Cyber Security Higher Education in VirginiaSee the Offerings

Learn More Cyber Security Town Hall Meeting
Falmouth, Virginia
Wednesday, February 24, 2016

Governor McAuliffe Announces “NSA Day of Cyber” School Challenge in Virginia

Governor Terry McAuliffe announced the launch of Virginia’s “NSA Day of Cyber” School Challenge. The challenge begins October 28, 2016, as Cybersecurity Awareness Month in October concludes, and will run through the end of March 2017.

Participating students will take part in rigorous, real-life virtual cyber scenarios, discover the skills and tools used by NSA cyber professionals, and explore the vast number of careers in cybersecurity.

Learn more Governor's News Release

Cyber Initiatives Included in the 2017-18 Budget Bill

Cyber Security is one of Governor McAuliffe’s top priorities and a key component of the New Virginia Economy. In order for Virginia to continue leading in this rapidly evolving space, we need to develop a sustainable talent pipeline capable of providing skilled, industry ready workers to meet this increasing demand. A recent report by the Business Higher Education Forum indicates that Virginia has the second highest concentration of cyber job postings behind California. Within the DC, Maryland, Virginia region, there were over 33,000 cyber security openings - over 17,000 in Virginia alone. Through the work of the Virginia Cyber Commission, a holistic, education-centric approach to advancing cyber in the Commonwealth has been developed and included in the Governor's introduced budget.

  • Increased number of Cyber Centers of Excellence: Provides resources to expand the number of Virginia Community Colleges and Public Universities certified as NSA Centers of Excellence for Cyber Security Education, thereby increasing marketability and opportunity for Virginia students.
  • Virginia Scholarship for Service Program: Creates competitive scholarship program to offer tuition relief for up to two years of education in a cyber-related field in return for service as a cyber-professional for a Commonwealth Entity. Eligible students will be enrolled in a Virginian Cyber Center of Excellence
  • Veterans Pathway Program in Cyber Security (GMU): Supports student success through expanding a program that allows veterans who complete an Associate’s Degree at a Virginia community college to transfer (Through guaranteed admissions) to GMU and earn a B.A.S in Cyber Security
  • Virginia Cyber Range: Provides seed-funding for a Commonwealth wide virtual Cyber Range (platform) for students in Virginia high schools, community colleges, and colleges and university to apply and test their learned abilities. Initial governance for the range will consist of representatives from Virginia’s Cyber Centers of Excellence
  • IT Security Service Center (VITA): Supports the cyber security needs of participating Virginia state agencies including but not limited to, vulnerability scans, information technology security audits, and Information Security Officer (ISO) services.
  • Information Sharing and Analysis Organization: Establishes Mid-Atlantic Information Sharing and Analysis Organization (ISAO) to provide Virginia with a platform and forum for cross- industry cyber threat information sharing between companies, government (all levels), and universities.
  • Virginia Fusion Center: Expand cyber capabilities of the Virginia Fusion Center to address cyber threats affecting the safety and security of the public (4 positions)
  • High Tech Crimes Division of Virginia State Police: Provides 10 additional positions to High Tech Crimes Division of Virginia State Police to provide investigatory and forensic services to address all types of cyber-crime.

UVA Computer Scientists Win $1 Millon in National Cyber Security Challenge

For nearly three hours Thursday night, cyber attacks shot like precision-guided missiles into software built by a team of computer scientists from the University of Virginia and GrammaTech, an Ithaca, NY-based cybersecurity firm.

Over and over, the computerized attackers scoured for vulnerabilities during a first-of-its-kind Cyber Grand Challenge competition, hosted by the Defense Advanced Research Projects Agency. And over and over, UVA’s and GrammaTech’s automated system, called Xandra, detected and closed security holes, even earning a cheer from the watching crowd when it found one security problem that DARPA programmers didn’t even know existed.

See Full Article

National Governors Association (NGA) Cyber Policy Academy

The NGA Cyber Policy Academy will allow five states — Connecticut, Illinois, Louisiana, Nevada, Oregon— to collaborate and create comprehensive strategies to combat the ever-growing threat of cyber-attacks and better prepare to respond when these attacks occur. The Academy will be led by the Resource Center Co-Chairs—Governor Terry McAuliffe of Virginia and Governor Rick Snyder of Michigan—as well as partners from the private sector, academia, research institutions, and federal agencies. The consequences of cyber threats are far-reaching and complex. This Academy will assist in education, prevention and response to these threats across multiple relevant fields from technology personnel to law enforcement.

Virginia Tech awarded $20 million grant for cyber workforce development

U.S. Sens. Mark Warner (D-VA) and Tim Kaine (D-VA) announced on Thursday that Virginia Tech will receive $19,420,000 from the National Science Foundation (NSF) to help increase cyber workforce development and encourage scientific partnerships to deliver innovation in the field.

“Investment in a capable and diverse cyber workforce is critical to how we respond to the opportunities and challenges provided by emerging technologies,” Warner said. “This award will help Virginia Tech — one of the top research institutions in the country — to attract the best and brightest young minds into careers in computational molecular science and cyber technology, and allow Virginia to continue to establish a leadership role in the cyber field.”

See Full Press Release

National Centers of Academic Excellence

Governor McAuliffe Announces Tidewater Community College’s designation as a National Center of Excellence in Cyber Defense

See Full Press Release

NSA and the Department of Homeland Security (DHS) jointly sponsor the National Centers of Academic Excellence in IA/CD programs. The goal of these programs is to reduce vulnerability in our national information infrastructure by promoting higher education and research in IA/CD and producing a growing number of professionals with IA/CD expertise in various disciplines. Designation is valid for five academic years, after which the school must successfully reapply in order to retain its CAE designation.

Students attending CAE IA/CD-E and CAE IA/CD-R schools are eligible to apply for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the Federal Cyber Service Scholarship for Service Program. Designation as a Center does not carry a commitment for funding from NSA or DHS.

CAE IA/CD institutions receive formal recognition from the U.S. Government as well as opportunities for prestige and publicity for their role in securing our Nation's information systems.

