What we’re learning about roles, permissions and security

Posted February 9, 2015 by Maya Richman
Image from page 404 of "Dante and the early astronomers" (1913)

Deciding permissions can feel similar to mapping the cosmos in the 13th century. (Credit: Evershed, M. A. (Orr))

As our engine room family continues to grow, we are also changing and strengthening our organizational digital security practices and policies. After considering our threats and risks, we discovered our digital Achilles heel: the backend of our website was only as secure as our users’ weakest account password. So we knew we needed to force strong and regularly updated passwords, and we had to be smart about who had access to what information. Beyond improving security, simplifying roles and permissions, by removing access to unhelpful dashboards and irrelevant buttons, could streamline the user’s work experience, while hiding some of the organizations core features from any potential attack.

Continue reading

What We’ve Learned About Organizational Security in 2014

Posted January 9, 2015 by Alix Dunn
FontShop Bit Map

(Credit: Stephen Coles)

We define organizational security as a sustained, appropriate level of security in team communication and information management practices.

Even with a working definition, organizational security is a pretty complicated thing. When more than one person works together to achieve a goal, they need to be able to communicate and manage information to get things done. In the process, they start to develop systems. Systems are the result of a thousand little decisions. And when security isn’t a consideration in making these little decisions organizations can face big risk.

Continue reading

We’re hiring a responsible data program manager

Posted January 5, 2015 by Christopher Wilson

Care about ethics, privacy and security? Seen too many projects use tech without realizing what might go wrong? Want to help activists and human rights organizations be smart about using technology and avoid doing harm? Want to wrestle with difficult concepts like “informed consent” and figure out what they mean in real life?

If you can get excited about hard questions like these, and you’d like to be part of a lean, dedicated and distributed organization working at the intersection of technology and advocacy, then this might be a job for you.

Take a look at the Job Description, and reach out if you have questions. Otherwise, send a CV and a cover letter telling us why you’re a good fit. Applications should be sent to anneke@theengineroom.org [Anneke’s PGP key] before midnight UTC on January 21.

 

Gif credit: http://barrel-rider-moyra.tumblr.com/post/19400127895

We’re looking for unicorns.

Continue reading