Security resources organized by topic: Difference between revisions
→Resource collections related to security: added front line workbook |
|||
(33 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Building awareness of how we respond to threat and stress == | == Building awareness of how we respond to threat and stress == | ||
''Developing a useful security strategy is heavily dependent on our perception – we need to be able to identify and analyse threats in order to implement ways of avoiding or reducing them. But we all perceive the world around us differently based on our circumstances, experiences and many other factors. As a result, our perception can sometimes be hindered: threats which may be evident to some people may go unrecognised by others; similarly, we also need to be able to tell the difference between threats which are genuinely possible and those which we falsely perceive, called 'unfounded fears'. It's a good idea to become familiar with factors that condition our perceptions of threat, and consider ways that we can take these into account in our security planning.'' (Source: [https://holistic-security.tacticaltech.org/chapters/prepare/1-2-individual-responses-to-threat.html Holistic Security Manual]) | ''Developing a useful security strategy is heavily dependent on our perception – we need to be able to identify and analyse threats in order to implement ways of avoiding or reducing them. But we all perceive the world around us differently based on our circumstances, experiences and many other factors. As a result, our perception can sometimes be hindered: threats which may be evident to some people may go unrecognised by others; similarly, we also need to be able to tell the difference between threats which are genuinely possible and those which we falsely perceive, called 'unfounded fears'. It's a good idea to become familiar with factors that condition our perceptions of threat, and consider ways that we can take these into account in our security planning.'' (Source: [https://holistic-security.tacticaltech.org/chapters/prepare/1-2-individual-responses-to-threat.html Holistic Security Manual]) | ||
Line 6: | Line 4: | ||
Resources: | Resources: | ||
* [https://holistic-security.tacticaltech.org/chapters/prepare/1-2-individual-responses-to-threat.html Exploring individual responses to threat] (Holistic Security Manual) | * [https://holistic-security.tacticaltech.org/chapters/prepare/1-2-individual-responses-to-threat.html '''Exploring individual responses to threat'''] (Holistic Security Manual) | ||
* [https://holistic-security.tacticaltech.org/chapters/prepare/1-4-team-and-peer-responses-to-threat.html Exploring group responses to threat] (Holistic Security Manual) | * [https://holistic-security.tacticaltech.org/chapters/prepare/1-4-team-and-peer-responses-to-threat.html '''Exploring group responses to threat'''] (Holistic Security Manual) | ||
* [https://holistic-security.tacticaltech.org/chapters/prepare/1-5-communicating-about-threats-in-teams-and-organisations.html Communicating about security in teams and organizations] (Holistic Security Manual) | * [https://holistic-security.tacticaltech.org/chapters/prepare/1-5-communicating-about-threats-in-teams-and-organisations.html '''Communicating about security in teams and organizations'''] (Holistic Security Manual) | ||
== Understanding our threats and context == | == Understanding our threats and context == | ||
Line 15: | Line 13: | ||
Situation monitoring and analysis is the broadest kind of analysis of our context: observing the political, economic, social, technological, legal and environmental developments in society which are relevant to our work, and may impact our security situation. (Source: [https://holistic-security.tacticaltech.org/chapters/explore/2-2-situation-monitoring-and-analysis.html Holistic Security Manual]) | Situation monitoring and analysis is the broadest kind of analysis of our context: observing the political, economic, social, technological, legal and environmental developments in society which are relevant to our work, and may impact our security situation. (Source: [https://holistic-security.tacticaltech.org/chapters/explore/2-2-situation-monitoring-and-analysis.html Holistic Security Manual]) | ||
Exercise: [https://holistic-security.tacticaltech.org/exercises/explore/situational-monitoring-a-quick-pestle-analysis.html Pestle analysis] (Holistic Security Manual) | Exercise: [https://holistic-security.tacticaltech.org/exercises/explore/situational-monitoring-a-quick-pestle-analysis.html '''Pestle analysis'''] (Holistic Security Manual) | ||
Tool: '''[https://tnr-research.uwazi.io/ Research Database on transnational repression]''' - This collection of research reports on transnational repression can help human rights defenders better understand: | |||
* Transnational Repression (TNR) threats that are possible, to determine appropriate mitigation techniques | |||