View all CAE schools in Virginia

Governor McAuliffe Leads Marketing Mission and Attends RSA Cyber Conference 2016 in San Francisco
March 2, 2016

Governor Terry McAuliffe and officials from his administration embarked on a marketing mission to San Francisco to attend RSA Conference 2016, the largest information and cyber security conference in the world. The Governor and the Virginia delegation conducted over 30 economic development meetings in an effort to bring new jobs and economic activity back to the Commonwealth.

Cyber Virginia and the VA Cyber Security Commission

On February 25, 2014 Governor McAuliffe signed Executive Order Number 8: Creating Cyber Virginia and the VA Cyber Security Commission.

Governor McAuliffe Announces Expansion of Cybersecurity Apprenticeships
June 24, 2016

“Having competency-based registered apprenticeships provides Virginia with yet another tool to leverage as we work to strengthen our pipeline of high-quality, industry-ready cybersecurity professionals,” said Secretary of Technology Karen Jackson. "Introducing registered apprenticeship occupations in an industry sector like cybersecurity that has not traditionally employed apprentices will boost the ability of young adults and career switchers to attain in-demand skills and even earn industry certifications and college credits while simultaneously working full time and earning wages.

Full article

"The Commonwealth is resolute in its dedication to garnering the expertise of leaders in cyber security in order to mitigate risks and safeguard the highest level of security for government infrastructure networks, foster cyber security education and awareness, incorporate innovative and best practices to protect data statewide, bolster business investment with public-private partnerships, and proactively enhance its national standing as one of the preeminent leaders in the cyber security arena."

Cyber Security Commission Report 2015

Final Cyber Security Commission

The Cyber Commission concluded on March, 29 2016. Following the final commission meeting, members met with Governor McAuliffe to further discuss the Commission’s accomplishments and future direction of the Commonwealth to ensure we remain the nation’s leader in cyber efforts. 

Cyber Security Best Practice - Tip of the Moment!

