cyber-preparedness-resources

The Cyberpreparedness Unit logo

Explore our library of resources, links, and tools for helping mature every aspect of your organization's cyber resilience!

Quick Links

Cyber Threat Preparedness + Mitigation

Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities Catalog
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability (KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.

(back to top)

Education + Training

Custom Training from MDEM Available (click to request)
The CPU's State and Local Cyber Preparedness Programs can provide guidance on how to fold a Cyber Specific Annex into your entity's Emergency Operations Plan; and provide an overview of cyber preparedness, network mapping, Mission Essential Functions (MEFS) and Primary Mission Essential Functions (PMEFS), the flow of cyber attacks, cyber-incident response, and cyber response considerations during cyber disruption planning, etc.

Cybersecurity and Infrastructure Security Agency Web-Based CISA Training
The CISA website provides training programs in online, independent, and/or instructor-led formats.

The Maryland Information Sharing and Analysis Center (MD-ISAC)
Housed within the Office of Security Management at the Maryland Department of Information Technology, it is a resource similar to the MS-ISAC, but it is specific to Maryland and is a platform where Maryland governments can share threat information and stay ahead of cyber criminals.

National Initiative for Cybersecurity Careers and Studies (NICCS) Education and Training Catalog
This webpage provides cybersecurity education and training information by topic including: the Federal Virtual Training Environment (FedVTE) and cybersecurity training for students, veterans, and teachers.

FedVTE Incident Response and Awareness Training
FedVTE provides free of charge training on cybersecurity basics, cyber risk management, ransomware attacks, etc.

Texas A&M Engineering Extension Service (TEEX)
An internationally recognized leader in emergency response training, workforce training and technical assistance. TEEX also hosts the National Cybersecurity Preparedness Consortium- Web which is a list of cyber preparedness training. The consortium sits within the Cyber Readiness Center which is a premier provider of cybersecurity training and technical assistance services.

(back to top)

Exercises

Custom Exercises from MDEM Available (click to request)
The CPU State and Local Cyber Preparedness Programs can provide assistance testing your entity's cyber plans and response capabilities by engaging your team members in a hypothetical incident response. Exercises are tailored to fit the needs of your entity.

(back to top)

Legal + Regulatory Resources

Maryland Local Cybersecurity Support Act of 2022
Synopsis: Establishing the Cyber Preparedness Unit in the Maryland Department of Emergency Management; establishing certain responsibilities of the Unit; requiring local governments to report certain cybersecurity incidents in a certain manner and under certain circumstances; requiring the State Security Operations Center to notify appropriate agencies of a cybersecurity incident in a certain manner; establishing the Office of Security Management within the Department of Information Technology and certain Office positions; etc.

Modernize Maryland Act of 2022
Synopsis: Requires a public or private water or sewer system that serves 10,000 or more users and receives financial assistance from the State to, on or before a certain date, assess its vulnerability to a cyber attack, develop a cybersecurity plan if appropriate, and submit a certain report to the General Assembly; authorizing the Maryland Water Quality Financing Administration to provide financial assistance to a public water or wastewater system to assess system cybersecurity vulnerabilities and develop a cybersecurity plan; etc.

National Cybersecurity Strategy
Read the National Cybersecurity Strategy created by the Biden-Harris administration in March 2023.

Privacy Impact Assessment (PIA)
When managing data breaches it's important to consider how your breach may affect others. The PIA is a tool that can assist governments in their strategic privacy practices including investigating compromise and notify affected parties.

State Government - Cybersecurity - Coordination and State Government (SB 812)
Synopsis: Establishes the Office of Security Management within the Department of Information Technology; establishing the Maryland Cybersecurity Coordinating Council; requiring certain IT units to certify compliance with certain cybersecurity standards; requiring each unit of the Executive Branch of State government and certain local entities to report certain cybersecurity incidents in a certain manner; requiring the Department of General Services to establish certain basic security requirements in be included in certain contracts; etc.

(back to top)

Planning Resources

Cyber Annex Checklist
The primary purpose of a Cybersecurity Annex is to establish a standardized, flexible, and scalable foundation to prepare for, and respond to a cyber threat or attack. The identified tasks within this hazard sheet are meant to be a starting point to help you create a cyber annex to existing plans.

Volunteer Intake Form
A usable, downloadable PDF template designed by MDEM.

FEMA Incident Command System Forms
This resource contains links to fillable and printable Incident Command System (ICS) forms, as well as the forms' instructional booklet.

(back to top)

All-Purpose Cyber Resources + Guidance

Cybersecurity and Infrastructure Security Agency (CISA) Cyber Resources
The Cybersecurity and Infrastructure Security Agency offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework.

CISA News Alerts
Click to sign up for news, updates, and alerts from CISA.

Dept. of Education Protecting Student Privacy (K-12 Institutions)
The Department of Education provides guidance and best practice for the K-12 community to use to enhance the security of their information systems.

Federal Student Aid (FSA) Office Cybersecurity Page
The FSA has compiled cybersecurity guidance and compliance information for higher education institutions.

(back to top)

After Action Reporting + Lessons Learned

Coming soon!

(back to top)

Agencies + Organizations

Cybersecurity and Infrastructure Security Agency (CISA) Topics
CISA is the United States Cyber Defense Agency. They lead the national effort to understand, manage, and reduce risk to our critical infrastructure.

Federal Emergency Management Agency (FEMA)
FEMA supports citizens and emergency personnel to build, sustain, and improve the nation's capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA oversees federal grant programs, such as the SLCGP, that help State's strengthen their cybersecurity posture. The agency also provides training opportunities on a variety of preparedness topics through their website: Ready.gov. To find their information on cybersecurity preparedness, click here.

Maryland Department of Emergency Management (MDEM)
MDEM is a national leader in emergency management that provides Maryland residents, organizations, and emergency management partners with expert information, programmatic activities, and leadership in the delivery of financial, technical and physical resources “to shape a resilient Maryland where communities thrive.” We do this by being Maryland's designated source of official risk reduction and consequence management information.

The Cyber Preparedness Unit sits under the MDEM Preparedness Branch within the Consequence Management Directorate. The Preparedness Branch produces consequence management plans and involves stakeholders in emergency management planning efforts, develops and conducts training programs and exercises for state, local, federal, and private sector partners, and incorporates the State of Maryland’s federally-mandated Radiological Emergency Preparedness Program.

Maryland Department of Information Technology (DoIT)
The Department of Information Technology was created by 2008 legislation in an effort to consolidate state agency information technology functions and policies into one department; elevating the department to one that reports directly to the Governor.

DoITs mission is to provide vital technology solutions that allow the Executive Branch, State Agencies, and Coordinating Offices to provide Marylanders with services that enable them to live and work more safely, efficiently and productively.

Maryland Department of Commerce
The state's primary economic development agency, that stimulates private investment and create jobs by attracting new businesses, encouraging the expansion and retention of existing companies, and providing workforce training and financial assistance to Maryland companies.

The Department also promotes the state's many economic advantages and markets local products and services at home and abroad to spur economic development and international investment, trade and tourism.

(back to top)

DoIT COE Templates (click to request)
Request templates managed and created by the Maryland Department of Information Technology for Cyber Threat Mitigation and Preparedness.