Reposted from MAAM

2025 Building Museums Symposium March 5-7, 2025

Registration Is Open

Early-bird rates for conference registration begin now through February 2, 2025. Register today to get these reduced conference rates!

Building Museums™ is a national symposium on the process, promise, and pitfalls of planning and managing museum building projects.

This symposium is for architects, museum leaders, planners, project managers, technical experts, and all professionals who plan or implement new construction, renovation, preservation, or expansion projects for museums. American Institute of Architects (AIA) continuing education credits are available at this conference. Engaging sessions and speakers, pre-conference tours, receptions, and the highly acclaimed Ready, Aim, Build Workshop- geared towards museum professionals curious about starting a building project- are all available to round out the experience.

See Original Post

Reposted from AASLH

Activating Environmental Care and Strength at Museums and Historic Sites

Virtual Summit January 28-29, 2025

Environmental and climate sustainability are becoming increasingly important and urgent. This virtual summit will address how museums and historic sites are impacted by the environment and contribute to greater environmental sustainability. The summit will explore these topics from a variety of viewpoints.

Attend the summit to learn:

• Effective ways to communicate with the public about climate and the environment.
• Examples of how historic sites are becoming more sustainable.
• Tips on how to prepare your organization for a disaster and how to respond.
• Interpretation of the environment and educational programming at museums and historic sites.

Sarah Sutton, the CEO of Environment & Culture Partners and an expert on how the environment intersects with museums, will give the opening keynote. The summit will conclude with a panel discussion about how people are working to preserve the environment and historic sites and communities in Louisiana.

In addition, there will be time on both days for you to meet your peers from across the country. You’ll be able to discuss what you’ve learned and share what your museum or historic site is doing or might do to strengthen environmental sustainability.

This virtual summit is organized by the AASLH Climate and Sustainability Committee. The committee is sponsored by Lyrasis.

See Original Post

Reposted from CISA/DHS

We are pleased to share the 2024 CISA Year in Review, which invites readers to learn about CISA’s work over the past year and dive deeper into each topic through related links and videos. We are grateful to all our partners across industry, government at all levels, international partners, and beyond, whose strong collaboration contributed to a wide array of achievements across CISA’s broad cybersecurity, infrastructure security, and emergency communications missions.

Just a few of our efforts over the year include:

• Delivered almost 1,300 cyber defense alerts, advisories, and products, including 58 joint-sealed cybersecurity advisories and co-sealed products through the Joint Cyber Defense Collaborative (JCDC).
• Blocked 1.26 billion malicious connections targeting federal agencies, disrupting a significant number of attempted attacks.
• Hosted the federal government’s first tabletop exercise on AI cybersecurity incidents.
• Kept the nation’s emergency responders connected during crises with more than 31,000 new subscribers to the Government Emergency Telecommunications Service (GETS) and more than 247,000 new subscribers added to the Wireless Priority Service (WPS).
• Worked with election officials and other members of the elections subsector to protect our elections.
• Conducted 27 security exercises for K-12, with 1,441 participants, including a full-scale active shooter exercise in Fauquier County, VA with over 400 participants.
• Launched a Secure by Design pledge to gain commitments from more than 250 companies to build security into product design.
• Released the “We Can Secure Our World” public service announcement to educate and empower individuals to take proactive steps to be more secure online.
• Mitigated cyber threats from nation-state backed cyber actors from China, Russia, North Korea and Iran.
• Held Cyber Storm IX, the most extensive government-sponsored cybersecurity exercise of its kind, which brought together over 2,200 participants from 35 federal agencies, 13 states, over 100 private companies representing 12 critical infrastructure sectors, and 11 partner nations to simulate discovery of and response to a significant cyber incident impacting the Nation’s critical infrastructure.
• Completed over 9,400 stakeholder engagements with target-rich sector partners with government and private sector participants in 2024—including assessments, trainings, and sharing critical threat information.
• Conducted 3,368 Pre-Ransomware Notifications since the inception of the initiative two years ago, with 2,131 conducted this year as of November 2024.
• Used our Administrative Subpoena authorities, granted by Congress in the 2021 NDAA, to identify and drive mitigation of over 1,200 vulnerable devices used to control critical infrastructure like power plants and water utilities.
• Through our Vulnerability Disclosure Platform, legitimate security researchers enabled agency remediation of over 861 vulnerabilities this year, before they could be exploited by malicious actors and bringing the total to over 3,247 vulnerabilities since 2021.
• Made it easier to voluntarily report cyber incidents by moving our cyber incident reporting form to the agency’s new and enhanced secure CISA Services Portal, providing increased functionality, including integration with login.gov credentials.
• Developed a voluntary cyber incident reporting resource page listing the benefits of reporting along with an animation, steps to make sure you have the right information on hand, and additional resources to boost cybersecurity.
• Realized a significant milestone on the road to a permanent, unified headquarters facility when GSA awarded a fully funded, approximately $524 million building construction contract for CISA’s new headquarters on the Department of Homeland Security’s St. Elizabeth’s campus.
• Advanced Unity and Resilience this year, which contributed to our goal of a people-first culture of excellence and helped achieve our highest engagement and inclusion scores in CISA history.
• …. And so much more!

The 2024 Year in Review is in an easy-to-use, interactive web-based format that invites readers to learn about the agency’s work over the past year and dive deeper into each topic through links and videos. 