* Which TNR threats are unlikely, in order to alleviate fear | |||
* What exiled HRDs can expect from a host country in terms of protection measures | |||
* Existing campaigns to strengthen protection for exiled HRDs | |||
=== Identifying, analyzing and prioritizing threats === | === Identifying, analyzing and prioritizing threats === | ||
==== Map the actors ==== | ==== Map the actors ==== | ||
''It is valuable to get a clear picture of all the actors in our environment (individuals, institutions, organizations, etc). Threats almost always come | ''It is valuable to get a clear picture of all the actors in our environment (individuals, institutions, organizations, etc). Threats almost always come from someone or something. Knowing as much as we can about the actors in our context improves our perception of our environment and thereby, our ability to carry out activities to maintain or expand our space for work.'' (Source: [https://holistic-security.tacticaltech.org/chapters/explore/2-3-vision-strategy-and-actors.html Holistic Security Manual]) | ||
Exercise: | Exercise: | ||
* [https://holistic-security.tacticaltech.org/exercises/explore/visual-actor-mapping-part-1.html Spectrum of allies] (Holistic Security Manual) | * [https://holistic-security.tacticaltech.org/exercises/explore/visual-actor-mapping-part-1.html '''Spectrum of allies'''] (Holistic Security Manual) | ||
* [https://newtactics.org/resource/exercises-identifying-allies-opponents Spectrum of allies] (New Tactics in Human Rights project) | * [https://newtactics.org/resource/exercises-identifying-allies-opponents '''Spectrum of allies'''] (New Tactics in Human Rights project) | ||
==== Brainstorm threats ==== | ==== Brainstorm threats ==== | ||
This exercise is a first attempt at identifying the threats to yourself, your group or organization and your work in defense of human rights. This initial list of threats can then be refined so as to focus in more depth on the threats which are most likely or potentially most harmful. (Source: [https://holistic-security.tacticaltech.org/exercises/explore/threat-brainstorm.html Holistic Security Manual]) | This exercise is a first attempt at identifying the threats to yourself, your group or organization and your work in defense of human rights. This initial list of threats can then be refined so as to focus in more depth on the threats which are most likely or potentially most harmful. (Source: [https://holistic-security.tacticaltech.org/exercises/explore/threat-brainstorm.html Holistic Security Manual]) | ||
Exercise: [https://holistic-security.tacticaltech.org/exercises/explore/threat-brainstorm.html Threat brainstorm] (Holistic Security Manual) | Exercise: [https://holistic-security.tacticaltech.org/exercises/explore/threat-brainstorm.html '''Threat brainstorm'''] (Holistic Security Manual) | ||
==== Analyzing risk, prioritizing threats ==== | ==== Analyzing risk, prioritizing threats ==== | ||
Threats can be viewed and categorized in light of the following: the | Threats can be viewed and categorized in light of the following: the likelihood that the threat will take place, and the impact if and when it does. Likelihood and impact are concepts which help us determine risk: the higher the likelihood or impact of a threat, the higher the risk. Categorizing threats can help to keep us from feeling overwhelmed and keep our perception of threats realistic. (Source: [https://holistic-security.tacticaltech.org/chapters/explore/2-8-identifying-and-analysing-threats.html Holistic Security Manual]) | ||
Categorizing threats | |||
Exercise: [https://holistic-security.tacticaltech.org/chapters/explore/2-8-identifying-and-analysing-threats.html '''Threat matrix'''] (Holistic Security Manual) | |||
Tools: | |||
* The Ford Foundation’s [https://www.fordfoundation.org/work/our-grants/building-institutions-and-networks/cybersecurity-assessment-tool/ '''Cybersecurity Assessment Tool (CAT)'''] is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. We have created this questionnaire with busy nontechnical grant makers, grantee partners, civil society organizations, and nonprofits in mind, and we hope it helps shine some light on a recommended path forward for any organization undertaking a cybersecurity journey | |||
==== Analyze threats ==== | ==== Analyze threats ==== | ||
This exercise will help you prioritize threats and divine the causes, ramifications, sources as well as the required resources, existing actions and possible next steps. | This exercise will help you prioritize threats and divine the causes, ramifications, sources as well as the required resources, existing actions and possible next steps. | ||
Exercise: [https://holistic-security.tacticaltech.org/exercises/explore/threat-inventory.html | Exercise: [https://holistic-security.tacticaltech.org/exercises/explore/threat-inventory.html '''Threat inventory'''] (Holistic Security Manual) | ||
