2021 Organizational Security Village Day 1

Internews is hosting our second virtual Organizational Security Village throughout this week (August 30-September 2)! The event is bringing together security auditors, digital security trainers, and other experts and practitioners for a four-day program of over 25 community-led sessions exploring four major themes in organizational security.

Sessions on Day 1 centred around various OrgSec tools and resources. Highlights from Day 1 of the OrgSec village included:

A conversation on how to bridge the gap between open source tool developers and users to improve usability and accessibility.
A tour of the RaReNet (Rapid Response Network) and CiviCERT’s Digital First Aid Kit (DFAK).
An introduction to the new SAFETAG interface.
An overview of the recently released RAWRR, an offline multiplatform and easy-to-use tool for security evaluation report generation.
A preview of NDI’s Cybersecurity Handbook for Civil Society Organizations.

Key takeaways from the discussions included:

Accessibility work goes beyond UX/UI design. When it comes to creating feedback loops between users and developers, it’s important to not just include UX/UI designers but also the developers themselves. It’s crucial to involve all of those who are working on putting together the infrastructure users rely on.

Civil Society Organizations (CSOs) are facing increasingly complex cybersecurity threats, which require solutions beyond traditional cybersecurity trainings. CSOs tend to be reactive when it comes to organizational security and often scramble to find solutions in the face of a crisis. While traditional digital security trainings are helpful in better preparing CSOs, they often fail to fully address the challenges of emerging cyber threats, offensive technologies, and organizational complexity. Scenario-based and tailored resources may allow CSOs to be more proactive in anticipating and addressing potential threats they might encounter.

Consider (and involve) your target audience when designing OrgSec tools and resources. If possible, deploy a co-design process or request ongoing feedback from trusted members of the community. Plan and design so that localization is an integral part of the process. Be prepared to iterate on your tool or resource in efforts to make it as useful as possible for those who need it most.

Join us for more sessions throughout the week on Approaches to OrgSec, OrgSec in Practice, Advanced Threats, and more!