A (new!) toolkit for organisational security practitioners

Research overview

🗺 This report, Organisational Security Community: Challenges and Opportunities for Community Strengthening, provides an overview of the research we conducted, which forms the foundation for the tools below, and opportunities we identified for continued community strengthening.

The research is also available in Spanish: Comunidad de Seguridad Organizacional: Desafíos y oportunidades para el fortalecimiento comunitario.

Monitoring and Evaluation Framework

📐  The Monitoring & Evaluation Framework is a tool to guide practitioners through assessing the orgsec practices of the organisations they support, both before and after providing support, so they can measure the impact of their work. The framework is designed to measure changes in organisational knowledge, attitude, behavior and condition, giving a clear and comprehensive picture of the achievements and solutions practitioners enable.

This framework is also available in Spanish: Marco de Monitoreo y Evaluación para la Seguridad Organizacional.

Case Studies

📝 These case studies illustrate the consequences of digital attacks against human rights and alternative media organisations, while recommending how such organisations–and practitioners from all backgrounds supporting them–may mitigate digital attacks.

They are especially useful for researchers, practitioners and civil society organisations seeking to understand the threats in this space, as well as mitigation tactics conducted by the organisational security community.

• DDoS Attacks
• Spear phishing Attacks
• Watering Hole Attacks
  

Trends Report

📈 The Trends report is an analysis of cases drawn from incidents reported between April 2019 and March 2020 by organisational security practitioners from Eastern Europe, the MENA region and Southeast Asia, as reported in cases provided by Internews and by Access Now’s Digital Security Helpline.

This report demonstrates common threats and relevant patterns, and practitioners’ strategies to respond to attacks. It’s relevant for researchers and practitioners seeking to understand the threats in this space.

Archetypes & case studies building guide

🧩 The Archetypes & Case Studies Building Guide is a tool for practitioners to take in information about a threat or attack and build it into a shareable archetype or case study.

Attack archetypes illustrate threat patterns and scenarios that are commonly seen. They can help human rights organisations identify recommended digital protection practices, based on their organisation’s profile and the type of attacks they are experiencing (or might one day experience due to their profile).

Case studies seek to support practitioners and civil society organisations by illustrating the consequences of attacks and the benefits of deploying mitigation tactics, through a detailed description of a real-world scenario.

The guide is also available in Spanish: Análisis de ataques: una guía para crear arquetipos y casos de estudio

Efficacy Matrix

⚖️ The Efficacy matrix tool visualises mitigation techniques used by practitioners to respond to certain risks in different vectors – such as the organisation’s website, social media accounts or devices. It seeks to help human rights defenders organisations and digital safety experts by supporting them to choose and prioritize mitigation tactics based on observed effectiveness over time.