SECTOR-SPECIFIC BEST PRACTICES, STANDARDS, AND RECOMMENDATIONS

• Energy
  • CISA Sector Spotlight-Physical Security Considerations for the Electricity Sub-Sector
  • Cybersecurity Capability Maturity Model (C2M2)
  • Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
  • Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2)
  • The North American Electric Reliability Corporation (NERC)
  • Federal Energy Regulatory Commission (FERC)- Cyber & Grid Security
• Water/Wastewater
  • NEW! Incident Response Guide for the Water and Wastewater Systems (WWS) Sector. Developed jointly by the Cybersecurity Infrastructure and Security Agency (CISA), Federal Bureau of Investigation (FBI) and the Environmental Protection Agency (EPA), the guide includes contributions from over 25 WWS Sector organizations spanning private industry, nonprofit, and government entities.
    • Visit CISA's Water and Wastewater Cybersecurity | CISA website page for additional sector tools, information, and resources.
  • Cybersecurity for the Water and Wastewater Sector (nist.gov)
  • NEW! Cyberattacks against public water systems are increasing. Implementing basic cyber hygiene practices can help your utility prevent, detect, respond, and recover from cyber incidents. Learn more about EPA’s Cybersecurity Resources for Drinking Water and Wastewater Systems.

  • SIGN UP TODAY Cybersecurity Training Workshops -- American Water Works Association (AWWA) Indiana Section
    • The Indiana Section AWWA is providing Cybersecurity Training for municipality staff, local government leadership, and staff at Water and Wastewater Utilities in Indiana. There is no cost to the attendee and the 4-hour trainings will be conducted via webinar or class. Attendees will be provided basic knowledge of cybersecurity and learn about cybersecurity risk assessment and response planning needed to meet State and Federal requirements of Indiana municipalities and counties to implement cybersecurity plans.
  • • IFA: Cybersecurity Training Workshops
    • Upcoming Events – Indiana Section American Water Works Association (inawwa.org)
  • American Water Works Association – Cybersecurity Guidance
  • Cyber Security 101 for Water Utilities
  • Water Information Sharing and Analysis Center (ISAC)
  • EPA – Water Sector Cybersecurity Brief
  • National Rural Water Association
  • Alliance of Indiana Rural Water > Resources > Templates & Tools > Cyber Security (inh2o.org)
  • Water and Wastewater Treatment Cybersecurity Plan Template
• Elections
  • Indiana Secretary of State - Indiana Election Division
  • Indiana Voter Portal - Election Security
  • A Handbook for Elections Infrastructure Security-Center for Internet Security (CIS)
  • The State and Local Election Cybersecurity Playbook - Harvard Kennedy School Belfer Center
  • Campaign Cybersecurity Playbook - Harvard Kennedy School Belfer Center
  • Election Cyber Incident Communications Coordination Guide – Harvard Belfer Center
  • Elections Security Checklist - National Association of Elections Officials Election Center 
  • Indiana Best Practices Manual for the Operation of Election Equipment - Voting System Technical Oversight Program at Ball State University
  • Glossary of Common Cybersecurity Terms – U.S. Election Assistance Commission
  • National Conference of State Legislatures Election Security: State Policies
• Education
  • NEW! Cybersecurity for Education Toolkit 2.0 - To help our K-12 school communities continue to be strong and protected while staying connected, the Indiana Executive Council on Cybersecurity (IECC), together with the Indiana Department of Education (DOE) and our federal partners at the Cybersecurity Infrastructure and Security Agency (CISA), recently launched this updated, FREE-to-download guide featuring a wide range of easy-to-understand cybersecurity resources, best practices and tips for everyone, including :
    • Students of all ages and their families
    • Teachers, staff, and administrators
    • Superintendents and school board members
    • Every person who lives in our school communities
      • The toolkit is created as a PDF that can easily be saved as a Word document that will enable you to cut and paste, copy and/or repurpose all of the articles, images and social media posts in the Toolkit 2.0, as needed. We encourage everyone to use these materials and share it with your colleagues at school and your students as a turnkey resource; saving you precious time as you focus on the rapidly challenges taking place in education.
  • Cybersecurity Infrastructure and Security Agency (CISA) K-12 School Security Guide
  • Stop. Think. Connect.
  • Center for Internet Security
• Business and Government
  • NEW! Got Privacy? Indiana Privacy Toolkit - FREE-TO-DOWNLOAD Resource Helps Organizations Gain a Better Understanding of Privacy

  The purpose of the Indiana Privacy Toolkit is to provide a practical, FREE-to-download resource intended to help organizations gain a better understand of how privacy “works” and why it’s important. It is meant to be a step-by-step guide, with information tailored to fit the needs of a variety of small businesses and not-for-profit organizations, as well as local government.

