 Weeks Series Schedule (FREE)
Purdue MEP and PTAC are Proud to Announce this 20 Cyber Topics in 20 Weeks Series!
Many Indiana families are focused on remaining healthy during the COVID-19 crisis. Additionally, Indiana businesses are challenged to keep their business afloat as a result of the COVID-related loss of revenue. As a result, much of the Indiana Defense Industrial Base (DIB) has done little to prepare for Cybersecurity Maturity Model Certifications (CMMC) which will soon be mandatory to conduct business with DoD.
What can we do to help in this very busy and stressful time? Under the leadership of the Indiana Procurement Technical Assistance Center (PTAC), Purdue MEP and many Indiana cybersecurity providers have developed a series of essential cybersecurity topics. 20 cybersecurity topics in 20 weeks is an effort to provide Indiana businesses with the training needed to achieve CMMC Level 1/basic small business information security and to improve the Indiana DIB’s cyber-health. In addition to live webinars, all of the presentations will be recorded to create a library of cyber information that clients can view when they do have the time to focus on cyber health and defense acquisition regulation compliance.
20 weeks of cybersecurity training will begin this month and run through December 2020. These training sessions will be delivered by a wide-range of Indiana cybersecurity providers; Purdue cyberTAP, Sterlyn Group, TCC Solutions, Lifeline Data Centers, RevealRisk, The AME Group, Sondhi Solutions, IU Health and more!
Cost? This training is free!
Schedule:
| Cyber Topic/Concept | Presenter | Webinar Date | Description |
|
How to develop, execute and test a good data and system back-up routine. |
Sterlyn Group | 7/16/2020 | Make full backups of important business data/information. Backups will let you restore your data in case a computer breaks, an employee makes a mistake, or a malicious program infects your system. Without data backups, you may have to recreate your business information manually (e.g. from paper records). This session will cover strategies to develop, execute and test a good data and system back-up routine. |
|
Methods to inventory and document organizational hardware and software. |
TCC Solutions | 7/30/2020 | Foundational to developing a sound patch management (keeping operating systems and software "patched" with the latest updates) routine is having a good hardware and software inventory. This session will review free tools and practical methods to conduct hardware and software inventories. |
|
How to develop and execute a patch management routine (CMMC L1). |
IU Health | 8/13/2020 | Any software application including operating systems, firmware, or plugin installed on a system could provide the means for an attack. Many software vendors provide patches and updates to their supported products in order to correct security concerns and to improve functionality. This session will ensure that you know how to update and patch software on each device you own. |
|
How to download and apply the appropriate Group Policy Objects (GPOs) to your network. |
Sterlyn Group | 8/20/2020 | Group Policy provides a method of centralizing configuration settings and management of operating systems, computer settings and user settings in a Microsoft IT environment. This session will review how to download and apply the appropriate Group Policy Objects (GPOs) to your network |
|
Alternate ways to limit access control and authenticate users per NIST 800-171, CMMC Level 1. |
Sondhi Solutions | 8/27/2020 | Access control activities ensure that access granted to organizational systems and information is commensurate with defined access requirements. This session will review methods to limit access to your systems to authorized people and systems only. |
|
What type of DoD contract/product information can/should be published on public websites to communicate your expertise, without including CUI (CMMC L1). |
TCC Solutions | 9/3/2020 | Sensitive information, including Federal Contract Information (FCI), should not be allowed to become public. It is important to know which users/employees are allowed to publish information on publically accessible systems, like your company website. This session will review what type of DoD contract/product information can/should be published on public websites to communicate your expertise, without going too far. |
|
How to properly sanitize or destroy system media prior to reuse or disposal. (CMMC L1). |
Purdue cyberTAP | 9/18/2020 | Small businesses may sell, throw away, or donate old computers and media. This session will review how to properly sanitize or destroy system media prior to reuse or disposal. |
|
Requirements for physical access and the monitoring of visitors (CMMC L1). |
The AME Group | 9/24/2020 | Physical access to organizational information systems, equipment, and the respective operating environments should be limited to authorized individuals. This session will review methods to limit physical access appropriately. |
|
How to protect organizational communications at key internal and external boundaries- firewalls, etc. (CMMC L1). |
The AME Group | 10/1/2020 | Firewalls and other devices can be used to block unwanted traffic such as known malicious communications or browsing to inappropriate websites, depending on the settings. Install and operate a hardware firewall between your internal network and the Internet. This session will review how to protect organizational communications at key internal and external boundaries. |
|
How to implement subnets for publicly accessible system components (CMMC L1). |
TCC Solutions | 10/8/2020 | Subnetting is the process of dividing a network into small networks and is a common task on networks. This session will address why subnetting is recommended for publically accessible components. |
|
Does having an anti-virus software with auto updates enabled really protect your company from malicious software? What are the limits? What else should/must you do? What software is prohibited when servicing DoD contracts? (CMMC L1). |
Purdue cyberTAP | 10/15/2020 | Malware (short for Malicious Software or Malicious Code) is computer code written to steal or harm. It includes viruses, spyware, and ransomware. Sometimes malware only uses up computing resources (e.g. memory), but other times it can record your actions or send your personal and sensitive information to cyber criminals. This session will provide actions to consider beyond automatic anti-virus updates. |
|
Periodic information system scans- what should be done? Is it all automatic? Should manual scans be a part of the organizational routine? (CMMC L1). |
Lifeline Data | 10/22/2020 | This session will review the various types of recommended networks scans such as vulnerability scans and penetration testing. Additionally, a recommended periodicity will be suggested, as well as readily available, free or low-cost tools. |
|
What is a Security Information and Event Manager (SIEM), and do I really need one? |
IU Health | 10/29/2020 | Security Information and Event Manager (SIEM) software works by collecting log and event data that is generated by host systems, security devices and applications throughout an organization's infrastructure and collating it on a centralized platform. This session will cover the information provided by basic SIEMs, and if you need a SIEM, what are low-cost solutions. |
|
Background checks – who should get one, what type, including in service level agreements with subcontractors. |
IU Health | 11/5/2020 | This session will review the importance of conducting full, nationwide, criminal background checks, sexual offender checks, and if possible a credit check on all prospective employees (especially if they will be handing your business funds). |
|
Employee cybersecurity training requirements and good sources of training content. |
The AME Group | 11/19/2020 | Security training allows organizations to influence behavior, mitigate risk, and ensure compliance with company policies. Train employees immediately when hired and at least annually thereafter about your information security policies and what they will be expected to do to protect your business’s information and technology. This session will cover effective and low cost methods to conduct information security training. |
|
How to set-up web and email filters. |
Lifeline Data | 12/3/2020 | Email filters can help remove emails known to have malware attached and prevent your inbox from being cluttered by unsolicited and undesired (i.e. “spam”) email. Similarly, many web browsers allow web filtering – notifying the user if a website may contain malware and potentially preventing them from accessing that website. This session will cover how to set-up web and email filters. |
|
How to develop a plan for disasters and information security incidents. Request Recording |
Reveal Risk | 12/10/2020 | This session will review how to develop a plan for disasters, in general, and information security incidents specifically. |
|
How to conduct basic risk analysis to determine where you should concentrate your limited time and resources. |
Reveal Risk | 12/17/2020 | Risk is a function of threats, vulnerabilities, the likelihood of an event, and the potential impact such an event would have to the business. By understanding your risks, you can know where to focus your efforts. While you can never completely eliminate your risks, the goal of your information security program should be to provide reasonable assurance that you have made informed decisions related to the security of your information. |