View all tips

Attacks & Threats
Malware
Once you know that your machine is infected with a Trojan Horse or virus (or if your machine is exhibiting unexpected behavior and you suspect that something is wrong), what can you do? This paper includes steps that may help save your computer and files.
Security & Privacy
Mobile Devices
This article gives several tips and tricks brainstormed by the best and brightest across the world to help protect your phone while in use.
Security & Privacy
Mobile Devices
This article gives several tips and tricks brainstormed by the best and brightest across the world to help protect your phone while in use.
General Information
General Safety
This article provides information on the specific type of malware called, "Ransomware" and gives information on how this type of virus works, how most users end up getting it, and what to look out for when browsing the internet.
Reports & Guidance
Control Systems
This resource provides guidance on the analysis of methodologies for evaluating security risks associated with modems and their use in an organization and for creating a defense-in-depth architecture that protects the system components that use modems for connectivity.
Reports & Guidance
Patch Management
Patches are important to resolve security vulnerabilities and functional issues. This resource recommends patch management practices for consideration and deployment by industrial control systems asset owners.
Reports & Guidance
Cross-Site Scripting
This resource is intended to support and encourage the application of best practices for control systems security and describes the details of an information security attack known as cross-site scripting which could be used against control systems.
Reports & Guidance
Firewalls
This document addresses the need for guidance in creating such firewalls. There are a significant number of different solutions used by the industry and the security effectiveness of these can vary widely. In general, architectures that allow the establishment of a Demilitarized Zone (DMZ) between the enterprise network and SCADA/PCN network will provide the most effective security solution.
Reports & Guidance
Incident Response
This resource presents recommendations to help those facilities that use control systems better prepare for and respond to a cyber incident regardless of source, suggests ways to learn from incidents and to strengthen the system against potential attacks.
Businesses
Security
This resource provides 10 practical lessons businesses can learn from the FTC's 50+ data security settlements.
Reports & Guidance
Control Systems
This resource provides insight into some of the more prominent cyber risk issues, provides commentary on how mitigation strategies can be developed for specific problems and provides direction on how to create a defense-in-depth security program for control system environments.
Security & Privacy
Security
The Traffic Light Protocol (TLP) is a set of designations used to ensure that sensitive information is shared with the correct audience. It employs four colors to indicate different degrees of sensitivity and the corresponding sharing considerations to be applied by the recipient(s).
Security & Privacy
Security
In this resource, US-CERT recommends that organizations routinely evaluate how to integrate best practices into their current environments to achieve these objectives.
Email & Online Communications
Social Networking
Although copyright may seem to be a purely legal issue using unauthorized files could have security implications. This resource will help you minimize the risks to your computer, make sure you have permission to use any copyrighted information and only download authorized files.
General Information
General Safety
This resource notes ten important things you can do to make your home computer more secure. While no individual step will completely eliminate your risk, these practices will make your home computer’s defense strong and minimize the threat of malicious activity.
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Cyber Security Resource Web Sites
Website
Businesses
Encryption
This resource provides recommendations that you can use to facilitate more efficient and effective storage encryption solutions, design, implementation and management for Federal departments and agencies.
Businesses
Security
This Interagency Report (IR) will assist small business management to understand how to provide basic security for their information systems and networks.
Reports & Guidance
Advanced Security
This resource provides IPv6 tips to assist network defenders with the security implications of IPv6 deployment.
Reports & Guidance
Advanced Security
This resource provides concrete guidance about using open source tools and techniques to independently identify common SQL injection vulnerabilities mimicking the approaches of attackers at large. The paper also highlights testing tools and illustrates the critical results of testing.
Reports & Guidance
Advanced Security
This resource provides background about SQL injection, helps users understand more about detection and provides guidance about best practices to minimize the risks associated with this attack vector.
Businesses
Security
This resource contains information to help your organization detect and deter malicious insider activity.
Businesses
Security
In this resource, US-CERT recommends that organizations routinely evaluate how to integrate best practices into their current environments to achieve these objectives.
Businesses
Security
This resource provides basic guidelines and security safeguard concepts that can be applied to public facing websites to reduce the attack surface area or mitigate the effects of a compromise.
Businesses
Malware
This advisory provides additional information about the campaign as well as recommendations to stakeholders in the hospitality sector to both better secure publicly available computers and advise end users of the risk they accept when accessing these machines.
Businesses
Malware
NCCIC, USSS, and third-party partners have issued an advisory regarding a Point-of-Sale malware dubbed "Backoff" which has been discovered exploiting businesses' administrator accounts remotely and exfiltrating consumer payment data.
Businesses
Security
This resource addresses the top five questions every Chief Executive Officer should be asking when managing cyber risk at their company.
Businesses
Cloud Computing
This resource (1) describes the risks you should understand and look for when partnering with cloud providers and (2) describes actions you can take to mitigate these risks.
Businesses
Security
These web pages in this resource provides insight on how to manage security at the enterprise level.
Businesses
Security
This resource examines data with respect security management challenges . It also highlights consequences, negative impacts and ramifications due to data compromise and discusses effective security management approaches and strategies to address the issues and to mitigate risks.
Businesses
Security
This resource is a tool that can be used to create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.
Businesses
Social Networking
The Social Media Cyber-Vandalism Toolkit: Readiness Recovery Response provides guidance and security practices to small businesses using these tools in their online operations.
Businesses
Security
This resource provides the top tools and resources for small business owners.
Businesses
Security
This resource provides the top ten cybersecurity user tips.
Businesses
Security
Theft of digital information has become the most commonly reported fraud surpassing physical theft. This resource addresses businesses' responsibility for ensuring their own cybersecurity, creating a culture of security that will enhance business and consumer confidence.
Businesses
Security
Does your company use personal information? Don't collect more than you need and only hold it as long as you have a business need for it. This resource contains the first lesson in the Start with Security series.
Businesses
Security
This resource, NISTIR 7621, is intended to help small businesses and small organizations implement the fundamental components of an effective information security program.
Businesses
Identity Theft
This resource addresses the Red Flags Rule which requires many businesses and organizations to implement a written identity theft prevention program designed to detect signs of identity theft in their day-to-day operations take steps to prevent the crime and mitigate its damage.
Businesses
Identity Theft
This resource provides practical tips for businesses on creating and implementing a plan for safeguarding personal information.
Businesses
Social Networking
Most businesses collect and store sensitive information about their employees and customers. This resource addresses the use of Peer-to-Peer (P2P) file sharing software in your business, the security implications you should consider and how to minimize the risks associated with it.
Businesses
