Security Notice
This system and related software and equipment are intended solely for the communication, transmission, processing, and storage of Cornwall, NY Office of Emergency
Management information. For site security purposes and to ensure that this web application remains available to intended users, Cornwall, NY
Office of Emergency Management monitors network traffic to identify unauthorized attempts to upload or change information or to otherwise cause damage to the web
application. Anyone using this web application expressly consents to such monitoring.
Unauthorized attempts to modify any information stored on this system,
to take down this system, to defeat or circumvent security features, or to utilize this system for other than its intended purposes are prohibited and may result in
criminal prosecution.
If monitoring reveals evidence of possible criminal activity, such evidence may be provided to federal, state, and local law enforcement
(whichever is appropriate) when necessary, and will be punished to the full extent of the law to facilitate protection against unauthorized access, and to verify security
procedures, survivability and operational security.
Computer Fraud and Abuse Act of 1986 (U.S. Public Law 99-474)
Unauthorized attempts to access information, upload information and/or change information on the Cornwall, NY Office of Emergency Management Ready web
application is strictly prohibited and is subject to prosecution under Title 18 U.S.C., Sections 1001 and 1030.
For security issues, please address queries to: holsen at cornwallny dot gov
Hack the Ready Site (ready.cornwallny.gov)
If you are a security professional looking to challenge yourself and your skills, there are very few real world opportunities to do that, to test your courage and improve. But
that real-world experience is so unbelievably critical in this industry, and we need to be creating more opportunities for people to improve that. The more we can do that and
share what we learn out of it, the more we can raise the talent and education of security professionals worldwide.
Cornwall NY Office of Emergency Management will deal
in good faith with researchers who discover, test, and submit vulnerabilities or indicators of vulnerabilities in accordance with these guidelines:
Your activities are
limited exclusively to - (1) Testing to detect a vulnerability or identify an indicator related to a vulnerability; or (2) Sharing with, or receiving from, Cornwall NY Office
of Emergency Management information about a vulnerability or an indicator related to a vulnerability.
The Cornwall NY Office of Emergency Management issues the following
terms for demonstrating compliance with this policy:
- You do no harm and do not exploit any vulnerability beyond the minimal amount of testing required to prove that a vulnerability exists or to identify an indicator related to a vulnerability.
- You avoid intentionally accessing the content of any communications, data, or information transiting or stored on Cornwall NY Office of Emergency Management information system(s) – except to the extent that the information is directly related to a vulnerability and the access is necessary to prove that the vulnerability exists.
- You do not exfiltrate any data under any circumstances.
- You do not intentionally compromise the privacy or safety of Cornwall NY municipal employees, or any third parties.
- You do not intentionally compromise the intellectual property or other commercial or financial interests of any Cornwall NY personnel or entities, or any third parties.
- You do not publicly disclose any details of the vulnerability, indicator of vulnerability, or the content of information rendered available by a vulnerability, except upon receiving explicit written authorization from Cornwall NY Office of Emergency Management
- You do not conduct denial of service testing.
- You do not conduct social engineering, including spear phishing, of Cornwall NY personnel or contractors.
- You do not submit a high-volume of low-quality reports.
If at any point you are uncertain whether to continue testing, please engage with our cyber-security officer holsen at cornwallny dot gov. Any violations/unapproved deviations from the above policy will be considered unauthorized and subject to U.S. Public Law 99-474 (the Computer Fraud and Abuse Act of 1986) and subject to prosecution under Title 18 U.S.C., Sections 1001 and 1030.