At Reprieve we like to think of ourselves as a small, feisty organisation of human rights defenders who speak truth to power. We are determined to create a world where no one has to face the death penalty, and where no one experiences extreme human rights abuses as a result of counter-terrorism practices that violate international law. The highly sensitive issues that Reprieve works on mean that we are a target for cyberattacks – and the impact of such an attack could mean life or death for one of our clients. We would love a BeyondMe Team to help us to audit Reprieve’s cybersecurity readiness, develop recommendations and work with us to make Reprieve as secure as it can be. Reprieve captures the zeitgeist, changing the debate and changing peoples’ minds about the death penalty and abuses committed in the context of the ‘War on Terror’. To do this Reprieve works extensively with the media. In 2016, for instance, we placed more than 600 articles in local, national and international press. We would also love a BeyondMe Team to help us design an improved system for monitoring and recording Reprieve’s media impact. Through these projects you will help to make Reprieve more secure, and more effective, and by extension better able to help our clients - some of the most disenfranchised and demonized people in the world.
The purpose of the cybersecurity audit is to assess Reprieve’s organisation’s policies, procedures and systems related to the storage of, access to and transmission of sensitive information by electronic means.
We would like someone to gather evidence by reviewing all relevant documentation, interviewing key members of staff, interviewing relevant groups of stakeholders and carrying out an appraisal of our IT system and cyber security setup. We envisage that this would involve identifying the digital information assets that Reprieve wishes to protect and the technology that comes into contact with that information. Then spending some time to understand the threats (including bad actors) that might damage or access those information assets without authorisation.
We would then hope that the digital information assets, the technology used to access them and the threats ranged against them will be recorded in a form of a report.
On the media monitoring side, we would like someone to review the current (basic) system by which we record Reprieve’s media mentions; interview key members of staff about how they use this data; and design an improved system. We would also like them to review the current tools by which we scour the internet for Reprieve’s media appearances, audit what other systems exist, and make recommendations for (cost-free) improvements, potentially building a macro to automate this process.