Back to

Context Research

Summary

This component allows the auditor to identify the relevant regional and technological context needed to provide a safe and informed SAFETAG audit. This component consists of desk research that is collected and analyzed by the auditor, as well as inputs from the Interview component.

Purpose

Analysis of context is the foundation of effective risk management. Both at-risk organizations and auditors will develop assumptions based upon their experience. It is important that an audit is based on information that is current and accurate.

Checking the assumptions both of the organization and of the auditor by researching the current regional and technological context will ensure that an auditor is basing their work on accurate assessments of the conditions the organization faces and that they are making informed operational security considerations.

Guiding Questions

    • What infrastructural barriers exist in the region?
    • What are the top, non-targeted digital threats in this region?
    • What are the top targeted digital threats facing organizations doing this work in this region / country?
    • Are there legal ramifications to digital security in the country? (e.g. legality of encryption, anonymity tools, etc.)
    • Has any organization or individual made specific threats, or demonstrated intention or mindset to attack on the organization or similar organizations?

Operational Security

  • Use VPNs or Tor to search if conducting the search from a country that is highly competitive with the organization’s country, or is known to surveil.

Outputs

    • A summary of the most likely threats that the host and auditor may face:
      • Possible adversaries and their capacity and willingness to act against the host,
      • Latest general cyber-security threats,
      • Legal risks to host and auditor conducting a SAFETAG audit.
    • Modifications to the audit plan as necessary.

References and resources for Context Research