Identity Theft
These days it is almost impossible to be in business and not have personally identifying information about your customers or employees. This resource helps you prevent having this information fall into the wrong hands which could put them at risk for identity theft.
Businesses
Children's Safety
This resource provides a step-by-step plan for determining if your company is covered by the Children's Online Privacy Protection Rule (COPPA) and how to comply with the rule.
Businesses
Security
This resource provides 10 practical lessons businesses can learn from the FTC's 50+ data security settlements.
Email & Online Communications
Digital Signatures
Digital signatures are a way to verify that an email message is really from the person who supposedly sent it and that it hasn't been changed. This resource will help you to understand this security feature.
Email & Online Communications
Using Email
This resource advises how to protect yourself from email scams by understanding what they are, what they look like, how they work and what you can do to avoid them.
Email & Online Communications
Using Email
When you get a flood of messages from friends and family or they are getting emails from you with seemingly random links or messages with urgent pleas to wire you money, your email or social media account might have been taken over. This resource will help you regain control.
Email & Online Communications
Using Email
Although in many situations it may be appropriate to list email recipients in the To: or CC: fields sometimes using the BCC: field may be the most desirable option. This resource addresses the benefits of using BCC:.
Email & Online Communications
Using Email
Email attachments are a popular and convenient way to send documents, but they are also a common source of viruses. This resource will show you how to use caution when opening attachments, even if they appear to have been sent by someone you know.
Email & Online Communications
Using Email
Although free email services are convenient for sending personal correspondence, this resource addresses how you should not use them to send messages containing sensitive information.
Email & Online Communications
Using Email
The main difference between email clients is the user interface. Regardless of which software you decide to use, you should always follow good security practices when reading or sending email. This resource will help you to better understand these security practices.
Email & Online Communications
Social Networking
Reinforcing the fact that the Internet is a public domain, this resource helps you to avoid putting anything online that you don't want the public to see or that you may want to eventually retract.
Email & Online Communications
Social Networking
Although they offer a convenient way to communicate with other people, there are dangers associated with tools that allow real-time communication. This resource will help you to better understand how to use these tools safely.
Email & Online Communications
Social Networking
Social networking is a way for people to connect and share information with each other online using mobile devices, applications and websites. This resource will help you to safely connect with the millions of people worldwide who regularly access these types of services.
Email & Online Communications
Social Networking
The popularity of social networking sites continues to increase especially among teenagers and young adults. This resource focuses on how the nature of these sites introduces security risks and how you should take certain precautions to protect yourself.
Reports & Guidance
Security
The monthly intelligence report provides the latest analysis of cyber security threats trends and insights from the Symantec intelligence team concerning malware spam and other potentially harmful business risks.
Reports & Guidance
Malware
This resource provides insight into Ransomware, a category of malicious software which, when run, disables the functionality of a computer in some way and displays a message that demands payment to restore functionality.
Reports & Guidance
Malware
This resource provides information about the Crisis malware, which is an advanced malware that runs on both Windows and Mac computers, has information-stealing functionality and has the ability to record both audio and visual information from the computers microphone and webcam.
Reports & Guidance
Malware
Madware and malware are two types of Android security risks that have had a consistent presence over the past few years and have been found in apps hosted both on Google Play and on third-party app stores. This resource will help you to understand and avoid these risks.
Reports & Guidance
Malware
This resource examines eight of the most common and sophisticated financial Trojans in circulation in 2013.
Reports & Guidance
Malware
Point-of-sale malware is now one of the biggest sources of stolen payment cards for cybercriminals. This resource shows how attackers have honed their methods, paving the way for the mega-breaches of 2013 and 2014 which compromised approximately 100 million payment cards in the US.
Reports & Guidance
Malware
This resource addresses distributed denial-of-service (DDoS) attacks - attempts to deny a service to legitimate users by overwhelming the target with activity.
Reports & Guidance
Malware
This resource takes a look at how ransomware works, not just from a technological point of view but also from a psychological viewpoint. It also looks at how these threats evolved, what factors make ransomware a major problem and where ransomware is likely to surface next.
Reports & Guidance
Identity Theft
This resource provides tips for organizations under FTC jurisdiction to determine whether they need to design an identity theft prevention program.
Reports & Guidance
Privacy
This resource focuses on the Safeguards Rule which requires financial institutions to secure customer records and information. The law defines financial institution broadly to cover many businesses who might not describe themselves that way,
Reports & Guidance
Privacy
Under the Safeguards Rule financial institutions must protect the consumer information they collect. This resource will help you determine if your business is a financial institution under the Rule and, if so, how to take the necessary steps to be in compliance.
Reports & Guidance
Security
Any company or organization that collects personal information from customers or employees needs a security plan. This resource will help you learn about designing and implementing a plan tailor-made to your business.
Reports & Guidance
Security
Do the settings on your servers open your system to misuse? This resource provides a few quick easy and no- or low-cost steps that can protect your computer systems from misuse and/or an influx of spam.
Reports & Guidance
Privacy
This resource provides practical tips for businesses on creating and implementing a plan for safeguarding personal information.
Reports & Guidance
Security
Most businesses collect and store sensitive information about their employees and customers. This resource addresses the use of Peer-to-Peer (P2P) file sharing software in your business, the security implications you should consider and how to minimize the risks associated with it.
Reports & Guidance
Identity Theft
These days it is almost impossible to be in business and not have personally identifying information about your customers or employees. This resource helps you prevent having this information fall into the wrong hands which could put them at risk for identity theft.
Reports & Guidance
Children's Safety
This resource provides a step-by-step plan for determining if your company is covered by the Children's Online Privacy Protection Rule (COPPA) and how to comply with the rule.
Reports & Guidance
Security
This resource provides advice for businesses about building security into products connected to the Internet of Things, including proper authentication, reasonable security measures and carefully considered default settings.
Reports & Guidance
Security
This resource provides 10 practical lessons businesses can learn from the FTC's 50+ data security settlements.
Reports & Guidance
Privacy
Under the FTC's Health Breach Notification Rule companies that have had a security breach must: 1. Notify everyone whose information was breached; 2. In many cases notify the media; and 3. Notify the FTC.
Reports & Guidance
Privacy
This resource provides guidance for businesses for complying with the FTC's Health Breach Notification Rule, detailing who's covered by the rule and what companies must do if they experience a breach of personal health records.
Internet Crime
Money Mule Schemes
This resource describes the typical process used to commit a scheme that meets the needs of criminals who want to transport or launder stolen money as well as the consequences for mules and victims as a result of these schemes and includes advice to avoid becoming a mule or a victim.
Internet Crime
Money Transfer Scams
