​Information Security and Privacy Office

City of Phoenix wins "Best of the Web" for second year in a row!

What's New

"Privacy Man": Interactive Privacy Training 

December 28, 2015



"Hi, I'm the DHS Privacy Man. For the next 15 to 20 minutes, I want to talk to you about the importance of safeguarding personal information, such as Social Security numbers, that DHS may collect or store in its databases or in paper files. Congress and OMB have mandated privacy training for both employees and contractors at all federal agencies to help staff identify and mitigate privacy risks related to sensitive personal information, which I will define in a moment.​"


Protect Your Home Router​

How are routers used in your home network?

Home routers have become an integral part of our global communications footprint as use of the Internet has grown to include home-based businesses, telework, schoolwork, social networking, entertainment, and personal financial management. Routers facilitate this broadened connectivity. Most of these devices are preconfigured at the factory and are Internet-ready for immediate use. After installing routers, users often connect immediately to the Internet without performing any additional configuration. Users may be unwilling to add configuration safeguards because configuration seems too difficult or users are reluctant to spend the time with advanced configuration settings.

Unfortunately, the default configuration of most home routers offers little security and leaves home networks vulnerable to attack. Small businesses and organizations often use these same home routers to connect to the Internet without implementing additional security precautions and expose their organizations to attack.

Why secure your home router?

Home routers are directly accessible from the Internet, are easily discoverable, are usually ​continuously powered-on, and are frequently vulnerable because of their default configuration. These characteristics offer an intruder the perfect target to obtain a user’s personal or business data. The wireless features incorporated into many of these devices add another vulnerable target.

See here​ for more information.​


Apply to Join the DHS Privacy Office FACA Committee

The DHS Privacy Office seeks applicants for appointment to its Data Privacy and Integrity Advisory Committee.​  Please read the instructions and information below and submit your application by January 4.

Federal Register Notice​​


Stay Cyber-Safe on the Go: Holiday Travel Tips
Stop. Think. Connect. 

Millions of Americans will hit the road this holiday season to visit family, friends, and loved ones across the country. Almost all of these travelers will take their smartphones, laptops, tablets, and other smart devices with them. These devices offer a range of conveniences such as allowing us to order gifts on-the-go, providing us with directions, and even letting us download our boarding pass to pass through security with just our mobile device. However, with all of these added conveniences often come potential threats and vulnerabilities.

Travel smart with your mobile devices by following these cybersecurity tips from DHS’s national cybersecurity awareness campaign, Stop. Think. Connect.:

  • Secure your devices. To prevent theft and unauthorized access while traveling or on vacation, never leave your mobile device unattended in a public place and lock your device – with a strong passcode or password – when it is not in use.

  • Connect with caution. Although convenient during this busy holiday season, most public Wi-Fi networks are not secure. Do not conduct sensitive activities – like online shopping or banking – on public Wi-Fi while you’re out and about. Disable automatic Wi-Fi and Bluetooth connections on your devices.

  • Think before you click. Do not click on suspicious links or email attachments unless you know the source. Cyber criminals use holiday shopping and travel scams to gain access to people’s information or computer systems.

  • Consider what you post. Wait to post pictures from trips and events so that people do not know where to find you. Posting where you are also reminds others that your house is empty, making it a prime target for break-ins this time of year.

Learn more about mobile security with Stop.Think.Connect. Campaign’s Cybersecurity While Traveling tip card

C3 Voluntary Program December Webinar
(December 16, 2015)

As part of Executive Order (EO) 13636, the Department of Homeland Security (DHS) launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the NIST Cybersecurity Framework (the Framework), released in February 2014. The C³ Voluntary Program was created to help improve the resiliency of critical infrastructure’s cybersecurity systems by supporting and promoting the use of the Framework.​


​​The C³ Voluntary Program directly engages organizations across the Nation to embrace a more sustained, proactive approach towards strengthening critical infrastructure cybersecurity. C³ Voluntary Program events are forums for industry, Federal, State, local, tribal, and territorial government partners, and other organizations of all sizes to discuss evolving cyber risk management needs and work together to forge solutions.


This month’s webinar will focus on international cybersecurity and feature panelists from the United States, the United Kingdom, and Japan. The discussion will cover their countries’ efforts to develop and integrate cybersecurity agendas and measures into comprehensive enterprise risk management programs.  The discussion will also highlight the importance of international cyber risk management, especially as it pertains to international business and government relations.


C3 Voluntary Program December Webinar

Date: December 16, 2015
Time: 9:00-10:30 a.m. EST​

See here for more information and RSVP.