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and remediate deviations from CISA’s Secure Cloud Business Applications secure configuration baselines. Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services. As part of CISA and the broad U.S. government's effort to move the federal civilian enterprise to a more defensible posture, this Directive will further reduce the attack surface of the federal government networks. While this Directive only applies to federal civilian executive branch agencies, the threat to cloud environments extends to every sector. We are urging all organizations to adopt this guidance. When it comes to reducing cyber risk and ensuring resilience, we all have a role to play. 

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) published Mobile Communications Best Practices Guidance which provides individuals, especially highly targeted individuals, with practices they can apply to their mobile communications to protect against exploitation by People’s Republic of China (PRC)-affiliated and other cyber threat actors. “Highly targeted” individuals are senior government or senior political figures who likely possess information of interest to these threat actors. Recently, PRC-affiliated actors were identified conducting cyber espionage activity targeting commercial telecommunications infrastructure. This activity enabled the theft of customer call records and the compromise of private communications for a limited number of highly targeted individuals. Communications infrastructure organizations were encouraged to strengthen their visibility and harden their network devices. Recommended actions in the mobile communications guidance for individuals to apply include end-to-end encryption, Fast Identity Online, password manager and Telco Personal Identification Number. The guidance also recommends individuals do not use personal virtual private network and migrate away from Short Message Service-based multifactor authentication. This guidance includes specific recommendations for iPhone and Android mobile devices.  While no single solution eliminates all risks, implementing these best practices significantly enhances protection. CISA urges individuals, specifically highly targeted individuals, to immediately review and apply recommended best practices in this guidance.   

Reposted from EMR-ISAC InfoGram

The Federal Emergency Management Agency (FEMA) released the third edition of the National Disaster Recovery Framework (NDRF) this week. The revised framework includes feedback and recommendations from the public during a 30-day public comment period that ended in October 2024. The NDRF streamlines and clarifies the federal government’s approach to providing disaster recovery resources and support to disaster-impacted communities. It is one of five national planning frameworks for each of the five preparedness mission areas within the National Preparedness System – prevention, protection, mitigation, response, and recovery.

Key revisions include:

• Clarifying roles and responsibilities.
• Detailing the Federal Recovery Support Function structure and its role in supporting local recovery goals.
• Enhancing collaboration across the whole community.
• Providing practical resources to assist in recovery planning efforts.

FEMA encourages states, local governments, Tribal Nations and territories, as well as nonprofits and the emergency management community, to view and use the NDRF as a model to guide and inform their own disaster recovery planning and policymaking. The NDRF is valuable for recovery practitioners at all levels, ranging from full time professionals in state and county emergency management to individuals across the whole recovery community.

See Original Post

Reposted from AAM

MUSEUMS & TRUST

Reposted from learning cultural heritage.org

We are excited to announce that the January AFR meetup will be a joint learning opportunity with our National Heritage Responder network. Please join us as David Carmicheal presents how to conduct your own tabletop exercises.

Tabletop exercises are the safest, cheapest, and simplest way for a cultural repository to test its emergency planning and response. Having a disaster response plan is essential, but considering how you will apply that plan during a crisis is equally important. Tabletop exercises are simple, effective tools that any group can use to explore their assumptions about emergencies, predict their response, identify gaps in their thinking, assess their capabilities, and determine how to optimize their response in an actual emergency. This webinar will explain how tabletop exercises work and provide guidance for conducting your own.

David W. Carmicheal is the author of Implementing the Incident Command System at the Institutional Level: A Handbook for Libraries, Museums, Archives, and Other Cultural Institutions (Heritage Preservation and RescuingRecords.com, 2010) and two publications for the Council of State Archivists, Rescuing Family Records: A Disaster Planning Guide, and its companion volume, Rescuing Business Records: A Disaster Planning Guide for Small Businesses.

The webinar will take place January 15th from 2:00-3:00 ET. To attend, please register at https://learning.culturalheritage.org/products/exercise-without-leaving-your-seat-tabletop-exercises-for-effective-disaster-planning

See Original Post

Reposted from AAM

As you wrap up 2024, do you have the data you need to plan for the year ahead? 

Join a free webinar to hear what museumgoers had to say about inclusion, imagination, and repeat visitation, and learn how the Annual Survey of Museumgoers can help you make confident, data-informed decisions in the year ahead.  What is the Annual Survey of Museumgoers? It's a cost-effective way to learn about your visitors' experiences, what they value, and what your museum can do to keep improving. You simply sign up and send it out via email and social media. It's that easy.

See Original Post

As in the past, we invite you to propose content for ASTC 2025 for several different types of sessions:

• Concurrent Sessions. 60-minute sessions featuring an array of presenters from diverse perspectives.
• Lightning Sessions. 10-minute presentations or discussions that are combined with others on related themes.
• Posters. Share your project or idea graphically and engage with attendees informally during designated Poster Palooza sessions.
• Hands-On Showcase Sessions. 15-minute slots to put activities directly in the hands of attendees in the Exhibit Hall.
• Preconference Intensive Workshops. Half-day participatory and highly interactive workshops that offer a deep dive on a specific topic that result in tangible learning outcomes, tools, and/or resources.

ASTC 2025 will be held September 5–8, 2025, in the San Francisco Bay Area and is hosted by a consortium of eight ASTC members in the region.

See Original Post