Wiring money is like sending cash. Once it's gone you can't get it back and it's nearly impossible to reverse the transfer, trace the money or track the recipients. This resource addresses why scammers often insist that people wire money.
Internet Crime
Dating Fraud
Millions of people use dating sites, social networking sites and chat rooms to meet people. And many forge successful relationships. But scammers also use these sites to meet potential victims. This resource addresses ways you can protect yourself from these types of scams.
Internet Crime
Medical Scams
This resource focuses on how to protect yourself against Miracle Cure scams, products that claim to cure all kinds of serious health conditions usually don't work and could be dangerous.
Internet Crime
Real Estate Scams
This resource takes a look at bogus apartment rental scams, and provides guidance on how you can avoid becoming a victim of this new trend in online shopping scams.
Internet Crime
Mystery Shopping Scams
There are plenty of legitimate mystery shopping opportunities out there, but legitimate companies won’t ask you to pay an application fee, nor will they ask you to deposit a check and wire money to someone else. This resource shows you how to protect yourself from these scams.
Internet Crime
Imposter Scams
This resource shows you how to protect yourself from Imposter Scams, where scammers may pose as people you know and trust and then make desperate appeals for cash to deal with an emergency.
Internet Crime
Weight Loss Scams
Wouldn't it be nice if you could lose weight simply by taking a pill wearing a patch or rubbing on a cream? Unfortunately, claims like that are almost always false and this resource will help you to better understand to spot these scams.
Internet Crime
Tech Support Scams
This resource provides guidance on what to do when you see an offer for a free security scan, especially when faced with a pop-up an email or an ad that claims malicious software has already been found on your machine.
Internet Crime
Tech Support Scams
In a recent twist scam artists are using the phone to try to break into your computer. They call claiming to be computer techs associated with well-known companies like Microsoft. This resource will help you to recognize and protect yourself from this scam.
Internet Crime
Spam
Spam is a common and often frustrating side effect to having an email account. Although you will probably not be able to eliminate it, this resource will show you ways to reduce it.
Internet Crime
Phishing/Spoofing
In a social engineering attack a hacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. This resource examines this trend, showing how hackers execute this attack.
Internet Crime
Phishing/Spoofing
When internet fraudsters impersonate a business to trick you into giving out your personal information it's called phishing. This resource shows what to look for when you receive an email, text or pop-up messages that asks for your personal or financial information.
Internet Crime
Phishing/Spoofing
This resource addresses social engineering and phishing attacks, providing guidance on how to protect your sensitive information from people who should not have access to that information.
Internet Crime
Investment Fraud
Investment opportunities that claim to be low risk and high reward almost always are frauds. This resource shows you how to protect yourself from becoming a victim of one of these scams.
Internet Crime
Investment Fraud
This resource focuses on investment schemes, helping you to protect yourself from investment pitches that insist you act now, guarantees big profits, promises little or no financial risk or that demand you send cash immediately.
Internet Crime
Investment Fraud
Online trading can be an easy cost-effective way to manage investments. However online investors are often targets of scams. This resource shows you how to take precautions to ensure that you do not become a victim.
Internet Crime
Identity Theft
Identity theft protection services can help you monitor your accounts, place fraud alerts or freezes on your credit reports or remove your name from marketing mailing lists. This resource provides guidance on what you need to know before you sign up for one.
Internet Crime
Identity Theft
Identity theft, or identity fraud, is a crime that can have substantial financial and emotional consequences. This resource shows you how to take precautions with your personal information; and if you become a victim, how to act immediately to minimize the damage.
Internet Crime
Identity Theft
This resource focuses on protecting your personal information in an effort to reduce your risk of identity theft, and the four main ways to do it: knowing your audience; securely storing and disposing information; asking questions; and maintaining digital security.
Internet Crime
Identity Theft
This resource is a robust set of proactive and reactive rules to fraud-proof and protect your good name. The “21 Rules You Must Use” are the most important things you need to do now and on an ongoing basis to prevent identity theft.
Internet Crime
Employment/Business Opportunities
If you're considering a work-at-home opportunity ask questions and do some research before committing yourself or any money to the "opportunity". This resource will help you to better understand these scams and how to avoid them.
Internet Crime
Debt Elimination
You should be very skeptical about broad claims to wipe out your debt; debt negotiation can be risky and it can have a serious long-term effect on your ability to get credit. This resource addresses the scams that surround this service.
Internet Crime
Credit Card Fraud
This resource examines pay-in-advance credit offers, offers where you are asked to pay money in exchange for a guaranteed line of credit, and provides guidance on how to protect yourself from being a victim of this scheme.
Internet Crime
Check Fraud
This resource addresses fake check scams, depositing a check from a stranger and then wiring money back to them, and the consequences of being involved in them.
Internet Crime
General
As Americans become more reliant on modern technology we also become more vulnerable to cyberattacks. This resource addresses developing and utilizing the cybersecurity and law enforcement capabilities that are critical to safeguarding and securing cyberspace.
Internet Crime
General
Crooks use clever schemes to defraud millions of people around the globe every year. They often combine sophisticated technology with age-old tricks to get people to send money or give out personal information. Use this resource to help you avoid common scams.
Operating Systems & Software
File Sharing Technology
To share files, like games and music, through a peer-to-peer (P2P) network, you download software that connects your computer to other computers running the same software – sometimes giving access to millions of computers at a time. This resource addresses the risks associated with this software.
Security & Privacy
Wireless Networks
Wi-Fi hotspots in coffee shops libraries airports hotels universities and other public places are convenient but often they're not secure. If you connect to a Wi-Fi network and send information through websites or mobile apps it might be accessed by someone else. This resource shows how to protect yourself.
Security & Privacy
Wireless Networks
Today’s home network may include a wide range of wireless devices, from computers and phones, to IP Cameras, smart TVs and connected appliances. This resource shows you how to take basic steps to secure your home network, which will help protect your devices – and your information – from compromise.
Security & Privacy
Browsing
A cookie is information saved by your web browser the software program you use to visit the web. This resource shows how they can be used by companies to track your behavior across sites as well as to customize your browsing experience or to deliver ads targeted to you.
Security & Privacy
Mobile Devices
When you're thinking of upgrading to a new mobile phone or device, or returning one that didn't work out for you, it's important to delete any personal information you stored on the device. This resource focuses on how this practice will protect your from cyber threats.
Security & Privacy
Mobile Devices
Text message spam is to your cell phone what email spam is to your personal computer, and both may try to get you to reveal personal information. This resource focuses on how you can protect yourself from this risk.
Security & Privacy
Children’s Safety
Virtual worlds are computer-simulated online places where people use avatars (graphic characters) to represent themselves. While many virtual worlds say they're for adults only and try to verify that visitors are over 18 , this resource will help you to be aware of the risks involved.
Security & Privacy
Children’s Safety
Tweens (kids ages 8 to 12) begin exploring more on their own. They need to feel independent but not alone. It's important to be with them or at least nearby when they're online. Consider keeping the computer in an area where the child has access to you or another adult.
