Past Events

CISA is hosting another SBOM-a-Rama! We are excited for you to join us September 11-12, 2024, at the Denver Athletic Club in Denver, CO. Day 1 is the SBOM-a-Rama as you know it, a day of presentations from across the global software community on SBOM-related topics and a chance to discuss important opportunities and issues. Day 2 features our first SBOM-Solutions Showcase, where suppliers of commercial and open-source SBOM solutions will have a chance to share how they are helping meet the needs of community.  

SBOM-a-Rama on Day 1 allows for both in-person and virtual attendance options. The SBOM-Solutions Showcase on Day 2 will be limited to in-person attendees. You can find the Federal Register Notice for this event here.

This webinar is meant to provide guidance to applicants for the Digital Equity Competitive Application Grant. It will cover the latest published Frequently Asked Questions (FAQs) regarding the Digital Equity Competitive Grant Program.

If you would like to request an accommodation to participate in these office hours, please email your request to [email protected] by September 3. An NTIA staff member will follow up with you shortly regarding your request.

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Using the CISA Incident Response Playbook at your Organization (IR211) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Produced in accordance with Executive Order 14028, “Improving the Nation’s Cybersecurity,” CISA released the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks that provide federal civilian agencies with a standard set of procedures to respond to vulnerabilities and incidents impacting Federal Civilian Executive Branch (FCEB) networks. This course introduces students to the Incident Response Playbook that describes the process FCEB agencies should follow for confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out. The course will include a tabletop discussion format that follows a simulated IR event/scenario and guides students through the CISA IR checklist and IR phases. While the playbooks are intended for federal agencies, CISA encourages public and private sector partners to review them to help inform their own incident response practices.

Many entrepreneurs are using Generative AI in their businesses. Tools such as ChatGPT can assist with writing a business plan, crafting product descriptions, or developing social media and web content, but what are the ethical and cybersecurity ramifications of using those tools? In this webinar, you’ll receive tips and guidance to keep you and your data safe online while using AI tools.

In this workshop, we'll introduce the basics of online security and how it applies to your business and customers. We will talk about:

• Why cybersecurity matters for businesses of all sizes
• How to protect your business and your customers online
• What steps you can take after a potential security breach

Presented by Marial Elena Duron, Grow with Google instructor

CISA is proud to offer the Initial Triage and Data Collection Cyber Range Training (IR215). We are excited to share this information with stakeholders across the federal enterprise and nationally.

This 4-hour skills development cyber range training provides best practices for strengthening detection and initial response capabilities for more effective triaging. Through case studies, presentations by expert facilitators, demonstrations, and lab exercises, participants will explore the tools and techniques necessary to identify suspicious and malicious activity in an enterprise environment.

Throughout the course participants will: 

• Practice initial response tactics to an Advanced Persistent Threat (APT) including ransomware attacks, while emphasizing the importance of speed and accuracy in collecting the data from logs, systems, and network traffic.
• Utilize automated tools for initial data gathering and the manual collection of evidence.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

The “Cybersecurity Basics for Non-Techies” course is designed to provide a comprehensive introduction to essential cybersecurity concepts. This course is perfect for beginners and non-technical individuals looking to enhance their online safety skills. Both online and onsite formats offer a blend of engaging PowerPoint slides, informative videos, and interactive lecture notes. Participants will learn to recognize common cyber threats such as phishing, malware, and social engineering attacks. The course includes real-life examples and case studies to illustrate the impact of cybersecurity breaches and effective prevention strategies. Practical tips on creating strong passwords, securing personal devices, and safe browsing practices are covered in detail. The course features statistics and citations from reputable sources like the Federal Trade Commission and the US Justice Department. In the onsite sessions, attendees can benefit from face-to-face interactions and live Q&A sessions with the instructor. The online version offers the flexibility to learn at your own pace, with access to all course materials for reference. By the end of the course, attendees will be equipped with the knowledge and skills to protect their personal and professional data, ensuring a safer digital experience.

Post Covid-19 Small Businesses and Startups are challenged with the challenge of providing a secure and high performance work space for all collaborators.

2023 Small Business Cyber Issues Include:
1. Retooling for remote work created new vulnerabilities
2. Ransomware is more prevalent than before the pandemic
3. IoT and the supply chain has experienced new levels of cyber attacks
4. Expansion of cloud services increases complexity and depth of cyber attacks
5. Mobile computing and wearable’s are more of a target today
6. Phishing is a popular methodology for cyber terrorists
7. Insider threats are more prevalent than ever
8. Data privacy elevated to a primary organizational objective
9. Artificial Intelligence and Expert Systems becoming as component of cyber security
10. Cyber Cold war Security Perspectives

You’ve likely heard the term “ransomware” in the news, but what is it? Ransomware is a type of malware that restricts your ability to access and use critical business data and applications. Imagine trying to log into your email, your finances, or an HR system only to find that the application you use every day is no longer available to you. Instead, you are presented with a screen requesting thousands of dollars to restore functionality. That could be tremendously disruptive to your small business. How long could your business operate without access to critical data or systems? 

Ransomware is a very serious and increasingly common threat to organizations of all sizes, and it is particularly devastating to smaller organizations that have limited resources. A successful ransomware attack can stop your business in its tracks. 

During this NIST small business cybersecurity webinar, we will convene a panel to highlight:

• Common ways ransomware is delivered to businesses. 
• Challenges small businesses face with ransomware.
• Common signs of a ransomware attack. 
• What steps to take if your business falls victim to a ransomware attack.
• What role cyber liability insurance plays in ransomware risk management.
• Steps small businesses can take, and free resources you can use, to reduce your likelihood of falling victim to ransomware.

Panelists:

• Bill Fisher, Security Engineer, National Institute of Standards and Technology (NIST)
• Nick Lozano, Director of Technology, The Council of Insurance Agents & Brokers
• Stephanie Walker, Assistant Section Chief of the Cyber Engagement and Intelligence Section, Federal Bureau of Investigation (FBI)
• Ann Westerheim, Ph.D. Founder and President, Ekaru 

Moderator: 

• Daniel Eliot, Lead for Small Business Engagement, NIST

In today's digital age, businesses of all sizes are vulnerable to cyber threats and data breaches. It is crucial for business owners to understand the risks they face and implement effective security measures to protect their sensitive information. 

In this workshop, we will cover:

• Understanding attackers, their motivations, and types of attacks.
• How to protect yourself and your team, minimize your risk, and fly under attackers' radar.
• How to plan ahead for the unfortunate case of a breach occurring.