Back to Responsive Support
Responsive Support
Summary
The auditor provides assistance for any immediate action needed (spot training, tool fixes, consulting on upcoming projects) -- this may also involve addressing vulnerabilities that triggered an incident response.
Purpose
In-audit activities and training are used to increase an organization's agency to seek out and address immediate security challenges within their organization, as well as enabling the organization to securely receive and store the audit report.
Guiding Questions
- Are there any critical vulnerabilities or remediation activities that the organization needs a deeper understanding to give proper weight to in the report?
- How can you prepare the staff and management for aspects of the audit process might lead to alienation or inhibit the process?
- What is the organization's readiness and likelihood to succeed in engaging with security technology? What factors will complicate or inhibit the effective and safe uptake and use?
- Is the support you want to provide (troubleshooting, fixes, upgrades, training, etc.) critical to the security of the organization? If not, can you provide that support without taking away from the audit?
- Will you have the capacity to support software or hardware that you provided while providing support?
Operational Security
- If you are providing software tools, make sure to check file signatures (and explain the process) - do not be the weak link or introduce malware into the organization!
- Do not attempt to train on any topic that you are not knowledgeable on.
- For any targeted training, especially on new tools, ensure that key personnel at the organization successfully use these tools during the audit timeline. This is especially important for secure communications tools the auditor hopes to use to follow-up with the organization.
- For any specific fixes or upgrades to the system, make sure that backups exist and to test extensively and with staff involvement after your intervention.
Preparation
- Experience giving digital security training
- Each training guide has detailed lists of materials needed and trainer preparation - preview and prepare for any training you plan to give.
Baseline Skills
Outputs
- Organizational capacity to communicate and store data securely
- Enhanced organizational capacity
- Mitigation of critical risks.
- Contacts and/or next steps for any direct support or training needs of the organization
Activities
References and resources for Responsive Support
- Tip Sheet: Facilitator Preparation Tips ( Integrated Security )
- Guidelines: "Facilitator Guidelines" (Aspiration Tech)
- Guide: "Session_Design" (Aspiration Tech)
- Kit: "Resource Kit" (eQualit.ie)
- Questions: "Pre-Event_Questions" (Aspiration Tech)
- Guide: "Break Outs" (Aspiration Tech)
- Resources: "Be a Better Trainer" (Level-up)
- Curricula: Level-Up: Resources for the global digital safety training community.
- Curricula: eQualit.ie's Trainer's Curricula (also in Russian)
- Training Manual: Workbook on Security: Practical Steps for Human Rights Defenders at Risk
- Trainer Handbook: "SaferJourno" (Internews)
- Multi-lingual Guides: Security in a Box
- Resource: Front Line Defenders
- Guide: "Surveillance Self-Defense" (EFF)
- Guide: "The Digital First Aid Kit" (RaReNet)
- Guides: "Protektor Services Manuals" (Protektor Services)
- Guide: "Cryptoparty Handbook" (CryptoParty)
- Guide: "Bypassing Internet Censorship" (Floss Manuals)
- Directory: "Security Training Firms" (CPJ)
Facilitation Preparation:
Digital Security Trainings:
Digital Security Guides:
Training Resources: