IFF OrgSec Village: Day One

June 9, 2020

IFF OrgSec Village

Internews is hosting the virtual Internet Freedom Festival (IFF) Organizational Security Village throughout this week (June 8-12)! The event is bringing together security auditors, digital security trainers, and other experts and practitioners for a five-day program of over 20 community-led sessions exploring five major themes in organizational security.

Day 1

Sessions on Day 1 centered around diverse approaches to OrgSec adopted by practitioners in the community. Highlights from Day 1 of the OrgSec village included:

  • A co-creation session on making Organizational Security Community Spaces more Useful, Inclusive, and Resilient.
  • A discussion on ways to Scale Organizational Security Assistance.
  • A session on Strategies to Avoid Dependency and Deliver Lasting Change through OrgSec interventions.
  • A conversation around the Importance of Long Term Support and Engagement beyond digital security assessments in delivering organizational change.

Key Takeaways

Key takeaways from the discussions included:

  • The goal of OrgSec work is to make itself obsolete! While it is easy to focus on tangible outputs like audits or reports, most auditors and trainers prioritize increased internal organizational security expertise and decreased dependence on external security help. Effective strategies include finding digital security champions within organizations and building capacity in the surrounding community. Building the confidence and ability of those in the organizations to put digital security into practice is just as important as hardening their digital security.

  • Organizational Security assistance is not being made available to those who need it the most. In the US and globally marginalized communities facing the greatest threats are also those with least access to critical digital security resources (both human and financial). It is imperative to address this fact when designing programs and change the language we are using to be more inclusive of these communities.

  • A security audit or assessment is just the beginning! Most organizations need long-term support to make an effective change in their practices and harden their defenses against digital security attacks. Despite this, funding structures supporting current OrgSec work are not conducive to long-term engagement. Practitioners need to consider how to bake sustainability and long-term support into program design.

It’s not too late to register!

It’s not too late to register! Join us for more sessions throughout the week on OrgSec in Practice, Advanced Threats, Funding Models, and more! Register here!