Internet of Things (IoT)
Homeland Security Innovation Industry Day
(December 10, 2015)   

​​The U.S. Department of Homeland Security (DHS) must rapidly identify and develop technologies to counter emerging threats.  To do this, DHS has developed an Innovation framework to engage non-traditional vendors and start-up companies.  Through targeted, non-dilutive funding and providing opportunities for operational testing and market access, DHS hopes to incentivize product developers to open the aperture of their development roadmaps to include homeland security solutions.

  The purpose of this Industry Day is to:

  • Describe the homeland security challenges associated with IoT

  • Describe the benefits of the SVO Innovation Program to startups

  • Show you how to apply for funding

See here and here for more information.

Enhanced Cybersecurity Services
(November 30, 2015)   

Enhanced Cybersecurity Services (ECS) is a voluntary program that shares indicators of malicious cyber activity between the Department of Homeland Security (DHS) and participating Commercial Service Providers (CSPs) and Operational Implementers (OIs). The National Protection and Programs Directorate (NPPD) is conducting this Privacy Impact Assessment (PIA) Update to reflect ECS’ support by Executive Order 13636, Improving Critical Infrastructure Cybersecurity, to announce the expansion of service beyond Critical Infrastructure sectors to all U.S.-based public and private entities, and to introduce the new Netflow Analysis service.  See ​here and here ​for more information.​


Homeland Security: Solutions for Resilient Critical Infrastructure: 
Tuesday, November 17.  ​​​

Please join @dhsscitech on Tuesday, November 17 from noon to 1 p.m. EST for an hour-long chat to discuss DHS's research and plan securing the nation’s critical infrastructure ( including the Internet and all things "cyber").  Submit your questions and comments before, during or after the chat and use the #STTechTalk hashtag to engage in the two-way discussion.​​



Critical Infrastructure Security and Resilience Month

Critical Infrastructure Security and Resilience Month, observed in the month of November, builds awareness and appreciation of the importance of critical infrastructure and reaffirms the nationwide commitment to keep our critical infrastructure and our communities safe and secure.  Securing the nation's infrastructure, which includes both the physical facilities that supply our communities with goods and services, like water, transportation, and fuel, and the communication and cyber–technology that connects people and supports the critical infrastructure systems that we rely on daily, is a national priority that requires planning and coordination across the whole community.

More information about Critical Infrastructure Security and Resilience Month can be found at http://www.dhs.gov/critical-infrastructure-security-resilience-month​.

October National Cyber Security Awareness Month - Lunch and Learn Session Oct. 28, 2015

Recognizing the importance of cybersecurity to our nation, President Obama designated October as National Cyber Security Awareness Month. National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident.

National Cyber Security Awareness Month takes place each October and is sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center.

In support of National Cyber Security Awareness Month, the City of Phoenix will be hosting a lunch & learn presentation in the Calvin Goode Municipal Building on Wednesday, Oct. 28 from 12:00 AM – 1:00 PM in conference room 10E.  Special Agent Paul Schaff, Phoenix FBI Cyber Squad will be the key note presenter.  This event is open to both City staff and members of the community. 

More information about National Cyber Security Awareness Month can be found at http://www.dhs.gov/national-cyber-security-awareness-month.


October National Cyber Security Awareness Month - Stop.Think.Connect Campaign

The Stop.Think.Connect. Campaign is an ongoing national cybersecurity awareness campaign to guide the nation to a higher level of Internet safety by challenging the American public to be more vigilant about practicing safer online habits. In recognition of October 2015 National Cyber Security Awareness Month (NCSAM), join Stop.Think.Connect. and others for a series of Twitter Chats. Use the hashtag #ChatSTC to join!

More information about NCSAM and the Twitter Chats is available at https://www.staysafeonline.org/​.


2015-2016 Security Awareness Training Campaign

The City is deploying a series of online training classes entitled "Securing the Human" to help employees remain aware of best practices. Every employee who uses a computer is required to complete the online training modules. As this training effort is deployed, an employee will receive e-mails from Walter Davis, a Security Engineer with the City of Phoenix. The emails will come from an outside address, noreply@securingthehuman.org. Don't worry – these are not phishing emails. The emails will contain instructions and account information that allows an employee to access assigned training modules at the training website, https://vle.securingthehuman.org.

Training modules are assigned based on an employee's current duties. Each module is very short – less than 5 minutes – and covers a specific topic. An employee is asked to complete the training no later than June 30, 2016.​



This information is provided as a courtsey by City of Phoenix. However, this information is intended as an introduction only, and it is up to you to make sure you take the proper steps to secure your home PC, mobile devices, and/or business. The City of Phoenix is not responsible for computers not owned by the City and cannot answer specific questions about them, nor does the City of Phoenix recommend or endorse any specific vendors, products, or services.​​​​​​​