- What infrastructural barriers exist in the region?
- What are the top, non-targeted digital threats in this region?
- What are the top targeted digital threats facing organizations doing this work in this region / country?
- Are there legal ramifications to digital security in the country? (e.g. legality of encryption, anonymity tools, etc.)
- Has any organization or individual made specific threats, or demonstrated intention or mindset to attack on the organization or similar organizations?
- Use VPNs or Tor to search if conducting the search from a country that is highly competitive with the organization’s country, or is known to surveil.
- A summary of the most likely threats that the host and auditor may face:
- Possible adversaries and their capacity and willingness to act against the host,
- Latest general cyber-security threats,
- Legal risks to host and auditor conducting a SAFETAG audit.
- Modifications to the audit plan as necessary.
Regional Context Research_This exercise focuses on research and re-confirmation of regional issues from general trends to specific legal restrictions and safety…
Technical Context Research_Research the technical capacity of potential threat actors, including both historical attack data and any indicators of changes to their capacity.
References and resources for Context Research
- Article: "Section 2.3 Context analysis p. 30" (Operational Security Management in Violent Environments: (Revised Edition))
- Guide: "Vulnerability Assessment: Training module for NGOs operating in Conflict Zones and High-Crime Areas" (Jonathan T. Dworken)
- Database: "The Aid Worker Security Database (AWSD) records major incidents of violence against aid workers, with incident reports from 1997 through the present." (The Aid Worker Security Database (AWSD))
- Survey: "This is a survey of existing and proposed laws and regulations on cryptography - systems used for protecting information against unauthorized access. " (The Crypto Law Survey)
- Article: "Legal Issues in Penetration Testing" (Security Current)
- Guide: "Encryption and International Travel" (Princeton University)
- Guide: "World Map of Encryption Laws and Policies" (Global Partners Digital)
- List: "Foreign travel advice" (GOV.UK)
Alerts: "Travel Alerts & Warnings" (US Department of State)
- List: "List of airlines banned within the EU" (European Commission)
- List: "A list of aircraft operators that have that have suffered an accident, serious incident or hijacking." (Aviation Safety Network)
- List: "Travel Advice" (Australian Government)
- Monitor: "CNL's NGO Law Monitor provides up-to-date information on legal issues affecting not-for-profit, non-governmental organizations (NGOs) around the world." (NGO Law Monitor)
- Public Service Delivery
Free Media and Information
- Threatened Voices: Tracking suppression of online free speech.
- IREX’s Media Sustainability Index (MSI) provides in-depth analyses of the conditions for independent media in 80 countries across the world.
- Freedom House's "Freedom on the Net" index, assessing the degree of internet and digital media freedom around the world.
- Freedom House's "Freedom of the Press" index assess' global media freedom.
- ARTICLE 19 freedom of expression and freedom of information news by region.
- Open Society Foundation - Mapping digital media
- Press Freedom Index (RSF)
- Climate Issues
- Gender Issues
- Poverty Alleviation
- Community Building
- Peace promotion
- Agricultural Development
- Water, Sanitation
- Disaster Relief
- Map: "A global display of Terrorism and Other Suspicious Events" (Global Incident Map)
- Organization: "ReliefWeb has been the leading source for reliable and timely humanitarian information on global crises and disasters since 1996." (ReliefWeb)
- Reports: International NGO Safety (NGO proof, subscription required, covers Afghanistan, CAR, DRC, Kenya, Mali, and Syria currently)
- Reports: Privacy International's in-depth country reports and submissions to the United Nations. (Privacy International)
- List: "National Cyber Security Policy and Legal Documents" (NATO Cooperative Cyber Defence Centre of Excellence)
- Reports: "Country Reports" (Open Network Initiative)
- Portal: "Country Level Information security threats" (The ISC Project)
- Country Profiles: "Current cybersecurity landscape based on the five pillars of the Global Cybersecurity Agenda namely Legal Measures, Technical Measures, Organisation Measures, Capacity Building and Cooperation." (Global Cybersecurity Index (GCI))
- Organization: "The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada focusing on advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security." (The Citizen Lab)
- Map: "Cyber-Censorship Map" (Alkasir)
- Dashboard: "At-A-Glance Web-Blockage Dashboard" (Herdict)
- List: "Who publishes Transparency Reports?" (James Losey)
- Overviews:"Cyberwellness Profiles" (ITU)
- Report: "The Internet Annual Security Threat Report" (Symantec)
- Report: "Annual threat report" (Mandiant)
Reports: "APWG Phishing Attack Trends Reports" (Anti-Phishing Working Group)
- Database: "World Telecommunication/ICT Indicators database 2014" (WT-ICT)
- Comparisons: "Country Comparisons" (CIA fact-book)
Other Context Analysis Methodologies:
Threats to the Auditor
Have aid workers faced retribution for their work in the region?
Is it safe to do digital security work in the region?
Is the area safe to travel to?
Targeted Threats for the organization
Is the group facing any legal threats because of its work?
Does the organization face any targeted threats because of their work?
General Threats for the organization
What general non-governmental threats does the organization face?
What cyber-security practices is the government using?
What general cyber-security threats is the organization facing?
What level of technology is available in the region?