DNS Filtering with Cisco Umbrella

OPLIN provides a subscription to Cisco Umbrella for every Ohio public library. Cisco Umbrella filters content by passing DNS requests through their managed DNS servers. Configuring Cisco Umbrella as your library's public DNS servers improves security by filtering malicious domains. Learn how to get started (https://www.oplin.ohio.gov/opendns).

Vulnerability Notification:

CISA Cyber Hygiene Vulnerability Scanning

OPLIN Participates in CISA's Cyber Hygiene vulnerability scans for OPLIN IP addresses. OPLIN will periodically send you the vulnerability report for your library's IP addresses. To update who receives the report, or for methodology details, please email security@oplin.ohio.gov.

MS-ISAC

The Multi-State Information Sharing & Analysis Center provides pro-active security advisories and other services for State and Local Government agencies, including incident response, weekly reports of malicious domains/IPs, tapletop exercses, education materials, webinars from other state agencies, and more.

OPLIN Port Scanning Service

On request, OPLIN can perform a port scan of your library's public IP addresses, and provide you with a report of the results. Get in touch with OPLIN at support@oplin.ohio.gov to discuss your project, needs and goals.

Best Practices:

CIS Security

The Center for Internet Security publishes a list of 18 controls, a set of best practices for managing organizational security practices. The CIS Controls comply with the NIST Cybersecurity Framework. The CIS Controls are an excellent place to start when designing security procedures or policy for your organization. A CIS SecureSuite membership is free to State and Local Government agencies who sign up for MS-ISAC. Resources include secure configuration benchmarks and hardened system images.

NCCoE: Protecting Data from Ransomware

The National Cybersecurity Center of Excellence and NIST collaborated on this brief, essential guide for IT and managed service providers to ensure adequate backup planning and solutions are in place to protect an organization's critical data from loss and destruction. "Protecting Data from Ransomware and Other Data Loss Events: A Guide for Managed Service Providers to Conduct, Maintain, and Test Backup Files."

CISA Ransomware Guide

The Cybersecurity & Infrastructure Security Agency and MS-ISAC publish a joint Ransomware Guide, a "one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack." Review and implement best practices for preventing a ransomware attack, and a detailed guide of how to respond to an active ransomware incident. The guide includes federal response contacts, free services provided by CISA, and links to best practices for securing common business-critical infrastructure.

CISA Cyber Essentials

The Cybersecurity & Infrastructure Security Agency is a federal entity that provides free resources to support cybersecurity in all government entities. CISA's Cyber Essentials framework is an accessible toolkit of best practices for small businesses and local government to help guide procedure and policy. CISA offers many services, including risk assessment, penetration testing, web application scanning, cyber infrastructure survey, and more.

NIST Cybersecurity Framework

The National Institute for Standards and Technology's Cybersecurity Framework is a comprehensive set of guidelines to help organizations manage the security of information, assets, and resources. The NIST cybersecurity framework provides guidance to help identify, protect, detect, respond, and recover from security threats. The NIST framework is broadly recognized as industry best practice. https://csrc.nist.gov/Projects/cybersecurity-framework/nist-cybersecuri…

Education:

TechCred

Ohio's TechCred program reimburses employers for the cost of technical training leading to certification for current and prospective employees. A broad range of technical training is eligible, and the application process is open frequently.

NIST NICE

The National Initiative for Cybersecurity Education maintains a list of free and low-cost resources for online cybersecurity training.

OCRI

The Ohio Cyber Range Institute is a partnership between higher education and state government to improve the cybersecurity awareness and education of Ohio's citizens and organizations. Part of the Ohio Cyber Collaboration Committee, the OCRI is available to libraries to host classes on the range's virtual environment. Sign up to gain access to detailed information.

FedVTE

Online, on-demand cybersecurity training program, free to employees of state and local government. Cybersecurity courses are organized according to the NICCS Cyber SEcurity Workforce Framework, and range from beginning to advanced.