Security & Privacy
Children’s Safety
Teens form their own values, begin to take on the values of their peers and are eager to experience more independence from their parents. This resource focuses on teaching them how to exercise judgment about using the net safely, securely and in accordance with their family ethic.
Security & Privacy
Children’s Safety
Technology users are getting younger and younger, which means that supervision must be a top priority when allowing them to use computers, mobile phones, etc. This resource will help you to provide a safe online environment for your youngest users.
Security & Privacy
Children’s Safety
If you're concerned about what your kids see when they surf the internet, using parental controls is a must. However, while they work well for young children, teens probably will be able to work around them. This resource shows how to gain more control over their internet usage.
Security & Privacy
Children’s Safety
The security of your computer can affect the safety of your online experience — and your kids'. This resource will help you talk to your kids about what they can do to help protect your computer and your family’s personal information.
Security & Privacy
Children’s Safety
Anyone with a cell phone probably uses it to send and receive text messages and images; and so do our children. This resource addresses the similarities between texting and using email or instant messaging, and how most of the same etiquette and safety rules apply.
Security & Privacy
Children’s Safety
As mobile phones become increasingly prevalent among younger users, this resource helps you to teach them to think about safety and responsibility when using these devices.
Security & Privacy
Children’s Safety
Cyberbullying is bullying or harassment that happens online, and can happen in an email, a text message, a game or on a social networking site. This resource will help you to recognize and prevent Cyberbullying.
Security & Privacy
Children’s Safety
Social networking sites, chat rooms, virtual worlds and blogs are how teens and tweens socialize online and it's important to help your child learn how to navigate these spaces safely. This resource focuses on applying real-world judgment to help minimize risks.
Security & Privacy
Children’s Safety
When your kids begin socializing online, you may want to talk to them about certain risks. This resource will help you to talk to your kids about how they communicate – online and off – and encouraging them to engage in conduct they can be proud of.
Security & Privacy
Children’s Safety
Children's identities are a consistent target for identity thieves and are used to get a job, government benefits, medical care, utilities, a car loan, etc. Use this resource to protect your kids' personal information and to minimize the damage that child identity theft can cause.
Security & Privacy
Children’s Safety
Many kids play video games and, as their parent, you have ideas about what's right for them when they do. This resource focuses on the tools like game ratings and parental controls that help you learn about the games and make sure they're playing according to your rules.
Security & Privacy
Children’s Safety
As a parent you have control over the personal information companies collect online from your kids under 13. The Children's Online Privacy Protection Act gives you tools to do that. This resource addresses how you can assert those rights.
Security & Privacy
General Safety
The Internet is a part of our everyday lives and it's important to pay attention to what's online about you and take steps to ensure a positive personal and professional persona. Check out this resource to see what you can do for yourself and others to help stay safe online.
Security & Privacy
General Safety
This resource is a tool that can be used to create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.
Security & Privacy
General Safety
Getting rid of your old computer? This resource shows you how you can ensure its hard drive doesn’t become a treasure chest for identity thieves.
Security & Privacy
General Safety
Many computer users rely on laptops and devices like smartphones and tablets because they are small and easily transported. But while this makes them convenient it also makes them an ideal target for thieves. This resource addresses how to protect both the machine and its information.
Security & Privacy
General Safety
Scammers, hackers and identity thieves are looking to steal your personal information and your money. This resource provides steps you can take to protect yourself like keeping your computer software up-to-date and giving out your personal information sparingly.
Attacks & Threats
Cyberbullying
Cyberbullying is bullying or harassment that happens online, and can happen in an email, a text message, a game or on a social networking site. This resource will help you to recognize and prevent Cyberbullying.
Attacks & Threats
Malware
Malware includes viruses, spyware and other unwanted software that gets installed on your computer or mobile device without your consent. This resources addresses how malware can cause your device to crash, monitor and control your online activity and deliver undesirable ads.
Operating Systems & Software
Security Software
Security software helps protect your computer and the personal information you have stored on it. This resource provides guidance on how to better understand and choose this software.
Operating Systems & Software
Patches
When vendors become aware of vulnerabilities in their products, they often issue patches to fix the problem. This resource focuses on understanding how applying relevant patches to your computer as soon as possible ensures that your system is protected.
Operating Systems & Software
Operating Systems
The operating system is the most fundamental program that runs on your computer. This resource will help you to better understand this program and how it is the basis for how everything else works.
Operating Systems & Software
License Agreements
This resource discusses how carefully reading and understanding the EULA covering software before you install it can help you make an informed decision that takes into account any privacy and security issues.
Operating Systems & Software
License Agreements
Before accepting an end-user license agreement make sure you understand and are comfortable with the terms of the agreement. This resource will show you what to look for, as well as how to review these agreements.
Operating Systems & Software
File Sharing Technology
File-sharing technology is a popular way for users to exchange, or "share," files. This resources addresses how using this technology makes you susceptible to risks such as infection, attack, or exposure of personal information.
Operating Systems & Software
Voice over Internet Protocol (VoIP)
With the introduction of VoIP you can use the Internet to make telephone calls instead of relying on a separate telephone line. However, the technology does present security risks, so this resource will help you to understand how to protect yourself from those risks.
Security & Privacy
Cloud Computing
Cloud computing is a subscription-based service where you can obtain networked storage space and computer resources. The cloud makes it possible for you to access your information from anywhere at any time. Use this resource to ensure that you are using the cloud safely.
Security & Privacy
Home Network Security
This resource provides home users an overview of the security risks and countermeasures associated with Internet connectivity especially in the context of always-on or broadband access services (such as cable modems and DSL) as well as traditional dial-up services.
Security & Privacy
Bluetooth
Many electronic devices are now incorporating Bluetooth technology to allow wireless communication with other Bluetooth devices. This resource will help you understand what it is, what security risks it presents, and how to protect yourself.
Security & Privacy
USB Drives
USB are reusable memory storage devices and are commonly referred to as flash drives or memory sticks. They've gotten so small and cheap and can store so much data they're literally everywhere, which is a problem according to security experts. This resource focuses on those problems.
Security & Privacy
USB Drives
USB drives are popular for storing and transporting data, but some of the characteristics that make them convenient also introduce security risks. This resource explores some of those risks.
Security & Privacy
Wireless Networks
If you’re using wireless technology or considering making the move to wireless, you should know about the security threats you may encounter. This resource highlights those threats and explains what you need to know to use wireless safely, both in the home and in public.
Security & Privacy
Wireless Networks
This resource provides a list of suggested steps that can potentially help secure your small office or home router.
