DSX Onboarding Organizations and Providers: DSX “Modules”

DSX has several “modules” defining our process for working with organizations requesting digital security assistance, and providers working to help them. A summary of these modules is below.

Module 1: Intake

This module is designed to gather additional information about an organization’s current security practices, the tools they use, their makeup and demographics, organizational goals, desired timeframe for assistance, and other concerns.

The specific goals of module 1 are to:

• Learn how an organization uses technology
• Learn about an organization’s flow of data and processes around it
• Learn about its programmatic context
• Learn about the structure of the organization (teams)
• Learn about organizational culture and theory of change
• Learn about the knowledge, skills, and abilities (KSAs) of the organization and the type and depth of training needed, as well as the desire for in-person vs. remote interaction.
• Gather readiness and knowledge information to determine the starting interaction module.

Module 2: Assessment & Connection

This module is intended to review the information from “Module 1: Intake”, to assess the current organizational status, needs, and community and to make the appropriate match(es) to the provider(s) most similar in expertise and experience. The connection and introduction between organization and provider is made on our CiviCDR platform (this will be implemented in April 2018). DSX gives the provider the results of the intake and makes recommendations as appropriate.

Module 3: Onboarding

This module is designed to introduce the organizations and providers to the CiviCDR ticketing and issue tracking platform, the community, DSX, and our codes of conduct.

Module 3A: For Organizations

• How to create an account on the CiviCDR platform
• Creating a ticket
• Viewing ticket status
• Why you should create a ticket on platform vs. emailing your provider
• Notifications and alerts

Module 3B: Organizations, Communities, DSX

• Community collaboration and communication
• Community norms
• DSX role
• Code of Practice
• Incident Reporting

Module 3C: For Providers

• Review the CiviCDR platform
• How the matching program works and acceptance of organizational matches
• Code of Practice
• Vulnerability Disclosure Policy (see this)
• Care of Organizations
• Code of Practice
• Incident reports

Module 4: Status & Exit Process

This module is designed to assess the security process and status for both organizations and providers. This module is only for those organizations that opt in to the pods and/or DSX’s retention of organization information.

The goal of the module is to gather feedback for improvements to the program, assess the efficacy of the DSX approaches, and the experience of the organizations and providers.