What is this open call about?
We are carrying out a research project to understand the landscape of our latin american region in terms of information security, through field work with regional organizations to understand the common vulnerabilities in their systems and the patterns in their attack surface. With this information, we intend to map the state of cybersecurity in Civil Organizations in Latin America and share appropriate recomendations.
What are the participant organizations expected to do?
The organizations that participate in this project will be involved in the following way:
You are expected to attend an initial call to understand what type of reconnaissance work we are doing in your infrastructure, we will ask you questions and answer your any concerns you might have.
We will perform a technical analysis of vulnerabilities in publicly exposed services prior to the approved consent of the participating organizations.
We will have a subsequent call if necessary, where we will report critical vulnerabilities if found.
How will the data of the organizations be treated?
We will not share individual data from participating organizations, and we will only publish resources based on common vulnerabilities without reference to any organization.
During the data collection stage, the information of the organizations will be treated as highly sensitive: we will communicate with the organizations through secure channels and we will store the information encrypted locally.
Will the organizations be paid for the hours invested in the project? Yes. Organizations will receive a stipend of $1,000 for their contribution to the project.
Why is this project important?
Digital security is critical for activist organizations. The lack of a minimum viable secure infrastructure translates into surveillance, leaks of information and private communications, loss of information and censorship. All of these threats directly affect their effectiveness and impact on their local communities.
There is a gap in technical knowledge related to offensive security in social organizations in the region. During the last decade, there has been a significant development in computer security tools. Different strategies were made available to the private sector and more institutionalized organizations, which are not available to actors traditionally relegated due to lack of budget, time or access to data knowledge. These strategies and tools have become essential to increase the information security of organizations.
What is the purpose of this project?
Our goal is to make a contribution to civil society organizations by understanding the most common vulnerabilities in the region, and disseminating good security practices. Mapping the IT security status of regional organizations and disseminating materials based on the identified findings would make it possible to render innocuous the most frequent IT threats and attack patterns that seek to make organizations invisible and silent.
We will publish these findings as resources in Spanish for social organizations to further improve their security and share best practices to build a safer environment for the region.