Security & Privacy
Wireless Networks
Wireless networks, sometimes called WiFi, allow you to connect to the internet without relying on wires. This resource shows how to ensure that your wireless network is protected from unauthorized access.
Security & Privacy
Browsing
Many people browse the Internet without much thought to what is happening behind the scenes. This resource shows how active content and cookies are common elements that may pose hidden risks when viewed in a browser or email client.
Security & Privacy
Browsing
This resource shows you how to check the security settings in your web browser to make sure they are at an appropriate level. While increasing your security may affect the functionality of some web sites, it could prevent you from being attacked.
Security & Privacy
Browsing
You may have been exposed to internationalized domain names (IDNs) without realizing it. While they typically do not affect your browsing activity, IDNs may give attackers an opportunity to redirect you to a malicious web page. This resource helps you to understand the risks associated with these domains.
Security & Privacy
Browsing
You may have been exposed to web site certificates if you have ever clicked on the padlock in your browser or been presented with a dialog box about an error on the certificate. This resource helps you understand what these certificates are and may help you protect your privacy.
Security & Privacy
Browsing
Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. This resource addresses the unique risks presented by the Internet and why it is important to take steps to protect yourself when shopping online.
Security & Privacy
Browsing
Some of the more popular attacks that target online banking include phishing attacks malware and pharming. This resource describes all of these types of attacks and describes strategies you can use to ensure that your online banking experience is as safe as possible.
Security & Privacy
Browsing
This resource will help you configure your web browser for safer internet surfing. It is written for any person who works with limited information technology (IT) support and broadband (cable modem DSL) or dial-up connectivity.
Security & Privacy
Browsing
Web browsers allow you to navigate the internet and there are a variety of options available so you can choose the one that best suits your needs. This resource will help you to better understand those options.
Security & Privacy
Mobile Devices
This resource discusses the threats likely to have a significant impact on mobile devices and their users.
Security & Privacy
Mobile Devices
This resource examines today's advanced mobile devices; because they are increasingly used in the same way as personal computers (PCs) they are potentially susceptible to similar threats affecting PCs connected to the Internet.
Security & Privacy
Mobile Devices
As cell phones and PDAs become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device. This resource shows you how to protect yourself from these attacks.
Security & Privacy
Mobile Devices
In addition to taking precautions to protect your portable devices it is important to add another layer of security by protecting the data itself. This resource focuses on how to ensure the safety of your data.
Security & Privacy
Mobile Devices
Many computer users rely on laptops and devices like smartphones and tablets because they are small and easily transported. But while this makes them convenient it also makes them an ideal target for thieves. This resource addresses how to protect both the machine and its information.
Security & Privacy
Mobile Devices
This resource describes the risks associated with using portable devices as well as what you can do to minimize these risks. Recommended practices are provided for portable storage media, smart devices, and portable devices in general.
Security & Privacy
Mobile Devices
This resource discusses the threats likely to have a significant impact on mobile devices and their users.
Security & Privacy
Mobile Devices
When you think about cybersecurity remember that electronics such as smartphones and other internet-enabled devices may also be vulnerable to attack. This resources helps you to take the appropriate precautions to limit your risk.
Security & Privacy
Encryption
Encrypting data is a good way to protect sensitive information - it ensures that the data can only be read by the person who is authorized to have access to it. This resource will help you to understand this security feature.
Security & Privacy
Privacy
Recent high-profile data breaches at the national level have increased concerns about sensitive data and what can and should be done to provide appropriate protections. This resource defines what is considered sensitive data and outlines how to protect it, as a COV employee.
Security & Privacy
Privacy
When there are multiple people using your computer and/or you store sensitive personal and work-related data on your computer it is especially important to take extra security precautions. This resource addresses those precautions.
Security & Privacy
Privacy
Before discarding an old computer or storage media, you should copy the files you need and then erase them. However unless you have taken the proper steps, people may still be able to resurrect those files. This resource will show you how to ensure your files are erased effectively.
Security & Privacy
Privacy
This resource addresses the lack of anonymity on the internet, and discusses how you can reduce your digital footprint by visiting legitimate sites, checking privacy policies and minimizing the amount of personal information you provide.
Security & Privacy
Privacy
Before submitting your email address or other personal information online you need to be sure that the privacy of that information will be protected. This resource shows you how to protect your identity and prevent an attacker from easily accessing additional information about you.
Security & Privacy
Anti-Virus & Malware Protection
This resource gives an introduction to viruses and ways to avoid them.
Security & Privacy
Anti-Virus & Malware Protection
Using anti-virus and anti-spyware software is an important part of cyber security, but, in an attempt to protect yourself, you may unintentionally cause problems. This resource focuses on how to best coordinate these two complementary tools for protection.
Security & Privacy
Anti-Virus & Malware Protection
Anti-virus software can identify and block many viruses before they can infect your computer and, once you install anti-virus software, it is important to keep it up to date. This resource provides guidance on understanding how anti-virus software protects your systems.
Security & Privacy
Passwords
This resource offers recommendations for protecting your information by selecting strong passwords and storing and managing them safely. Included are common mistakes and remedies, as well as using password managers.
Security & Privacy
Passwords
Passwords are a common form of protecting information but passwords alone may not provide adequate security. This resource focuses on the practice of supplementing passwords and utilizing sites that have additional ways to verify your identity.
Security & Privacy
Passwords
Passwords are a common form of authentication and are often the only barrier between a user and your personal information. By choosing strong passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information.
Security & Privacy
Children's Safety
Children present unique security risks when they use a computer—not only do you have to keep them safe, you have to protect the data on your computer. This resource shows how, by taking some simple steps, you can dramatically reduce the threats.
Security & Privacy
General Safety
This resource summarizes the pros, cons, and security considerations of backup options for critical personal and business data.
Security & Privacy
General Safety
This resource addresses a growing risk to internet users without dedicated IT support, providing both general guidance and operating-system-specific guidance for connecting a new (or newly upgraded) computer to the internet for the first time.
Security & Privacy
General Safety
In general, online gaming may involve both social and technological risks similar to what users may have already encountered. What users may not realize is that gaming may compromise their privacy or security. This resource provides advice on how to recognize these risks.
Security & Privacy
General Safety
The Department of Homeland Security plays an important role in countering threats to our cyber network. We aim to secure the federal civilian networks, cyberspace and critical infrastructure that are essential to our lives and work.
Security & Privacy
General Safety
Network or internet cameras provide live video and audio feeds that you can access remotely using an internet browser. Although they are meant to provide security, they are vulnerable to digital snooping. This resource will help you understand how to protect these devices.
