Help

Overview

• Audience
• Recommendations Checklist
• Checklist categories
• Icons
• Glossary of Terms
• Contact

Audience

The recommendation instructions are written either for staff (🧑) directly - so that they can follow the instructions on your own devices / accounts, and learn about the best practices independently, or directed at the change leader (🏗️) who can use the instructions to organise the roll-out in their organisation.

Recommendations Checklist

The action items under Preparation will assist you in strengthening your digital security. The more items from this list you complete, the less at risk your organisation's staff is while using digital technologies at work, or while carrying their devices with them. The items under Conduct are aimed at changing the behaviour and mindset of the staff in your organisation to remain vigilant and make digital hygiene and security a personal habit.

The items starting with 🔒,📱,💻,🖥️ are linked to the guides. The items starting with 🔘/✅, are just more detailed steps of the recommendation directly above them. For each set of 🔘s only one needs to be completed, for the ✅s, you can complete as many as you want.

Checklist Categories

Each of the items on the checklist will link to more detailed steps on how to implement that step. Each recommendation will list:

Priority

How important is it that this recommendation is followed, possible values are:

• ⭐ - Optional
• ⭐⭐ - Recommended
• ⭐⭐⭐ - Best Practice
• ⭐⭐⭐⭐ - Strongly Advised
• ⭐⭐⭐⭐⭐ - Essential

Complexity

How much technical expertise is required to follow the recommendations, values range from:s

• ⭐ - Anyone can follow this unassisted
• ⭐⭐ - Anyone can follow this with some assistance
• ⭐⭐⭐ - Some technical knowledge is required
• ⭐⭐⭐⭐ - Advanced technical knowledge is required
• ⭐⭐⭐⭐⭐ - Getting external support is recommended

Effort

How much effort is typically required to follow the recommendation:

• 🧑 - Can be learned or done independently within 5 minutes
• 🧑🧑 - Can be learned or done independently within 30 minutes
• 🧑🧑🧑 - Can be learned or done independently within 120 minutes
• 🏗️ - Requires some centralised planning; the organisation roll-out is less than 30 minutes per case
• 🏗️🏗️ - Requires centralised planning; the organisation roll-out is less than 120 minutes per case
• 🏗️🏗️🏗️ - Requires centralised planning; the organisation roll-out may take several hours per case

Cost

How much funding is needed for the roll out of the recommendation. Most recommendations are free, but for those that cost money, the estimate cost is given per person or device. Pricing for subscription is specified on an annual basis, and has a 🔁 to indicate the recurring nature:

• 🆓 - free
• 💵 - between USD 1 and 10
• 💵💵 - between USD 10 and 25
• 💵💵💵 - between USD 25 and 100
• 💰 - between USD 100 and 250
• 💰💰 - between USD 250 and 1000
• 💰💰💰 - in excess of USD 1000

Icons

In the recommendations, the following icon conventions are used:

• 📱 - Smartphone
• 💻 - Laptop
• 🖥️ - Desktop
• 🌐 - Web Service
• 📄 - Policy
• 🔒 - Passwords

Users:

• 🧑 - Regular Users
• 👩‍💻 - Advanced Users
• 🏗️ - Admin / Management

Brands:

• 🍏 - Apple
• 🤖 - Android
• 🦊 - Mozilla Firefox
• 🦁 - Brave Browser

Glossary of Terms

In the recommendations, we will use digital security terms as described by the EFF SSD which have the following meanings:

• adversary - The person, organisation or institution attempting to undermine your security goals. Adversaries can be different, depending on the situation. Your adversary profile is provided in the needs assessment.
• compromise - The use or modification of your data by adversaries in ways that disadvantage you or your organisation. This could be that military read messages that were not intended for them, see case files that are supposed to be confidential, but also changing email addresses or phone numbers in your contact list so you may write the wrong person.
• data - Any kind of information, typically stored in a digital form. Data can include documents, contact lists, pictures, passwords, programmes, messages, and other digital information or files.
• encryption - A process that takes data (typically, a message or file) and makes it unreadable except to a person who knows how to "decrypt" it back into a readable form.
• security goals - What the organisation wants to achieve by keeping its data secure - common goals include physical security of devices, confidentiality of communication, thwarting phishing attacks, and having a contingency plan in place.
• risk - The chance that a threat could exploit a vulnerability in your digital security and compromise your data.
• threat - A potential event that could undermine your efforts to defend your data from being compromised. Threats can be intentional (conceived by adversaries), or they could be accidental (you might leave your computer turned on and unguarded). Threats specific to your organisation are listed in the needs assessment.
• vulnerability - A weakness in the defence of your devices, configurations, personal habits, that can be exploited by an adversary. Vulnerabilities specific to your organisation are listed in the needs assessment.

Contact

The guide was developed by Mart van de Ven.

Reach out to him with your questions or suggestions via Signal or Email. Please note that this is a public channel, so only aks questions you would be comfortable asking in public. If you want to ask any sensitive questions, please send me a personal message - my contact is available in the support channel.