Security policies are crucial in mitigation of the digital security threats faced by civil society organizations (CSOs) every day, but the time and expertise required to create and implement them can be prohibitive to all but the biggest and wealthiest CSOs. The nature of their content means that the development of security policies and their supporting practices is complex and involves a lot of information disclosure by the organization. CSOs that are left vulnerable to attack by this have been known to repurpose the policy of a partner organization. However, this can easily lead to security holes as each CSO has different needs. For instance, Bring-Your-Own-Device policies, secure internet access during work travel, processes for lost office fobs all depend on various factors specific to an organization. Other security policy creation solutions are currently either restricted to a select group of organizations, or have a more general digital security focus that is not specific to CSO security.
This project will research security policies, the results of which will inform the creation of a new, free-to-use online tool for creating custom CSO security policies, ultimately empowering more CSOs to improve their own digital security capabilities and thus become more resilient to digital attacks.