|
Title What is Security Culture? Amanda Hickman, Associate Circuit Rider, LINC Project
Date 2003-09-07 17:43:41
As the non-profit world grows dependent on technology, we need to be increasingly aware of security issues. Security culture is based on keeping best security practices in mind and balancing best practices with the realistic needs and threats to a given organization.
Too often non-profits fall victim to security machismo, which can seriously impair the safety of their systems. Users who are required to have a 15-digit password to log into a server are more likely to tape the password to their monitor instead of struggling to remember it. Security culture is about investing in a holistic understanding, so that users know why and how their security works and are invested in keeping it tight.
Security culture extends beyond technology. Loose notes or conversations are as much of a security risk as a loose network. A sensitive member list kept in a secure database but printed and tossed without being shredded is a breach of security culture.
As non-profit technology consultants, it is our responsibility to invest a holistic understanding of security in our clients. We don’t necessarily need to teach our clients the finer nuances of encryption theory, but we should help them to understand how technology and their own practices can protect sensitive information and the steps they need to take to ensure that protection.
You can find more information on security cultures at the following links.
Security Culture for Direct Action Groups:
Electronic Frontier Foundation Analysis of the Patriot Act:
An Introduction to Internet Security and the Workplace
(A good primer for clients)
NetAction’s Guide to Encryption:
Center on Democracy and Technology
Bill of Rights Defense Committee
A Guide to the USA PATRIOT Act and Federal Executive Orders (PDF)
Electronic Privacy Information Center
Resources for Drafting a Privacy Policy For Organizers and NGOs who don't have to comply with HIPAA, the Privacy Policies of NGOs whose mandates include advocating privacy protection are a good starting point:
ACLU privacy policy
Human Rights Watch Privacy Policy
Center on Democracy and Technology Privacy Policy
Electronic Privacy Information Center Privacy Policy
Electronic Frontier Foundation
Other Resources:
Privacy Policy Generators
Privacy Central
Internet Privacy Policies & Notices - Business Web Sites
Other Resources compiled by with enormous assistance from Jagdish
Parikh at Human Rights Watch:
Email Encryption
Computer & Internet Security, Privacy, Anonymity
http://security.tao.ca/
http://security.tao.ca/personal/culture.shtml
http://security.tao.ca/personal/index.shtml
~galactus/remailers/bg2pgp.txt
EPIC Online Guide to Practical Privacy Tools
Cryptography Resources page on Privaterra site
Encrypted Bulletin Board System:
Martus Human Rights Bulletin System
http://www.martus.org/
http://sfgate.com/cgi-bi
MySQL Security Page
http://www.mysql.com/doc/en/Privilege_system.html
Comments ...
by
|