Welcome to the organisational security community wiki: a resource created by and for security practitioners from all backgrounds to share useful resources and document innovative approaches to long-term security work.
The wiki contains four separate sections: Discover, Strategise, Actualise, Create Space and Buy-in. Each section represents one phase of organisational security support. This format is not meant to be prescriptive - every practitioner can choose the activities that they find most effective for the communities they want to support. Semantics aside, most organisational security support has a learning phase, planning phase and a phase for implementation.
Explore the sections linked below to learn more about the phases and practices of organisational security support. Whether you are new to the field, or looking to deepen your understanding, there is something here for everyone. If you want to learn more about the community behind orgsec.community, head to the About page.
¶ Discover
Practitioners first listen and learn about the organisation - their goals, workflow, information, technology, concerns and challenges-before designing their support. Likewise, the organisation must get to know the practitioner - their values and approaches. Mutual discovery is a component that is integrated throughout the organisational support process. Discovery also includes an ongoing evaluation of whether the support process is meeting its objectives, and whether the staff is successfully implementing the recommended tools and processes.
¶ Strategise
Now that you have learned about the organisation, your next step will be to use this knowledge to develop a plan for your organisational security support. This will include identifying and designing a clear approach to address the organisation’s priorities, defining the scope of support, establishing consensus as a group, presenting an overall timeline of your work, and proposing realistic expectations for this engagement.
¶ Actualise
You've learned about the organisation’s needs, you've taken steps to build awareness and trust with the staff, and you've created a plan with the organisation's input. Now it's time to implement the tools, practices and policies that will make the organization more safe. This section collects recommendations for turning your plan into action.
¶ Create Space, Trust and Buy-In
Addressing organisational security can be an intimidating experience for individuals and organisations. As a support provider, it's important to create a safer space for staff to discuss difficult topics. Creating space must be integrated throughout the organisational security process. This section includes exercises and advice for building trust and awareness among the group.
¶ Join this documentation effort!
We want to hear from you about the challenges you face implementing organizational security support and your inventive solutions; about your own organizational security systems and practices; and how you could benefit and contribute as an active member of this growing community. Please read the Contribution page to learn how you can get involved, including if you are interested in translating the content and feel free to add your input by commenting on content and pages in this wiki.