Security & Privacy
General Safety
This resource discusses good practices for clearing information from computer drives, USB thumb drives, CDs and DVDs. It also includes advice regarding phones and tablets.
Security & Privacy
General Safety
When anyone or anything can access your computer at any time, your computer is more susceptible to being attacked. This resource will show you how to restrict outside access to your computer and the information on it with a firewall.
Security & Privacy
General Safety
There are some common myths that may influence your online security practices, but knowing the truth will allow you to make better decisions about how to protect yourself. This resource takes a look at these myths in order to help you develop a solid understanding of online security.
Security & Privacy
General Safety
Many of the warning phrases you hear in your everyday life are also applicable to using computers and the internet. This resource addresses those warnings and how you can use them to stay safe online.
Security & Privacy
General Safety
This resource provides some simple habits you can adopt that, if performed consistently, may dramatically reduce the chances that the information on your computer will be lost or corrupted.
Attacks & Threats
Denial-of-Service Attacks
This resource discusses DNS recursion, helps users understand more about potential targets and risks, outlines methods for protecting DNS servers and provides best practices for configuring DNS servers.
Attacks & Threats
Denial-of-Service Attacks
The DDoS Quick Guide contains possible attack methods per OSI layer, potential impact and the applicable recommended mitigation strategies and relevant hardware. This resource also provides possible DDoS traffic type descriptions.
Attacks & Threats
Denial-of-Service Attacks
You may have heard of denial-of-service attacks launched against websites but you can also be a victim of these attacks. Denial-of-service attacks can be difficult to distinguish from common network activity but this resource will help you recognize some indications that an attack is in progress.
Attacks & Threats
Hoaxes & Urban Legends
Attacks & Threats
Hoaxes & Urban Legends
This resource takes a look at Hoaxes and Urban Legends which are emailed and shared via social networking sites daily. The most serious problem is from chain letters that mask viruses or other malicious activity, but even the ones that seem harmless may have negative repercussions.
Attacks & Threats
Cyberbullying
While bullying is not new, technology has allowed bullies to expand the reach and extent of their harm. This resource discusses this phenomenon called cyberbullying, the willful and repeated harm inflicted through the use of computers, cell phones and other electronic devices.
Attacks & Threats
Cyberbullying
Bullies are taking advantage of technology to intimidate and harass their victims. Dealing with cyberbullying can be difficult but this resource focuses on the steps you can take to address this problem.
Attacks & Threats
Cyberbullying
"What is Cyberbullying?" is one of the most frequent questions asked because many know what it is when it happens, but have trouble wrapping succinct descriptive words around it. This resource will help you to better understand what it is and how to explain it to others.
Attacks & Threats
Hidden Threats
The Coreflood Trojan is a virus designed to leverage the natural structure of a Windows network for account compromise and data theft. This resource helps organizations determine if their systems have been infected and provides guidance about how they can minimize or avoid infections.
Attacks & Threats
Hidden Threats
Malicious code is not always hidden in web page scripts or unusual file formats. This resource will help you recognize how attackers may corrupt types of files that you would recognize and typically consider safe, so you can take precautions when opening these types of files.
Attacks & Threats
Hidden Threats
Attackers are continually finding new ways to access computer systems. The use of hidden methods such as rootkits and botnets has increased, and you may be a victim without even realizing it. This resource will help you to better understand this threat.
Attacks & Threats
Malware
This resource describes malware tunneling, outlines methods for managing attacks, identifies additional IPv6 security risks and helps users understand more about minimizing associated risks.
Attacks & Threats
Malware
The purpose of this resource is to inform organizations of the rapidly growing malware problem and provide best-practice defense tactics.
Attacks & Threats
Malware
This "Heartbleed" OpenSSL Vulnerability resource contains information on this vulnerability that can potentially impact Internet communications and transmissions that were otherwise intended to be encrypted.
Attacks & Threats
Malware
Many users are victims of viruses, worms or Trojan horses. This resource addresses what to do If your computer gets infected with malicious code and the steps you can take to recover from an infection.
Attacks & Threats
Malware
Spyware, also known as adware, is used by the advertising industry that, when installed on your computer, may send you pop-up ads redirect your browser to certain web sites or monitor the web sites that you visit. This resource shows you how to recognize and avoid this risk.
Attacks & Threats
Malware
This resource discusses how to help stop the spread of spyware by being alert to suspicious computer activity and learning safe computing practices.
Attacks & Threats
Malware
This resource focuses on helping you recognize fake antivirus, malware designed to steal information from users, make system modifications making it hard to close unauthorized activities and cause realistic interactive security warnings to be displayed.
Attacks & Threats
Malware
Destructive malware utilizes popular communication tools to spread from system to system, including worms sent through email and instant messages, Trojan horses dropped from web sites , etc. This resource will show you how to lessen it's impact on your system.
General Information
Initiatives
This compilation of content from Department of Homeland Security (DHS) posters provides guidance on physical and cyber security and how to report suspicious behavior activity and cyber incidents.
General Information
Initiatives
This resource provides a framework for the steps that we all can take to secure our parts of cyberspace, outlining strategic objectives to prevent attacks against our critical infrastructures, reduce national vulnerability attacks and minimize damage and recovery time from attacks.
General Information
Internet Service Providers
Internet Service Providers (ISPs) offer services like email and internet access. In addition to availability, you may want to consider other factors so that you find an ISP that supports all of your needs. This resource will help you to understand how to evaluate these services.
General Information
Cyber Security
This act amends the National Institute of Standards and Technology (NIST) Act to expand authority to facilitate and support the development of a voluntary consensus-based industry-led set of standards and procedures to cost-effectively reduce cyber risks to critical infrastructure.
General Information
Cyber Security
The National Cybersecurity Protection Act of 2014 - (Sec. 3) amends the Homeland Security Act of 2002 to establish a national cybersecurity and communications integration center in the Department of Homeland Security (DHS).
General Information
Cyber Security
This Executive Order is designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing (2) privacy and (3) the adoption of cybersecurity practices.
General Information
Cyber Security
You've heard the news stories about credit card numbers being stolen and email viruses spreading. Maybe you've even been a victim yourself. One of the best defenses is understanding the risks, what some of the basic terms mean, and what you can do to protect yourself against them.
General Information
Cyber Security
This resource provides an overview of cyber security. Cyber security, also referred to as information technology security, focuses on protecting computers networks programs and data from unintended or unauthorized access change or destruction.

States Confront the Cyber Challenge

Virginia Governor Terry McAuliffe has selected cyber security as the focus of his National Governors Association Chair's initiative.

This initiative will place states at the center of defining solutions to the growing cyber threats facing our country.

Learn More

Documents

  •    

    Virginia Cyber Security Report
    2016

  •    

    Virginia Cyber Security Fact Sheet
    July 2016

  •    

    Cyber Security Commission Report
    July 2015

  •    

    Virginia's Innovation Ecosystem

Chip and PIN Enabled Smart Cards

Executive Directive 5 addresses the Commonwealth’s commitment to taking measures to better secure citizen data.

What you need to know

October is Cybersecurity Awareness Month