== Risk mitigation == | == Risk mitigation == | ||
In order to build a response to the threats we face, we can consider them in terms of the factors which make us more or less susceptible to them. Read more in [https://holistic-security.tacticaltech.org/chapters/strategise/3-1-responding-to-threats.html this chapter of the Holistic Security Manual]. | In order to build a response to the threats we face, we can consider them in terms of the factors which make us more or less susceptible to them. Read more in [https://holistic-security.tacticaltech.org/chapters/strategise/3-1-responding-to-threats.html this chapter of the Holistic Security Manual]. | ||
=== Protect your devices | === Mitigation techniques for common threats to information === | ||
* [[How to mitigate your risk of being subject to Pegasus surveillance]], and other spyware | {| class="wikitable" | ||
* [[ | |+ | ||
! Threat | |||
!Mitigation techniques and links to guidance | |||
|- | |||
|Data loss | |||
| | |||
* [[Ways to securely store and share files|Have your information securely in the cloud or on a server]] | |||
* Have a backup process | |||
|- | |||
|Compromised accounts | |||
| | |||
* [[Protect your accounts using strong passwords, pw managers, 2fa|Use two factor authentication for all accounts]] | |||
* [[Protect your accounts using strong passwords, pw managers, 2fa|Use unique, complex passwords for all accounts]] | |||
* [[Protect your accounts using strong passwords, pw managers, 2fa|Use a password manager to create, store and protect those passwords]] | |||
|- | |||
|Device inspection at checkpoints | |||
| | |||
* [[Use a secure messaging app#Tip: use automatic disappearing messages|Use automated disappearing messages on your messaging apps]] | |||
* [[Ways to securely store and share files|Have your sensitive information stored safely in the cloud and off of your device]] | |||
* Hide or delete any apps that would provide access to this information (you can restore that app later) | |||
|- | |||
|Device confiscation or theft | |||
| | |||
* [[Secure your devices#Full disk encryption|Encrypt your devices]] | |||
* And, review and adapt the same advice above for “device inspection” threat | |||
|- | |||
|Information handover | |||
| | |||
* [[Trusted hosting companies in the human rights community|Host your information with a company you trust]], who will not turn over information to your opponents (via subpoena, request, etc) | |||
|- | |||
|Targeted malware or spyware | |||
| | |||
* [[Protect your accounts using strong passwords, pw managers, 2fa#Be aware of spear phishing attacks|Protect yourselves against (spear) phishing attacks]] | |||
* Use a second device for sensitive activities | |||
* [[How to mitigate your risk of being subject to Pegasus surveillance|Restart your device regularly to disrupt spyware]] | |||
* [[Secure your devices|Use anti virus]] | |||
* [[How to mitigate your risk of being subject to Pegasus surveillance]], and other spyware | |||
|- | |||
|Surveillance and monitoring | |||
| | |||
* [[Safe internet browsing using VPN and Tor browser|Use a VPN and/or Tor browser]] | |||
* [[Use a secure messaging app]] | |||
* [[How to collect and store information in a secure way]] | |||
* [[Ways to securely store and share files|How to use Google Drive safely and alternatives to Google Drive]] | |||
|- | |||
|Website hacking and takeover | |||
| | |||
* [[Protect your website|Protect your website from DDOS attacks]] | |||
* [[Trusted hosting companies in the human rights community|Use a host company that you trust]] | |||
* And, review and adapt the same advice above for "compromised accounts" | |||
|} | |||
Other important considerations when collecting, storing, using sensitive information: | |||
{| class="wikitable" | |||
|+ | |||
!Consideration | |||
!Resources | |||
|- | |||
|Make sure you have informed consent from the people you are collecting information | |||
|[[Guidance on informed consent]] | |||
|- | |||
| | |||
| | |||
|- | |||
| | |||
| | |||
|} | |||
* [[Information Security for Human Rights Defenders]] | |||
=== | ===Mitigation techniques for online harassment=== | ||
[[ | [[How to deal with online harassment and threats]] | ||
==Security planning == | |||
Once we have clarity about the threats we face during our activities, we can begin to organize our security protocols into security plans or agreements. There are three main areas to consider when developing any security plans: | |||
