See the CivicActions Security Training which covers:
- Awareness and Training (AT)
- Configuration Management (CM)
- Contingency Planning (CP)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Physical and Environmental Protection (PE)
- Personnel Security (PS)
- System and Information Integrity (SI)
Iteratively reduce both the number of incidents as a proportion of our total information system inventory, and reduce the mean time to recover from incidents.
See the CivicActions Common Control Policy.
For information on roles and responsibilities, management commitment, coordination among organizational entities, compliance, reviews, and updates please see the CivicActions Common Control Policy.
The CivicActions Security Office organizes incident response training sessions, offered to the whole CivicActions team at least annually, led by a Project Manager or a Security or Operations team member. Some clients have their own Incident Response plans. CivicActions Operations team members take at least one incident response training yearly.
See IR-2.
CivicActions implements processes to detect and analyze malicious activity within the system platforms. If these processes detect malicious activity, they report the activity to the Operations team.
CivicActions has a default Incident Response Plan that documents the procedures that staff should take in the case of an incident.
See IR-4, IR-5, IR-6.
The Operations team implements automated processes such as ClamAV and AIDE to detect anomalies. When these processes detect an anomaly, they escalate an alert to Security Operations team members, often automatically via Slack and/or OpsGenie.
CivicActions' systems automatically store logs so that Operations can access relevant information when investigating a potential incident.
See IR-4 (1), IR-6 (1).
As described in the CivicActions security incident response guide and contingency plan, Operations will notify customers about incidents and potential incidents.
See IR-7.
The CivicActions Incident Response Plan provides a baseline of incident response capabilities.
The CivicActions team distributes changes to the Incident Response Guide to the whole CivicActions team.
See IR-8.
CivicActions Incident Response directs CivicActions team members to watch out for and immediately report any potential security incident,
which includes reporting phishing attempts and suspected information spills, perhaps the inadvertant publishing of a security token to a public repository. In the event of a suspected incident, CivicActions team members follow the reporting process in the CivicActions Incident Response Plan.
The System Owner, Program Manager, and CivicActions Information Security and Technology team members have primary responsibility for implementing the response to security incidents, including reporting, escalation and technical measures.
See IR-9.