Security resources organized by topic: Difference between revisions

From TCU Wiki
Kristin1 (talk | contribs)
Kristin1 (talk | contribs)
No edit summary
Line 1: Line 1:
'''[ 🚧 Under Construction]'''
'''[ 🚧 Under Construction]'''


== Context analysis ==
== Building awareness of how we respond to threat and stress ==
How the Internet works...
''Developing a useful security strategy is heavily dependent on our perception – we need to be able to identify and analyse threats in order to implement ways of avoiding or reducing them. But we all perceive the world around us differently based on our circumstances, experiences and many other factors. As a result, our perception can sometimes be hindered: threats which may be evident to some people may go unrecognised by others; similarly, we also need to be able to tell the difference between threats which are genuinely possible and those which we falsely perceive, called 'unfounded fears'. It's a good idea to become familiar with factors that condition our perceptions of threat, and consider ways that we can take these into account in our security planning.'' (Source: [https://holistic-security.tacticaltech.org/chapters/prepare/1-2-individual-responses-to-threat.html Holistic Security Manual])


== Assessing risk ==
Resources:
Consumer Reports [https://securityplanner.consumerreports.org/ '''Security Planner'''] is a free, easy-to-use guide to staying safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from smartphones to home security cameras, and reducing intrusive tracking by websites.


The Ford Foundation’s [https://www.fordfoundation.org/work/our-grants/building-institutions-and-networks/cybersecurity-assessment-tool/ '''Cybersecurity Assessment Tool (CAT)'''] is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. We have created this questionnaire with busy nontechnical grant makers, grantee partners, civil society organizations, and nonprofits in mind, and we hope it helps shine some light on a recommended path forward for any organization undertaking a cybersecurity journey.
* [https://holistic-security.tacticaltech.org/chapters/prepare/1-2-individual-responses-to-threat.html Exploring individual responses to threat] (Holistic Security Manual)
* [https://holistic-security.tacticaltech.org/chapters/prepare/1-4-team-and-peer-responses-to-threat.html Exploring group responses to threat] (Holistic Security Manual)
* [https://holistic-security.tacticaltech.org/chapters/prepare/1-5-communicating-about-threats-in-teams-and-organisations.html Communicating about security in teams and organizations] (Holistic Security Manual)


== Analyzing threats ==
== Understanding our threats and context ==
Threats to your information:


* Data loss
=== Situation monitoring and analysis ===
* Compromised accounts
Situation monitoring and analysis is the broadest kind of analysis of our context: observing the political, economic, social, technological, legal and environmental developments in society which are relevant to our work, and may impact our security situation. (Source: [https://holistic-security.tacticaltech.org/chapters/explore/2-2-situation-monitoring-and-analysis.html Holistic Security Manual])
* Device inspection at checkpoints
* Device confiscation or theft
* Information handover
* Targeted malware
* Surveillance and monitoring


== Determine mitigation measures ==
Exercise:
 
* [https://holistic-security.tacticaltech.org/exercises/explore/situational-monitoring-a-quick-pestle-analysis.html Pestle analysis] (Holistic Security Manual)
 
=== Identifying, analysing and prioritising threats ===
 
==== Map the actors ====
Brainstorm threats
 
Prioritizing threats
 
Analyse threats
 
 
=== Risk assessment tools ===
Risk is ....Consumer Reports [https://securityplanner.consumerreports.org/ '''Security Planner'''] is a free, easy-to-use guide to staying safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from smartphones to home security cameras, and reducing intrusive tracking by websites.
 
The Ford Foundation’s [https://www.fordfoundation.org/work/our-grants/building-institutions-and-networks/cybersecurity-assessment-tool/ '''Cybersecurity Assessment Tool (CAT)'''] is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. We have created this questionnaire with busy nontechnical grant makers, grantee partners, civil society organizations, and nonprofits in mind, and we hope it helps shine some light on a recommended path forward for any organization undertaking a cybersecurity journey
 
== Risk mitigation ==


=== Protect your devices ===
=== Protect your devices ===

Revision as of 15:47, 7 May 2024

[ 🚧 Under Construction]

Building awareness of how we respond to threat and stress

Developing a useful security strategy is heavily dependent on our perception – we need to be able to identify and analyse threats in order to implement ways of avoiding or reducing them. But we all perceive the world around us differently based on our circumstances, experiences and many other factors. As a result, our perception can sometimes be hindered: threats which may be evident to some people may go unrecognised by others; similarly, we also need to be able to tell the difference between threats which are genuinely possible and those which we falsely perceive, called 'unfounded fears'. It's a good idea to become familiar with factors that condition our perceptions of threat, and consider ways that we can take these into account in our security planning. (Source: Holistic Security Manual)

Resources:

Understanding our threats and context

Situation monitoring and analysis

Situation monitoring and analysis is the broadest kind of analysis of our context: observing the political, economic, social, technological, legal and environmental developments in society which are relevant to our work, and may impact our security situation. (Source: Holistic Security Manual)

Exercise:

Identifying, analysing and prioritising threats

Map the actors

Brainstorm threats

Prioritizing threats

Analyse threats


Risk assessment tools

Risk is ....Consumer Reports Security Planner is a free, easy-to-use guide to staying safer online. It provides personalized recommendations and expert advice on topics such as keeping social media accounts from being hacked, locking down devices ranging from smartphones to home security cameras, and reducing intrusive tracking by websites.

The Ford Foundation’s Cybersecurity Assessment Tool (CAT) is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. We have created this questionnaire with busy nontechnical grant makers, grantee partners, civil society organizations, and nonprofits in mind, and we hope it helps shine some light on a recommended path forward for any organization undertaking a cybersecurity journey

Risk mitigation

Protect your devices

Protect yourself online

Protect your accounts using strong passwords, pw managers, 2fa - These resources include videos that explain why strong passwords are so important, how to use password managers, and how to use two factor authentication to protect your accounts.

Safe internet browsing using VPN and Tor browser - These resources will help you keep your internet activities private by using a virtual private network (VPN) or the Tor internet browser. These are very helpful tools if you think an adversary has the capacity and interest to monitor and surveil your activities online.

Protect your information

Online harassment

How to deal with online harassment and threats

Producing security plans

General guidance for creating security plans and agreements

NIST Cybersecurity Framework 2.0:  Small Business Quick Start Guide - provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy using the NIST Cybersecurity Framework (CSF) 2.0. (by the National Institute of Standards and Technology)

Security considerations when travelling

General tips for international travel


Resource collections

Digital First Aid Kit - The Digital First Aid Kit is a free resource to help rapid responders, digital security trainers, and tech-savvy activists to better protect themselves and the communities they support against the most common types of digital emergencies. It can also be used by activists, human rights defenders, bloggers, journalists or media activists who want to learn more about how they can protect themselves and support others. If you or someone you are assisting is experiencing a digital emergency, the Digital First Aid Kit will guide you in diagnosing the issues you are facing, and refer you to support providers for further help if needed.

Access Now Help Desk documentation

CyberSTAR, by SecDev, makes it easier for small organizations and individuals to understand and manage digital safety by organizing it around six themes. This site presents learning resources to help you be safer online—plus teaching resources for digital safety trainers.


More info:

Secure storage for sensitive information

Secure access to sensitive information

Secure your devices