# '''PREPARE: Prevention of threats''' - Most security plans will include tactics which aim to prevent identified threats from taking place (i.e. reducing their likelihood). This will include: | |||
## Identify & assess the threats and your vulnerabilities | |||
## Develop security policies and procedures | |||
## Implement preventive measures | |||
## Invest in Security Awareness Programs | |||
## Conduct Security testing | |||
# '''RESPOND: Emergency responses''' - Emergency plans, also called contingency plans, are the actions which we take in response to a threat becoming a reality. This will include: | |||
## Build Incident Response Plan | |||
## Communication Strategy | |||
## Business continuity plan | |||
## Disaster recovery plan (Data Backups and Recovery) | |||
## Communication and Collaboration | |||
# '''TREAT: Well-being considerations''' - Actions we take to maintain our physical energy and a mindful approach to our work and our security –it may include such considerations as where and when we will eat, sleep, relax and enjoy ourselves in the course of our work. This will include: | |||
## Analyze lessons learned | |||
## Recovery and Remediation | |||
## Psychological safety considerations, | |||
## Review and update your security plans and approach | |||
For more information, read '''[[General guidance for creating security plans and agreements]]''' and review [https://holistic-security.tacticaltech.org/chapters/strategise/3-3-creating-security-plans-and-agreements.html this chapter of the Holistic Security Manual]. | |||
Additional resources: | |||
* Consumer Reports [https://securityplanner.consumerreports.org/ '''Security Planner'''] is a free, easy-to-use guide to staying safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from smartphones to home security cameras, and reducing intrusive tracking by websites. | |||
[ | * [https://www.nist.gov/itl/smallbusinesscyber/nist-cybersecurity-framework-0 '''NIST Cybersecurity Framework 2.0''']: Small Business Quick Start Guide - provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy using the NIST Cybersecurity Framework (CSF) 2.0. (by the ''National Institute of Standards and Technology)'' | ||
== Security planning == | ===Security planning on specific topics=== | ||
[[General | * [[General tips for international travel]] | ||
* [[General tips for home security]] | |||
[https:// | == Building a culture of security within a team == | ||
[https://level-up.cc/ '''LevelUp'''] is a collection of resources for the global digital safety training community. | |||
[https://wiki.orgsec.community/ '''Organisational security community wiki'''] is a resource created by and for security practitioners from all backgrounds to share useful resources and document innovative approaches to long-term security work. | |||
[ | |||
==Resource collections related to security == | |||
== Resource collections == | |||
[https://digitalfirstaid.org/ '''Digital First Aid Kit'''] - The Digital First Aid Kit is a free resource to help rapid responders, digital security trainers, and tech-savvy activists to better protect themselves and the communities they support against the most common types of digital emergencies. It can also be used by activists, human rights defenders, bloggers, journalists or media activists who want to learn more about how they can protect themselves and support others. If you or someone you are assisting is experiencing a digital emergency, the Digital First Aid Kit will guide you in diagnosing the issues you are facing, and refer you to support providers for further help if needed. | [https://digitalfirstaid.org/ '''Digital First Aid Kit'''] - The Digital First Aid Kit is a free resource to help rapid responders, digital security trainers, and tech-savvy activists to better protect themselves and the communities they support against the most common types of digital emergencies. It can also be used by activists, human rights defenders, bloggers, journalists or media activists who want to learn more about how they can protect themselves and support others. If you or someone you are assisting is experiencing a digital emergency, the Digital First Aid Kit will guide you in diagnosing the issues you are facing, and refer you to support providers for further help if needed. | ||
Line 89: | Line 172: | ||
[https://cyber-star.org/ '''CyberSTAR'''], by SecDev, makes it easier for small organizations and individuals to understand and manage digital safety by organizing it around six themes. This site presents learning resources to help you be safer online—plus teaching resources for digital safety trainers. | [https://cyber-star.org/ '''CyberSTAR'''], by SecDev, makes it easier for small organizations and individuals to understand and manage digital safety by organizing it around six themes. This site presents learning resources to help you be safer online—plus teaching resources for digital safety trainers. | ||
[https://totem-project.org/ '''Totem project'''] - Developed in collaboration by Greenhost and Free Press Unlimited, Totem is a '''free''' '''online learning platform''' that offers educational courses about digital security and privacy, and related tools and tactics for journalists, activists and human rights defenders in a safe, online classroom environment. | |||
