IWPR's Digital Security and Capacity Tool (DISC)

IWPR’s Digital Security and Capacity Tool (DISC)

  • Objective(s): To gauge participants’ existing digital security skill level, while also providing qualitative information on strengths and areas for improvement at a more granular, practice-specific level. disc tool is also a useful way to track their learning and comprehension progress.
  • Format: Appendix
  • Needed materials:
    • Copies of the DISC questionnaire

Internal document with Scores

To Be Completed at Baseline and every six months, or at end of Training Period, as appropriate.

Below you will find a series of questions that will allow your trainer to both understand the level of digital security practices within your organization, as well as to monitor any progress that it made thanks to the training you will or have received. The results are purely for monitoring and evaluation purposes and will only be shared anonymously within IWPR and with the donors supporting this project.

Country …………………………….

At your organization:

1. The operating system and software I use to work have been updated: (please circle)

  • Never (0 points)
  • In the last 6 months (1 point)
  • Within last 30 days (4 points)
  • Within last 15 days (5 points)
  • More than 6 months ago (0 points)
  • We have the newest system installed on this computer (5 points)
  • They are being updated at this moment (3 points)
  • I don’t know that information (0 points)

2. ¿Do you backup your data through an external hard-drive or a cloud service: (please circle)

  • Never (0 points)
  • More than a year ago (0 points)
  • In the last year (1 point)
  • In the last 6 months (2 points)
  • Within last 60 days (3 points)
  • Within last 30 days (4 points)
  • The data has been backed up within the last 14 days (5 points)
  • I don’t know that information (0 points)

3. Are your hard drive or cloud service encrypted?

  • Yes, both are encrypted (5 points)
  • No (0 points)
  • Only one of them is encrypted (3 points)
  • I don’t know that information (0 points)

  • If you answered affirmatively, which encryption tool do you use?

    ………………….

4. The computer I use for work has original licensed software (for example Microsoft Windows, Microsoft Office, Adobe Photoshop, Adobe Illustrator, Corel Draw, Antivirus) or open source software programs (Open office, Scribus).

  • Every program is pirated (0 points)
  • Some programs are pirated (1 point)
  • Most programs are licensed originals (2 points)
  • All programs are licensed and original (5 points)
  • Most programs are open source (2 points)
  • All programs are open source (5 points)
  • I am not sure (0 points)

5. Anti-virus programs are loaded on the computer and the mobile phone that I use to work, are up to date and run each time the equipment is turned on.

  • Yes, computer and mobile phone (5 points)
  • Only on my computer (3 points)
  • Only on my mobile phone (3 points)
  • I don’t have anti-virus programs (0 points)
  • I don’t know if I have an antivirus program on all my devices (0 points)

  • If affirmative, which antivirus do you have on your computer?

    …………………………………………………….

  • If affirmative, which antivirus do you have on your phone?

    …………………………………………………….

6. I have locked my office computer screen/cellphone with a password for the screen lock.

  • Yes (5 points)
  • No (0 points)
  • Only one of those devices has a password (2 points)

7. The Wi-Fi network where I work has a different password from the one that the internet service provider gave me, and it meets the standards for a strong password (Criteria: 1. includes at least 25 characters and, 2. includes both letters and numbers, and 3. Includes special characters, and 4. includes both lowercase and capital letters).

  • Yes - password changed and meets at least two of the criteria for strong passwords (5 points)
  • No - servicer provider password was maintained (0 points)
  • Partially - only one of the criteria for passwords mentioned above has been applied (3 points)
  • Partially- the password was changed but none of the criteria for passwords were applied (1 point)

8. About the use of public Wi-Fi in hotels, airports or cafés

  • I never use public Wi-Fi in hotels, airports or cafés unless I connect through a virtual private network (VPN) service. (5 points)
  • I sometimes use public Wi-Fi in hotels, airports or cafés without connecting through a VPN service. (2 points)
  • I always use public Wi-Fi in hotels, airports or cafés without a VPN service. (0 points)

9. About the back up of my work documents, I use file encryption tools for saving documents in my laptop

  • Yes (5 points)
  • No (0 points)
  • Only for some documents (3 points)

  • If you answered yes, which file encryption tool do you use?

    ………………………………….

10. Regarding the text via email or SMS between the members of your organization.

  • I always use encryption for email, SMS or chats to transmit sensitive data (5 points)
  • I usually use encryption for email, SMS or chats to transmit sensitive data (3 points)
  • I rarely use encryption for email, SMS or chats to transmit sensitive data (2 points)
  • I never use encryption for email, SMS or chats to transmit sensitive data (0 points)

11. I share my passwords with (please circle all that apply):

  • Intimate partner (0 points)
  • Siblings and/or parents (0 points)
  • Best friend (0 points)
  • Work colleagues (0 points)
  • No one (5 points)

12. Secure passwords have at least 25 characters (letters, numbers, special characters, small and capital). Do not use words from the dictionary, birthdays or any personal information. All my passwords meet these standards identified above to ensure a strong password.

  • Yes (5 points)
  • No (0 points)
  • Only some of them (3 points)

13. I have different passwords for each of my devices and accounts (computer, phone, email, social media, bank etc)

  • Yes (5 points)
  • No (0 points)
  • I have a few different passwords that I use, but sometimes repeat (1 point)
  • Some of my passwords are set by default by my organization/office/provider of service (3 points)

14. I have made a strategic decision about how to manage my social media identities for my private, work/activism accounts based on my level of risk.

(For example using false/different identities and accounts for activism/work, or openly using my real name, photo and identity if I don’t feel under threat …)

  • Yes - I have considered it and feel secure with my current management of online identities (5 points)
  • No - I haven’t thought about it (0 points)
  • Partially- I consider it may make sense to create different or more anonymous online identities but haven’t made the changes yet (2 points)
  • Partially - I have considered my online identities and made the changes, but I am still not sure if the setup is secure (4 points)
  • My situation means that it makes more sense for me to use my own name and real identity in all my social media accounts (5 points)

15. I store my passwords in a password protected secure digital keychain

  • Yes (5 points)
  • No (0 points)
  • Only some accounts (3 points)
  • I don’t know what that is (0 points)

  • Where is the key chain stored and in what format?

16. When you are browsing do you always navigate with HTTPS?

  • Yes (5 points)
  • No (0 points)
  • What is that? (0 points)
  • I always check it but it is not always possible to navigate with HTTPS (3 points)

17. About your personal social media accounts.

  • All my posts on social media are public (0 points)
  • I don’t know who can see my posts on social media (0 points)
  • I choose specific settings for each post (4 points)
  • I adjust the settings to control who can see which information on my social media accounts (5 points)
  • I don’t know how to set admin controls on any of my social media accounts (0 points)

18. click on links or open attachments in emails when: (please circle the dates closest to clicking)

  • They seem to contain important or urgent information (0 points)
  • I know the sender, but unexpected email (ex. Emotional Partners, old friends) (1 point)
  • They come from my trusted network (2 point)
  • I expected them (3 points)
  • I know and verified the sender (5 points)

19. I use secure chats and secure online voice communications tools (VOIP) for my communications.

  • Yes (5 points)
  • No (0 points)
  • Sometimes (2 points)
  • I don’t know what this is (0 points)

  • Which secure tools do you use?

    ………………………………….

20. I use power regulators to protect my important electronic devices from electrical surges:

  • Yes (5 points)
  • No (0 points)
  • Only at my office (2 points)
  • Only at home (2 points)
  • Only for some devices (2 points)

Add up the points and record them on the Organizational Scorecard. ….. points/ 100 points