Center for Internet Security Critical Security Controls Version 8
The CIS Critical Security Controls (CIS Controls) are a prioritized set of safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks. Movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the update and supports an enterprise’s security as they move to both fully cloud and hybrid environments.

Cybersecurity and Infrastructure Security Agency Vulnerability Scanning
CISA’s Vulnerability Scanning (VS) is persistent “internet scanning-as-a-service”. VS service continuously assesses the health of your internet-accessible assets by checking for known vulnerabilities, weak configurations—or configuration errors—and suboptimal security practices. VS service also recommends ways to enhance security through modern web and email standards.

U.S. Department of Education K-12 Digital Infrastructure Brief: Defensible & Resilient
This product provides K-12 districts across our communities a starting place to understand the importance of securing our digital infrastructure and provides steps schools can take today to keep their systems safe.

Nationwide Cybersecurity Review
The NCSR is a no-cost, anonymous, annual self-assessment. All states (and agencies), local governments (and departments), tribal nations, and territorial (SLTT) governments are encouraged to participate. It is designed to measure gaps and capabilities of SLTT governments’ cybersecurity programs and is based on the National Institute of Standards and Technology Cybersecurity Framework.

Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats
This report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers actionable steps school leaders can take to strengthen their cyber posture.

NC Department of Information Technology Information & Risk Management Services
The Enterprise Security and Risk Management Office offers several services to help executive branch agencies develop, deliver and maintain a cybersecurity program that safeguards data and supporting infrastructure against unauthorized use, disclosure, modification, damage or loss.

Cybersecurity Resources for PSUs by Shannon Tufts
Shannon Tufts is an expert on the intersection of law and technology in the public sector, cybersecurity, cloud computing, social media, and strategic IT investments, as well as CIO leadership and development.

Reporting a Cybersecurity Incident:

1. NC Department of Information Technology
2. NC Emergency Management 24-Hour Watch Center: NCEOG@ncdps.gov or at 1-800-858-0368
3. NCLGISA Strike Team: itstriketeam@nclgisa.org or (919) 726-6508 (monitored 24/7)
4. FBI Internet Crime Complaint Center (IC3)
   If you have a situation involving financial fraud, please contact the FBI first because there is a ~72 hour window for fraud recovery before it is moved off-shore.
5. NC Department of Justice

• Identity Theft Protection Act, N.C.G.S. Chapter 75, Article 2A
• Data Breach Notification to Affected Persons Requirement, N.C.G.S. § 75-65 (applicable to public schools through N.C.G.S. § 132-1.10)
• Prohibition on ransomware payments, N.C.G.S. § 143-800
• Requirement that cybersecurity incidents be reported to NCDIT, N.C.G.S. § 143B-1379(c)