[https://advocacyassembly.org/en/courses?category=1 '''Advocacy Assembly''' online courses related to digital security] - Advocacy Assembly is a '''free e-learning platform''' featuring dozens of courses for human rights activists, campaigners and journalists. | |||
[https://www.saferedge.com/learning '''Safer Edge''' online courses] (not free) - Safer Edge works with security, safeguarding and risk advisory professionals with a wide range of expertise, skills and experience. Team and consultants have experience working internationally in the humanitarian and development contexts in a range of risk contexts. In-house team speaks English, French, Spanish, Portuguese, Arabic and Russian. | |||
[https://academy.amnesty.org/ '''Amnesty International's Human Rights Academy'''] is a free online learning platform that allows participants to embark on a self-paced learning journey to understand the principles of human rights and how to use them as a tool for positive change. We believe that knowledge of rights is essential for claiming them, defending them, and promoting them and hope that our courses will inspire you to take action. | |||
[https://www.protectioninternational.org/tools/protection-manuals/ '''Protection International's Protection Manuals'''] for Human Rights Defenders - These manuals were developed to provide human rights defenders with additional knowledge and tools to improve their understanding of security and protection. | |||
[https://www.frontlinedefenders.org/en/digital-protection-resources '''Front Line Defenders Digital Protection Resources'''] - Front Line Defenders Digital Protection programme responds to the digital security environment facing HRDs and develops tools, guides and reosources to complement its training and consultation programming. | |||
[ | [https://ssd.eff.org/ '''Surveillance Self-Defense'''] toolkit by Electronic Frontier Foundation - "We’re the Electronic Frontier Foundation, an independent non-profit working to protect online privacy for over thirty years. This is Surveillance Self-Defense: our expert guide to protecting you and your friends from online spying." | ||
[ | [https://securityinabox.org/en/ '''Security in a Box'''] primarily aims to help a global community of human rights defenders whose work puts them at risk. It has been recognized worldwide as a foundational resource for helping people at risk protect their digital security and privacy. | ||
[ | '''[https://www.frontlinedefenders.org/en/resource-publication/workbook-security-practical-steps-human-rights-defenders-risk Front Line Defenders Workbook on Security]''' has been inspired by the hundreds of HRDs from over 50 countries who have attended Front Line Defenders workshops on security and protection. The Workbook takes you through the steps to producing a security plan – for yourself and for your organisation (for those HRDs who are working in organisations). It follows a systematic approach for assessing your security situation and developing risk and vulnerability reduction strategies and tactics. Manual available in French, Spanish, Russian, Arabic, Turkish, Portuguese, Urdu, Somali, Dari, and Chinese. |
Latest revision as of 17:49, 7 November 2024
Building awareness of how we respond to threat and stress
Developing a useful security strategy is heavily dependent on our perception – we need to be able to identify and analyse threats in order to implement ways of avoiding or reducing them. But we all perceive the world around us differently based on our circumstances, experiences and many other factors. As a result, our perception can sometimes be hindered: threats which may be evident to some people may go unrecognised by others; similarly, we also need to be able to tell the difference between threats which are genuinely possible and those which we falsely perceive, called 'unfounded fears'. It's a good idea to become familiar with factors that condition our perceptions of threat, and consider ways that we can take these into account in our security planning. (Source: Holistic Security Manual)
Resources:
- Exploring individual responses to threat (Holistic Security Manual)
- Exploring group responses to threat (Holistic Security Manual)
- Communicating about security in teams and organizations (Holistic Security Manual)
Understanding our threats and context
Situation monitoring and analysis
Situation monitoring and analysis is the broadest kind of analysis of our context: observing the political, economic, social, technological, legal and environmental developments in society which are relevant to our work, and may impact our security situation. (Source: Holistic Security Manual)
Exercise: Pestle analysis (Holistic Security Manual)
Tool: Research Database on transnational repression - This collection of research reports on transnational repression can help human rights defenders better understand:
