Weather Alert:

Cybersecurity Capacity Building Workshop Series

This workshop series will assist municipalities in taking immediate actions to address IT and cybersecurity needs and will also help guide the formation, policy, and procedures of possible future regionalized IT and cybersecurity solutions.

You may attend one, some or all of the following virtual workshops. A link to register for each individual session is included in the workshop description below. The workshops will be recorded and available for viewing at a later date – however – attending the live workshops is strongly encouraged for direct engagement with the facilitators and guest speakers.

The workshops will be conducted by Novus Insight, a firm specializing in providing IT and cybersecurity solutions to municipalities.


Workshop 1:  Positioning Technology & Cybersecurity as a Strategic Imperative

Target Audience: Executive Leadership, Selectboard Members

Session 1 – Support and Planning

Tuesday, September 14, 2021. 9am-10:30am.

Registration link:

  • Myth-busting – “Tech is overhead.” No, it’s not.
  • Why secure technology is the foundation of modern government services
  • Solving the budget problem starts with cultivating buy-in
    • How to talk tech without talking tech
    • How to (more) confidently sell stakeholders and constituents on the need for tech & cyber budgeting
  • Creating strategic plans that are supported by technology

Session 2 – Internal Change Management

Thursday, September 30, 2021. 1pm-2:30pm.

Registration link:

  • Breaking old habits – creating a culture to support change
  • Incorporating policy & procedure development and incident response planning into municipal budgets
  • Creating more of a culture of cybersecurity

Workshop 2:  Best Practices in IT/Cybersecurity Policies and Procedures Workshop

Target Audience: Executive Leadership, IT Personnel

Session 1 – Overview of a Cybersecurity Program

Thursday, October 14th, 2021. 9am-10:30am.

Registration link:

  • Understanding the important distinctions and interrelationship between policies, procedures, guidelines, and standards
  • Relevance — How does my cybersecurity program relate to and impact the day-to-day operations of the municipality?
  • Components of a cybersecurity program and the importance of each

Session 2 – Building a Cybersecurity Program

Tuesday, October 26th, 1pm-2:30pm

Registration link:

  • Templates that will get you started
    • Using the templates to drive other components of your overall IT program such as backup and recovery, incident response, and IT asset management
  • The role of executive leadership
  • Regulatory requirements
  • Making the program understandable and relevant to all — employees, board and commission members, external parties, the public


Workshop 3:  Incident Response Planning Workshop

Target Audience: Executive Leadership, IT Personnel, Emergency Operations & Critical Infrastructure (i.e. WPC)

Session 1 – Introduction of the cyber incident response plan template and implementation checklist tool

Wednesday, November 3, 2021. 9am-10:30am.

Registration link:

  • Identifying and understanding the municipality’s key information assets and the risk of them being breached or removed
    • Novus will provide an asset inventory worksheet for collecting and categorizing assets
  • Identifying whether assets are within your control or a third party’s, or if it is a shared responsibility
  • Understanding your in-house capabilities vs. need for external expertise/resources
  • How to assemble an incident response team

Session 2 – Implementing an IRP and addressing tool implementation barriers and /questions

Wednesday, November 17, 2021. 1pm-2:30pm

Registration link:

  • Preparing a tailored Incident Response Plan including:
    • Guidelines for who to inform when data is breached or exposed
    • Establishing the severity of a breach and the level of response required
  • How your IRP should fit within your business continuity and disaster recovery strategies
  • How to test your incident response plan

* Each participant will leave with a set of materials and templates allowing them to custom tailor their plan.

Workshop 4:  Security and Compliance Workshop

Target Audience: Executive Leadership, Any departments dealing with sensitive information (i.e. Police, Fire, HR)

Thursday, December 2, 2021. 9am-11am.

Registration link:

  • Most common sensitive data types in a municipality
    • PII
    • PHI (the 2 things needed with data for it to be considered PHI and regulated by HIPAA)
    • FERPA
    • CJIS
    • PCI
  • Identifying sensitive data in your environment
  • Strategies for protecting sensitive data and end user education
  • When all else fails, there’s insurance. An overview of cyber insurance and what’s included.
  • FOIA, record retention, and e-discovery
  • Baseline standards and best practices for a security and compliance program

Workshop 5:  State IT/Cybersecurity Efforts and Resources Workshop

Target Audience: Executive Leadership, IT Personnel

Thursday, December 16, 2021. 9am-10:30am.

Registration link:

  • Overview of Massachusetts-specific municipal IT and security resources

Presentations by representatives from state agencies, MIIA, and potentially federal resources