Internews is hosting the virtual Internet Freedom Festival (IFF) Organizational Security Village throughout this week (June 8-12)! The event is bringing together security auditors, digital security trainers, and other experts and practitioners for a five-day program of over 20 community-led sessions exploring five major themes in organizational security.
Sessions on Day 5 focused on funding OrgSec work and Monitoring & Evaluation.
Highlights from Day 5 of the OrgSec village included:
- A discussion around how small, local digital support initiatives can fund digital security assistance for nonprofits through strategic networking.
- A brainstorm around ways to better support digital security programs through informing and coordinating with donors.
- An open dialogue on evaluating audit success from an auditor’s perspective.
- A presentation of frameworks to measure the impact of organizational security work.
Key takeaways from the discussions included:
- Securing funding is a challenge for OrgSec practitioners. Organizations need to better incorporate digital and organizational security into their budgets and marketing and communications plans. More broadly, there is a need for coordination within the local and international OrgSec community to promote knowledge sharing and establish partnerships in order to educate and coordinate with donors more effectively. Donors also need to adopt digital security practices that allow them to engage with organizations and support their work safely.
- Community members debated the value of establishing certifications or skills qualifications for work in the space in order to reduce the reliance on trust networks. This could reduce barriers to funding and opportunities for work for new practitioners who may be less known to both funders and at-risk organizations seeking support. However, establishing community-wide agreed upon standards and mitigating the substantial additional barriers to entry (e.g. cost, training opportunities and locations, personal and unfunded time) caused by any such certification system pose a formidable challenge.
- Measuring the impact of OrgSec programs is important in order to evaluate and improve approaches and communicate success to donors. While it is easy to focus on measuring purely digital risk, is it important to bear in mind that effective OrgSec should take a holistic approach also incorporating psychosocial support and physical aspects.
- Whether to evaluate OrgSec interventions using shared community standards or by measuring change within an organization and against its own threat model continued to inspire debate among community members. The Engine Room shared a Monitoring and Evaluation Framework for Organisational Security - which takes the latter approach - for practitioners to adapt for their own M&E practices.
Thank you for participating in OrgSec this week! If you’d like to continue the conversation head to https://orgsec.community/display/OS. We will be posting shared notes from the event on the wiki next week!