- Transnational Repression (TNR) threats that are possible, to determine appropriate mitigation techniques
- Which TNR threats are unlikely, in order to alleviate fear
- What exiled HRDs can expect from a host country in terms of protection measures
- Existing campaigns to strengthen protection for exiled HRDs
Identifying, analyzing and prioritizing threats
Map the actors
It is valuable to get a clear picture of all the actors in our environment (individuals, institutions, organizations, etc). Threats almost always come from someone or something. Knowing as much as we can about the actors in our context improves our perception of our environment and thereby, our ability to carry out activities to maintain or expand our space for work. (Source: Holistic Security Manual)
Exercise:
- Spectrum of allies (Holistic Security Manual)
- Spectrum of allies (New Tactics in Human Rights project)
Brainstorm threats
This exercise is a first attempt at identifying the threats to yourself, your group or organization and your work in defense of human rights. This initial list of threats can then be refined so as to focus in more depth on the threats which are most likely or potentially most harmful. (Source: Holistic Security Manual)
Exercise: Threat brainstorm (Holistic Security Manual)
Analyzing risk, prioritizing threats
Threats can be viewed and categorized in light of the following: the likelihood that the threat will take place, and the impact if and when it does. Likelihood and impact are concepts which help us determine risk: the higher the likelihood or impact of a threat, the higher the risk. Categorizing threats can help to keep us from feeling overwhelmed and keep our perception of threats realistic. (Source: Holistic Security Manual)
Exercise: Threat matrix (Holistic Security Manual)
Tools:
- The Ford Foundation’s Cybersecurity Assessment Tool (CAT) is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. We have created this questionnaire with busy nontechnical grant makers, grantee partners, civil society organizations, and nonprofits in mind, and we hope it helps shine some light on a recommended path forward for any organization undertaking a cybersecurity journey
Analyze threats
This exercise will help you prioritize threats and divine the causes, ramifications, sources as well as the required resources, existing actions and possible next steps.
Exercise: Threat inventory (Holistic Security Manual)
Risk mitigation
In order to build a response to the threats we face, we can consider them in terms of the factors which make us more or less susceptible to them. Read more in this chapter of the Holistic Security Manual.
Mitigation techniques for common threats to information
Threat | Mitigation techniques and links to guidance |
---|---|
Data loss |
|
Compromised accounts | |
Device inspection at checkpoints |
|
Device confiscation or theft |
|
Information handover |
|
Targeted malware or spyware |
|
Surveillance and monitoring | |
Website hacking and takeover |
|
Other important considerations when collecting, storing, using sensitive information:
Consideration | Resources |
---|---|
Make sure you have informed consent from the people you are collecting information | Guidance on informed consent |
Mitigation techniques for online harassment
How to deal with online harassment and threats
Security planning
Once we have clarity about the threats we face during our activities, we can begin to organize our security protocols into security plans or agreements. There are three main areas to consider when developing any security plans:
- PREPARE: Prevention of threats - Most security plans will include tactics which aim to prevent identified threats from taking place (i.e. reducing their likelihood). This will include:
- Identify & assess the threats and your vulnerabilities
- Develop security policies and procedures
- Implement preventive measures
- Invest in Security Awareness Programs
- Conduct Security testing
- RESPOND: Emergency responses - Emergency plans, also called contingency plans, are the actions which we take in response to a threat becoming a reality. This will include:
- Build Incident Response Plan
- Communication Strategy
- Business continuity plan
- Disaster recovery plan (Data Backups and Recovery)
- Communication and Collaboration
- TREAT: Well-being considerations - Actions we take to maintain our physical energy and a mindful approach to our work and our security –it may include such considerations as where and when we will eat, sleep, relax and enjoy ourselves in the course of our work. This will include:
- Analyze lessons learned
- Recovery and Remediation
- Psychological safety considerations,
- Review and update your security plans and approach
For more information, read General guidance for creating security plans and agreements and review this chapter of the Holistic Security Manual.
