Introduction

The documents in this repository comprise a set of digital security checklists for use by US based non-profit organizations with a focus on human practice and organizational management. They were created by Information Ecology, an Oakland, California based consultancy focusing on technology management and capacity building for progressive organizations for use in the Weathering The Storms project of RoadMap Consulting. They have been peer reviewed for readability and accuracy by both technical and operational professionals from the global non-profit community.

This document set includes a tool for assessing an organization's existing capacities and areas to develop in order to successfully take on this type of work which is recommended as a first step for all organizations. Additional documents represent framing information and a glossary both of which are also recommended for all users of these checklists wishing to understand how to use them. This content is released under a Creative Commons Attribution-Share Alike License and can be remixed, translated or amended freely as long as shared in turn and original documents attributed to Information Ecology.

We have added a narrative Assumed Threat Model as an appendix to this document set for technical readers' reference. Recommendations are not annotated with specific threats mitigated at this time, but a technical support professional can help match assumed adversary capabilities with recommendations.

These documents are not considered appropriate for use in other countries or in contexts beyond what is named in the Introduction without a thorough review and update to reflect conditions in that environment. It is not our fault if you do not heed this important concern, but would be happy to support anyone wishing updating the content in this way. Contact us?

Contents

1. Introduction Framing remarks about the purpose, assumptions and limitations of these documents.

2. Readiness Assessment Tool A tool for assessing whether an organization has the requisite baseline capacities needed to successfully take on new digital security practices. Any challenges identified should be met before attempting to increase digital security levels through other means.

3. Legend What the symbols in these documents mean.

4. Device Security Checklist All security depends on the ability to control your devices. This checklist helps you do that.

5. Password and Authentication Checklist
   A checklist of tasks related to improving the way you identify, or "authenticate" yourself to the services you use, including password management practices.

6. Public Wireless Checklist A checklist of tasks related to improving security levels when depending on public wireless networks

7. Email Safety Checklist A checklist of tasks related to safe(r) use of Email.

8. GSuite Security Checklist A checklist to help you setup and use the security controls in Google's domain based services.

9. Glossary A glossary defining the technical terms used in these documents in as non-technical language as possible

10. Appendix A. Assumed Threat Model A narrative threat model describing the expectations of operating environment, end user capabilities and adversary capabilities for use by technical readers and technical support personnel.

Finally...

These documents could not exist without the support of a large group of readers, whose technical and operational peer review and feedback tuned these document, as well as the financial support of RoadMap Consulting with whom we are actively using these as a tool to support our clients and communities.

This work is dedicated to to the humans and organizations working on the front lines of important change making work everywhere.

This content is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

See license file for full license terms.