  • Compiled by the Indiana Executive Council on Cybersecurity's (IECC) Privacy Working Group, the information in the Toolkit is drawn from the Group's members' knowledge and expertise in privacy and cybersecurity as leaders from the public and private sectors.
  • Think of it as your own, in-house privacy handbook, from which you can rely on to help you navigate through the myriad of challenges related to technology and cyber threats.
  • Cyber Essentials Starter Kit
    Designed for those looking to become more cyber aware. A set of easy-to-adopt and understand, community-endorsed cybersecurity practices that together constitute the basics. They are CISA’s answer to the question we hear often from stakeholders,” Where do I start?
  • Small & Midsize Business (SMB) Cybersecurity Toolkit
  • U.S. Small Business Administration: Business Planning: Cybersecurity (SBA.gov)
  • Cybersecurity Guide to Planning & Evaluating Risks for Indiana Local Officials is designed to help local government officials and employees gain a better understanding for why cybersecurity is important, and it features an easy-to-understand and FREE-to-download guide for helping your staff, department or agency stay better protected when it comes to handling cyber threats.
• Healthcare
  • NEW! Healthcare Vendor Management Guidance
    • Created as a free resource for use by Indiana's healthcare organizations, the Vendor Management Guidance provides six key approaches, as well as some helpful federal resources, for managing the risks that can occur when using third party vendors and suppliers. Created by members of the Indiana Executive Council on Cybersecurity's (IECC) Healthcare Committee, the information shared in this newly released website page, is intended to help in making sure these risks are well understood and managed appropriately to ensure patient safety and information security.

  • Healthcare Cyber in a Box Toolkit 2.1
    • Updated with even more recommendations and best practices, Healthcare Cyber in a Box 2.1 provides organizations with three levels of expert guidance – basic, intermediate, and mature – involving 18 critical areas of cybersecurity – as a FREE to download resource for creating even more of the systems needed for keeping your operations secure while, at the same time, helping to protect your patients and preserving both their digital, as well as physical, well-being.
    • Healthcare & Public Health Sector Coordinating Councils - The Operational Continuity-Cyber Incident (OCCI) checklist is intended to provide a flexible template for operational staff and executive management to respond to and recover from an extended enterprise outage due to a serious cyber-attack.

  • “Cybersecurity for the Clinician” Video Series
    • Developed by the Health Sector Coordinating Council (HSCC), "Cybersecurity for the Clinician" is a FREE-to-download cybersecurity training video series that explains in easy, non-technical language the basics for how cyberattacks can affect clinical operations and patient safety, and how clinicians can do their part to help keep healthcare data, systems and patients safe from cyber threats without losing time away from patients.
      • Clinicians, students, professionals, and institutions with training programs may download the series on YouTube or in eLearning format at: https://www.healthsectorcouncil.org/cyberclinicianvideos/. For a preview, go to: https://youtu.be/awIJ8kSP-Ak.

  • CISA Healthcare Cybersecurity Toolkit - To help improve cybersecurity within the HPH sector, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and Health Sector Coordinating Council (HSCC) Cybersecurity Working Group are working together have developed a FREE Toolkit to deliver tools, resources, training, and information that can help organizations within this sector. Together, CISA brings technical expertise as the nation’s cyber defense agency, HHS offers extensive expertise in healthcare and public health, and the HSCC Cybersecurity Working Group offers the practical expertise of industry experts working cybersecurity issues in HPH every day.
• Not-for-Profit Organizations
  • NEW! Got Privacy? Indiana Privacy Toolkit - FREE-TO-DOWNLOAD Resource Helps Organizations Gain a Better Understanding of Privacy

  The purpose of the Indiana Privacy Toolkit is to provide a practical, FREE-to-download resource intended to help organizations gain a better understand of how privacy “works” and why it’s important. It is meant to be a step-by-step guide, with information tailored to fit the needs of a variety of small businesses and not-for-profit organizations, as well as local government.

  • Compiled by the Indiana Executive Council on Cybersecurity's (IECC) Privacy Working Group, the information in the Toolkit is drawn from the Group's members' knowledge and expertise in privacy and cybersecurity as leaders from the public and private sectors.
  • Think of it as your own, in-house privacy handbook, from which you can rely on to help you navigate through the myriad of challenges related to technology and cyber threats.