A (new!) toolkit for organisational security practitioners

Laura Guzman

In 2019 and 2020, we partnered with Internews to identify opportunities and tools for organisational security practitioners at large and the orgsec.community specifically. As we near the end of our collaboration, we’re excited to share tools for orgsec practitioners, security researchers and others. 

Below are resources built by community collaboration, desk research, interviews and group discussions. If you have any questions about using any of these, email orgsec@theengineroom.org.

The Toolkit

Research overview

đŸ—ș This report, Organisational Security Community: Challenges and Opportunities for Community Strengthening, provides an overview of the research we conducted, which forms the foundation for the tools below, and opportunities we identified for continued community strengthening.

The research is also available in Spanish: Comunidad de Seguridad Organizacional: DesafĂ­os y oportunidades para el fortalecimiento comunitario.

Monitoring and Evaluation Framework

📐  The Monitoring & Evaluation Framework is a tool to guide practitioners through assessing the orgsec practices of the organisations they support, both before and after providing support, so they can measure the impact of their work. The framework is designed to measure changes in organisational knowledge, attitude, behavior and condition, giving a clear and comprehensive picture of the achievements and solutions practitioners enable.

This framework is also available in Spanish: Marco de Monitoreo y EvaluaciĂłn para la Seguridad Organizacional.

Case Studies

📝 These case studies illustrate the consequences of digital attacks against human rights and alternative media organisations, while recommending how such organisations–and practitioners from all backgrounds supporting them–may mitigate digital attacks.

They are especially useful for researchers, practitioners and civil society organisations seeking to understand the threats in this space, as well as mitigation tactics conducted by the organisational security community.

Trends Report

📈 The Trends report is an analysis of cases drawn from incidents reported between April 2019 and March 2020 by organisational security practitioners from Eastern Europe, the MENA region and Southeast Asia, as reported in cases provided by Internews and by Access Now’s Digital Security Helpline.

This report demonstrates common threats and relevant patterns, and practitioners’ strategies to respond to attacks. It’s relevant for researchers and practitioners seeking to understand the threats in this space.

Archetypes & case studies building guide

đŸ§© The Archetypes & Case Studies Building Guide is a tool for practitioners to take in information about a threat or attack and build it into a shareable archetype or case study.

Attack archetypes illustrate threat patterns and scenarios that are commonly seen. They can help human rights organisations identify recommended digital protection practices, based on their organisation’s profile and the type of attacks they are experiencing (or might one day experience due to their profile).

Case studies seek to support practitioners and civil society organisations by illustrating the consequences of attacks and the benefits of deploying mitigation tactics, through a detailed description of a real-world scenario.

The guide is also available in Spanish: AnĂĄlisis de ataques: una guĂ­a para crear arquetipos y casos de estudio

Efficacy Matrix

⚖ The Efficacy matrix tool visualises mitigation techniques used by practitioners to respond to certain risks in different vectors – such as the organisation’s website, social media accounts or devices. It seeks to help human rights defenders organisations and digital safety experts by supporting them to choose and prioritize mitigation tactics based on observed effectiveness over time.

Looking for more?

We’ve learned a lot from this process and have tried to document our learnings along the way. You can:

Illustrated by Matilde Salinas.

MORE

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.