Jul. 6, 2022

Shifting from Cybersecurity to Cyber Resilience

by Calvin Simmons, Vice President of Technology, Civix

The Journey Never Ends

The COVID-19 pandemic precipitated a sharp rise in the adoption of digital tools, especially in the public sector. This increase in digitization allows governments to improve services, save money, share data, make better-informed decisions, and ultimately, improve citizens’ quality of life. But it also means greater vulnerability to cyber threats and attacks. That’s where cybersecurity comes in. It enables digital transformation in the face of adverse conditions.

In my last article, Steps Toward Success along the Cybersecurity Journey, I shared lessons learned from building Civix’s information security program. I rightly framed it as a “journey,” because the work of InfoSec teams should never stop. Cybersecurity is an ongoing effort, and cyber resilience is an organization’s ability to prepare for, respond to, and recover from cyberthreats and attacks. Every organization should be prepared for when, not if.

At Civix, we understand the challenges facing the public sector, and we are on a continuous mission to overcome them. Keeping data secure while anticipating and mitigating cyber threats is at the heart of everything we do.

All our software solutions are built on a foundation of best practices and aim to align with National Institute of Standards and Technology (NIST) Standards, the most stringent cybersecurity frameworks in the U.S. federal government.

Our entire security program is based on best practices and aligned to National Institute of Standards and technology (NIST), the basis of all security frameworks, such as FedRAMP, PCI (Payment Card Industry) DSS (Data Security Standards), HIPAA (Health Insurance Portability and Accountability), FISMA (Federal Information Security Management Act), etc.

Rooted in defense-in-depth strategies, and using only best of breed technologies, Civix’s approach to cybersecurity, 360° Security, implements stacked protections to create a deeply layered security posture. Our model ensures the most appropriate technologies are applied at every layer.

A critical part of this is that we run Civix solutions on Amazon Web Services (AWS) GovCloud (US). This group of Amazon cloud regions is designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements – including the FedRAMP High baseline and other compliance regimes.

Our robust Identity and Access Management program helps prevent any user or device, inside or outside a network, from accessing an IT system until authenticated – and users are continuously verified.

We place a high emphasis on access control, detection, and response capabilities. Event data is collected, correlated, and monitored 24/7/365 in a SIEM (Security Information and Event Management) for detection of potential security incidents, which triggers appropriate responses to ensure every threat is managed.

All these measures and more are helping make us, and more importantly, our clients, cyber resilient.