Additional resources:
- Consumer Reports Security Planner is a free, easy-to-use guide to staying safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from smartphones to home security cameras, and reducing intrusive tracking by websites.
- NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide - provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy using the NIST Cybersecurity Framework (CSF) 2.0. (by the National Institute of Standards and Technology)
Security planning on specific topics
Building a culture of security within a team
LevelUp is a collection of resources for the global digital safety training community.
Organisational security community wiki is a resource created by and for security practitioners from all backgrounds to share useful resources and document innovative approaches to long-term security work.
Digital First Aid Kit - The Digital First Aid Kit is a free resource to help rapid responders, digital security trainers, and tech-savvy activists to better protect themselves and the communities they support against the most common types of digital emergencies. It can also be used by activists, human rights defenders, bloggers, journalists or media activists who want to learn more about how they can protect themselves and support others. If you or someone you are assisting is experiencing a digital emergency, the Digital First Aid Kit will guide you in diagnosing the issues you are facing, and refer you to support providers for further help if needed.
Access Now Help Desk documentation
CyberSTAR, by SecDev, makes it easier for small organizations and individuals to understand and manage digital safety by organizing it around six themes. This site presents learning resources to help you be safer online—plus teaching resources for digital safety trainers.
Totem project - Developed in collaboration by Greenhost and Free Press Unlimited, Totem is a free online learning platform that offers educational courses about digital security and privacy, and related tools and tactics for journalists, activists and human rights defenders in a safe, online classroom environment.
Advocacy Assembly online courses related to digital security - Advocacy Assembly is a free e-learning platform featuring dozens of courses for human rights activists, campaigners and journalists.
Safer Edge online courses (not free) - Safer Edge works with security, safeguarding and risk advisory professionals with a wide range of expertise, skills and experience. Team and consultants have experience working internationally in the humanitarian and development contexts in a range of risk contexts. In-house team speaks English, French, Spanish, Portuguese, Arabic and Russian.
Amnesty International's Human Rights Academy is a free online learning platform that allows participants to embark on a self-paced learning journey to understand the principles of human rights and how to use them as a tool for positive change. We believe that knowledge of rights is essential for claiming them, defending them, and promoting them and hope that our courses will inspire you to take action.
Protection International's Protection Manuals for Human Rights Defenders - These manuals were developed to provide human rights defenders with additional knowledge and tools to improve their understanding of security and protection.
Front Line Defenders Digital Protection Resources - Front Line Defenders Digital Protection programme responds to the digital security environment facing HRDs and develops tools, guides and reosources to complement its training and consultation programming.
Surveillance Self-Defense toolkit by Electronic Frontier Foundation - "We’re the Electronic Frontier Foundation, an independent non-profit working to protect online privacy for over thirty years. This is Surveillance Self-Defense: our expert guide to protecting you and your friends from online spying."
Security in a Box primarily aims to help a global community of human rights defenders whose work puts them at risk. It has been recognized worldwide as a foundational resource for helping people at risk protect their digital security and privacy.
Front Line Defenders Workbook on Security has been inspired by the hundreds of HRDs from over 50 countries who have attended Front Line Defenders workshops on security and protection. The Workbook takes you through the steps to producing a security plan – for yourself and for your organisation (for those HRDs who are working in organisations). It follows a systematic approach for assessing your security situation and developing risk and vulnerability reduction strategies and tactics. Manual available in French, Spanish, Russian, Arabic, Turkish, Portuguese, Urdu, Somali, Dari, and Chinese.