CreditsLast Updated 2017-06
In this session, you will facilitate a process for women to develop a security plan and corresponding protocols that they can use to implement digital security measures in their own organization.
This session was developed for, and should be attributed to, the Institute for War & Peace Reporting resource “Cyberwomen: Holistic Digital Security Training Curriculum for Women Human Rights Defenders” under a Creative Commons Attribution-Share Alike 4.0 International CC BY-SA 4.0 License
Step 1 | Begin the session by highlighting the importance of building a risk model before drafting a plan and any protocols. Remind participants that digital security is first and foremost a personal process - if their goal is to draft and implement a digital security plan at an organizational level, explain that it will be a process of:
Step 2 | Explain to participants the difference between a digital security plan and a digital security protocol. The main idea to communicate is that:
Provide examples of plans and protocols to participants – for instance, activities such as travel or participation in public protests would each have their own digital security protocol; items found in a digital security plan might include an organization having their website audited, verifying that every computer has antivirus installed, and introducing the use of GPG to encrypt emails.
Step 3 | This session is best suited for participant groups who come from the same organization or collective, as they can take advantage of this opportunity to collaborative develop their plan and protocols as a team. However, if this is the case for only some participants, those who are not part of any organization or group can still participate in the session by working on their own personal plans and protocols.
Step 4 | Ask participants to refer to their risk model from the Deepening session Gender-Based Risk Model. Have them begin making a draft of their security plan - the following format may be useful:
Explain to participants each of the sections - a new row should be started for each risk or threat identified.
Step 5 | Remind participants that although the focus of this training is on digital security, we must always remember to take holistic measures into account. Ask participants to consider which actions need to be taken in terms of physical security and self-care as they draft their security plans and protocols.
Step 6 | Then, after participants have finished their first draft of the plan template, ask them to then build a list of their organization’s activities or processes that they feel will require individual protocols.
Step 7 | Once participants have finished both their draft plan template and their list of activities requiring security protocols, it will be useful to pause so that everyone can share their plans. This presents a valuable opportunity for participants to learn from the approaches of others; however, remember that some may not feel comfortable sharing their organizational or personal vulnerabilities as a matter of trust. To address this proactively, you may want to ask the group to share only the key items for their plan (the 4th column of the template table, “Mitigating Actions”) while keeping other information like “Threats and Risks” and “Identified Vulnerabilities” private.
Step 8 | Discuss follow-up steps with participants - they will need to have a focused gathering within their organizations to share insights and key takeaways from this session, as well as the Deepening session Gender-Based Risk Model – of special importance from this session will be the list of activities and processes requiring security protocols. This plan will need to be discussed and agreed upon as a team, with realistic dates set for its implementation – while considering these, participants also need to remember that there may be others in their organizations who will require training on digital security practices and/or specific tools for full implementation to be possible.