In 2019 and 2020, we partnered with Internews to identify opportunities and tools for organisational security practitioners at large and the orgsec.community specifically. As we near the end of our collaboration, weâre excited to share tools for orgsec practitioners, security researchers and others.
Below are resources built by community collaboration, desk research, interviews and group discussions. If you have any questions about using any of these, email orgsec@theengineroom.org.
- You can learn more about the process of creating these tools in this post from Paola Mosso, who led much of the work.
- If you want to learn more about our learnings around measuring and evaluating impact, take a look at this post from Sara Baker.
The Toolkit
Research overview
đș This report, Organisational Security Community: Challenges and Opportunities for Community Strengthening, provides an overview of the research we conducted, which forms the foundation for the tools below, and opportunities we identified for continued community strengthening.
The research is also available in Spanish: Comunidad de Seguridad Organizacional: DesafĂos y oportunidades para el fortalecimiento comunitario.
Monitoring and Evaluation Framework
đ The Monitoring & Evaluation Framework is a tool to guide practitioners through assessing the orgsec practices of the organisations they support, both before and after providing support, so they can measure the impact of their work. The framework is designed to measure changes in organisational knowledge, attitude, behavior and condition, giving a clear and comprehensive picture of the achievements and solutions practitioners enable.
This framework is also available in Spanish: Marco de Monitoreo y EvaluaciĂłn para la Seguridad Organizacional.
Case Studies
đ These case studies illustrate the consequences of digital attacks against human rights and alternative media organisations, while recommending how such organisationsâand practitioners from all backgrounds supporting themâmay mitigate digital attacks.
They are especially useful for researchers, practitioners and civil society organisations seeking to understand the threats in this space, as well as mitigation tactics conducted by the organisational security community.
Trends Report
đ The Trends report is an analysis of cases drawn from incidents reported between April 2019 and March 2020 by organisational security practitioners from Eastern Europe, the MENA region and Southeast Asia, as reported in cases provided by Internews and by Access Nowâs Digital Security Helpline.
This report demonstrates common threats and relevant patterns, and practitionersâ strategies to respond to attacks. It’s relevant for researchers and practitioners seeking to understand the threats in this space.
Archetypes & case studies building guide
𧩠The Archetypes & Case Studies Building Guide is a tool for practitioners to take in information about a threat or attack and build it into a shareable archetype or case study.
Attack archetypes illustrate threat patterns and scenarios that are commonly seen. They can help human rights organisations identify recommended digital protection practices, based on their organisationâs profile and the type of attacks they are experiencing (or might one day experience due to their profile).
Case studies seek to support practitioners and civil society organisations by illustrating the consequences of attacks and the benefits of deploying mitigation tactics, through a detailed description of a real-world scenario.
The guide is also available in Spanish: AnĂĄlisis de ataques: una guĂa para crear arquetipos y casos de estudio
Efficacy Matrix
âïž The Efficacy matrix tool visualises mitigation techniques used by practitioners to respond to certain risks in different vectors – such as the organisationâs website, social media accounts or devices. It seeks to help human rights defenders organisations and digital safety experts by supporting them to choose and prioritize mitigation tactics based on observed effectiveness over time.
Looking for more?
Weâve learned a lot from this process and have tried to document our learnings along the way. You can:
- Read about the process of creating these tools
- Dive into how we thought about measuring and evaluating impact
- Review some early opportunities (and challenges) we identified
- Catch up from the beginning and learn more about our orgsec work
Illustrated by Matilde Salinas.