- Basic contact and organizational information: name, org, org's stated mission
- Contextual research
- Size of staff
- Key roles in org for tech and management
- Structure: Management and Technical?
- (Program size, activities, information)
- (Change management)
- Languages used in office
What (if any) threats have occured to the organization and its partners? (digital, physical)
- What other threats are you concerned about? What has happened to other organizations in the space?
- Org responses to these threats - trainings, technical responses, organization process/change successes?
- Specific programs or other work outside of publicly stated mission that are high-risk
- Program use of technology (SMS surveys, blogs, facebook pages, other websites, media recording and broadcast ...?)
- Primary website
- Additional websites
- Website technologies (content management, hosting provider)
Technology in use:
- Desktop software (OS, Office)
- Desktop security tools (anti-virus, anti-malware, firewalls, vpns, disk encryption...)
- Servers (email, shared file system, networking tools, backups)
- Email, email hosts
- Other communication tools - skype, facebook, chat, mobile...
- Other less formal tools - external emails, dropbox...
- Internal network - wired, wireless, type of wireless network, ISP
- How is the office connected to the Internet?
- Power outages or other challenges?
Office setup and size
- Shared office space, shared floor or building?
- Physical security of the office?
- Office access and location
- Personal device usage
- Transporation means used to get to and from home
- Remote access to organizational resources (VPN, shared files)
Contextual / Background / Threat information
Practices and behaviors