Hello user, please login or register.

Sun, 22-Aug-2004 16:41 GMT

Home

The eRiding model

What Is eRiding?
History of eRiding
eRiding Results
Stories from the field
Start a Program

The eRider Network
Search for an eRider
Log In
Contact Us

Resources
eRiding
Cool Tools
Training
Open Source
Training for Trainers
Web Monitor

Community
News
Discussion List
Blogs
Photo Gallery



Home / Stories from the field

What is Security Culture? Amanda Hickman, Associate Circuit Rider, LINC Project

2003-09-07 17:43:41

As the non-profit world grows dependent on technology, we need to be increasingly aware of security issues. Security culture is based on keeping best security practices in mind and balancing best practices with the realistic needs and threats to a given organization.

Too often non-profits fall victim to security machismo, which can seriously impair the safety of their systems. Users who are required to have a 15-digit password to log into a server are more likely to tape the password to their monitor instead of struggling to remember it. Security culture is about investing in a holistic understanding, so that users know why and how their security works and are invested in keeping it tight.

Security culture extends beyond technology. Loose notes or conversations are as much of a security risk as a loose network. A sensitive member list kept in a secure database but printed and tossed without being shredded is a breach of security culture.

As non-profit technology consultants, it is our responsibility to invest a holistic understanding of security in our clients. We don’t necessarily need to teach our clients the finer nuances of encryption theory, but we should help them to understand how technology and their own practices can protect sensitive information and the steps they need to take to ensure that protection.

You can find more information on security cultures at the following links.Security Culture
for Direct Action Groups:
Electronic
Frontier Foundation Analysis of the Patriot Act:
An
Introduction to Internet Security and the Workplace
(A good primer for clients)
NetAction’s Guide to Encryption:
Center on Democracy
and Technology
Bill of Rights Defense Committee
A Guide to the USA PATRIOT Act and
Federal Executive Orders (PDF)
Electronic Privacy
Information Center
Resources for Drafting a Privacy Policy For Organizers and NGOs who don't have
to comply with HIPAA, the Privacy Policies of NGOs whose mandates include advocating
privacy protection are a good starting point:
ACLU privacy policy
Human Rights Watch Privacy Policy
Center on Democracy and Technology Privacy Policy
Electronic Privacy Information
Center Privacy Policy
Electronic Frontier Foundation
Other Resources:
Privacy Policy Generators
Privacy Central
Internet Privacy
Policies & Notices - Business Web Sites
Other Resources compiled by with enormous assistance from Jagdish
Parikh at Human Rights Watch:
Email Encryption
Computer & Internet Security, Privacy, Anonymity
http://security.tao.ca/
http://security.tao.ca/personal/culture.shtml
http://security.tao.ca/personal/index.shtml
~galactus/remailers/bg2pgp.txt
EPIC Online Guide to Practical
Privacy Tools
Cryptography Resources page on Privaterra
site

Encrypted Bulletin Board System:
Martus Human Rights Bulletin System
http://www.martus.org/
http://sfgate.com/cgi-bi

MySQL Security Page
http://www.mysql.com/doc/en/Privilege_system.html

0 Comments




Advanced search
Sitemap



font default
font 12px
font 16px



A Fundraising Primer

Making Technology Accessible

eRiding in Georgia

A Short eRider Life Story

 

We need your Feedback!
Copyright ©2003, International Eriders.
All Rights Reserved.
Privacy Policy | Site Map | Changelog | Discussion List
Contributors