Difference between revisions of "Threat analysis - Digital Security Indicators"
From Gender and Tech Resources
Line 5: | Line 5: | ||
|Duration (hours)=75m | |Duration (hours)=75m | ||
|Learning objectives=To define and explore security indicators in their current situation. To know best practices around sharing and analysis of security indicators. | |Learning objectives=To define and explore security indicators in their current situation. To know best practices around sharing and analysis of security indicators. | ||
− | |Prerequisites=Ideally, output from Situational Analysis exercise | + | |Prerequisites=Ideally, output from Situational Analysis exercise. |
+ | A safe and trusting environment must be created wherein people are not blamed for things they are perceived to have not done correctly or not been aware of. If necessary, you cn introduce tools for non-violent communication in order to facilitate sharing of security indicators. | ||
|Methodology=Methodology | |Methodology=Methodology | ||
Line 44: | Line 45: | ||
''For organisations'' | ''For organisations'' | ||
− | Step 1. Participants return (if possible) to the map of the trends in their context over the previous 12 months (see: Situational Analysis) and add any attacks or other security-related events which have affected them during this period. | + | '''Step 1.''' Participants return (if possible) to the map of the trends in their context over the previous 12 months (see: [https://gendersec.tacticaltech.org/wiki/index.php/Threat_analysis_-_Situational_analysis Situational Analysis]) and add any attacks or other security-related events which have affected them during this period. |
− | Step 2. Participants form one small group per incident identified, or organise into small groups according to their area of work or other affinities within the organisation. | + | |
+ | '''Step 2.''' Participants form one small group per incident identified, or organise into small groups according to their area of work or other affinities within the organisation. | ||
Step 3. The task is for them to focus on a given security event they have suffered and share any security indicators that they can remember which may have alerted them to the event previously. They share and record the events in writing on an example format (provided) if they want to. Remind participants of the definition of security indicators. | Step 3. The task is for them to focus on a given security event they have suffered and share any security indicators that they can remember which may have alerted them to the event previously. They share and record the events in writing on an example format (provided) if they want to. Remind participants of the definition of security indicators. | ||
Step 4. Each group reports back to the larger group on the security indicators they identified. | Step 4. Each group reports back to the larger group on the security indicators they identified. |
Revision as of 08:36, 29 July 2015
Title of the tutorial | Security Indicators: sharing and analysis |
---|---|
Attributions | |
Kind of learning session | Holistic |
Tutorial category | Discussion |
Duration (hours) | 75m "m" can not be assigned to a declared number type with value 75.
|
Learning objectives | To define and explore security indicators in their current situation. To know best practices around sharing and analysis of security indicators. |
Prerequisites | Ideally, output from Situational Analysis exercise.
A safe and trusting environment must be created wherein people are not blamed for things they are perceived to have not done correctly or not been aware of. If necessary, you cn introduce tools for non-violent communication in order to facilitate sharing of security indicators. |
Methodology | [[Methodology::Methodology
ContentsActivity (10 minutes)Give participants a scenario or series of scenarios wherein a HRD identifies security indicators and takes decisions which keep them safer. Example: We noticed taxis started parking outside our office. Staff would often take these taxis rather than going to the nearest taxi rank as usual. The taxi drivers started conversations with the passengers, asking what they had been doing that day. Our organisation regularly met with other organisations to discuss their work and security issues. At the next meeting, we mentioned this security incident. Members of the other organisations present then realised that taxis had also started parking outside their offices too. We concluded that the authorities were either using taxi drivers to collect information on us, or had planted security personnel as taxi drivers. Our organisations then decided that the safest response would be to pretend we had not noticed , but we warned the staff not to say anything about their work in the taxis but instead to chat about harmelss issues. Example from the Front Line Defenders Workbook on Security https://www.frontlinedefenders.org/files/workbook_eng.pdf Discussion (10 minutes)Ask participants: What were the best practices here by the HRDs? Finding taxis outside the office suspicious may seem like paranoia: how did they check whether they were paranoid? In your opinion, did they make the right decision to continue using the taxis? Do you have any similar experiences to share? Input. What the HRDs have done in this scenario is a great example of noting, sharing and analysing security indicators, in order to make decisions about security. Input (15 minutes)Security indicators are anything out of the ordinary that we notice which may have an effect on our security. They are sometimes called security incidents, although they do not have to refer to concrete events. We can identify security indicators at various different moments in our daily life and work. Examples of these include: 1. Receiving a letter from the authorities about an impending search of the office 2. Someone taking a picture of you in a public place 3. Not being able to concentrate and forgetting to lock the door to the office 4. Many unexpected pop-up windows opening when browsing the internet 5. Feeling exhausted even after a good night’s sleep We may be quite used to perceiving security indicators in our environments, but we can also look for them inside our physical and emotional experiences which may indicate that we're close to burning ourselves out. Consider what kind of physical sensations, thoughts or mental states might be indicators of stress, fatigue, or burnout for example? Furthermore, the behaviour of our electronic devices can also change and indicate to us that they may be compromised. Consider what indicators might alarm us to: a virus infection or someone breaking into our email accounts. The most important thing to do with security indicators is to record them and share them. Analysing them jointly is a good way to check our perceptions and jointly decide if a response is required. If it's useful, introduce an example file for recording security indicators (below). REMEMBER: Security indicators can also be positive indicators, that we are doing things right and taking effective security measures. For example: Noting that authorities begin to act in protection of other HRDs in your region more effectively; Decreasing crime rates in an area where you work; Noting that your stress levels are lower and you are more alert than before to your security situation. Deepening: Recording and Sharing Security Indicators (30 minutes)For organisations Step 1. Participants return (if possible) to the map of the trends in their context over the previous 12 months (see: Situational Analysis) and add any attacks or other security-related events which have affected them during this period. Step 2. Participants form one small group per incident identified, or organise into small groups according to their area of work or other affinities within the organisation. Step 3. The task is for them to focus on a given security event they have suffered and share any security indicators that they can remember which may have alerted them to the event previously. They share and record the events in writing on an example format (provided) if they want to. Remind participants of the definition of security indicators. Step 4. Each group reports back to the larger group on the security indicators they identified.]] |
Number of facilitators involved | 1 |
Technical needs | Flipchart |
Theoretical and on line resources | Holistic Security Guide
Front Line Defenders Workbook on Security https://www.frontlinedefenders.org/files/workbook_eng.pdf Protection International Manual http://protectioninternational.org/publication/new-protection-manual-for-human-rights-defenders-3rd-edition/ |