Lab DATA in Motion/At Rest
1. Download and fill-out Chart ONE – Data at Rest (hold off on “what to do?” column response for now).
2. Download and fill-out Chart TWO – Data in Motion (hold off on “what to do?” column for now).
3. Go to Resource List for this lab (auxiliary document attached to this lab, along with charts): explore
from this list several websites of your choosing, to find information on possible security vulnerabilities
for your data; determine if you need to update what you put on the chart, in light of additional things
you learned about the how, what, why of security breaches.
4. Next, fill out the “what to do?” column(s) in light of what you’re learning. Include links to the
resources/sites that enabled you to figure out what could be done. Be specific.
5. After doing steps 1-4, write a page response or roughly 250 explaining outcomes in narrative form
(rather than chart).
6. Underline informational thesis, in which you explain/specify what you learned from this information
mapping process about data vulnerabilities in this lab.
7. Include in your response some consideration of how the proposed initiative for your group project
leaves you with any concerns or questions about data breaches or security threats, which might make
stakeholders distrust your respective group project initiative and could turn into a hidden cost.
8. NOT PART OF WORD COUNT BUT PART OF THE LAB: a short reflection on what you learned and if
anything posed difficulties or surprised you in the process of fulfilling this lab.
[Type here]
INFORMATION MAPPING -- DATA AT REST
What is it?
Where does it reside?
Who can/does access it
How sensitive is it?
Likely threats
What to do?
[Type here]
INFORMATION MAPPING -- DATA AT REST
What is it?
Where does it reside?
Who can/does access it
How sensitive is it?
Likely threats
What to do?
Resources to help you get started (3.19.2017)
INFORMATION
https://medium.com/tinfoil-press/current-digital-security-resources-5c88ba40ce5c
A guide to the guides
https://ssd.eff.org/
A very comprehensive and regularly updated guide from a widely trusted source, the
Electronic Frontier Foundation. Available in 10+ languages.
https://medium.com/tinfoil-press/securing-your-digital-life-like-a-normal-person-a-hastyand-incomplete-guide-56437f127425
A great blog post for “normal people” who do not have specific personal or occupational
risks.
https://hackblossom.org/cybersecurity/
https://es.hackblossom.org/cybersecurity/
A DIY Feminist Guide to CyberSecurity/Guía de Seguridad Digital para Feministas
Autogestivas, from an activist in Boston.
https://onlinesafety.feministfrequency.com/en/
A guide specifically concerned with preventing harassment and doxxing, co-authored by
one of the workshop presenters (Renee Bracey Sherman)
https://securityinabox.org/en/
Another thorough set of practical guides for those who are especially concerned with
security and surveillance. Available in fifteen languages. Includes “Community” guides
for specific groups of people (such as LGBTI activists in the Middle East and
Sub-Saharan African, environmental defenders, and more). Developed by the Tactical
Technology Collective, https://tacticaltech.org/ , which has great analysis of some of the
big picture issues here.
https://holistic-security.tacticaltech.org/
Comprehensive curriculum for human rights defenders for improving security from a
holistic perspective
https://www.eff.org/deeplinks/2016/11/digital-security-tips-for-protesters
Digital security tips for attending a protest
https://itsgoingdown.org/phone-cop-opsecinfosec-primer-dystopian-present/
https://itsgoingdown.org/phone-cop-2-getting-arrested-phone/
Guide to understanding the risks of mobile phone usage in protests
https://myshadow.org/increase-your-privacy#alternatives
Another project of Tactical Technology. Explore this site for lots of tools to help you
understand what information you are inadvertently revealing, and how you are being
tracked commercially.
https://www.reducingtherisk.org.uk/cms/sites/reducingtherisk/files/folders/resources/safe
ty/InternetSafetyforVictimsofViolence.pdf
Resources for survivors of stalking and abuse.
https://www.cybercivilrights.org/online-removal/
Removing “revenge porn”
https://blog.witness.org/2016/11/getting-started-digital-security/
https://github.com/AnarchoTechNYC/meta/wiki/Persona-based-commsec-training-matri
x
Threat-modeling primers
https://www.accessnow.org/a-first-look-at-digital-security/
https://www.privacyrights.org/consumer-guides/online-privacy-using-internet-safely
More guides!
TOOLS
https://play.google.com/store/apps/details?id=org.secfirst.umbrella
Umbrella is an open source Android app with checklists for security situations (protests,
meeting with a source, how to tell if you’re under surveillance, etc.)
https://www.mozilla.org/en-US/lightbeam/
An add-on for Firefox that shows you first and third-party sites you are interacting with
ORGANIZE YOUR OWN EVENT
https://www.cryptoparty.in/learn/links#handbooks
Guides for education yourself and others about a variety of topics, and guidance on
throwing your own cryptoparty.
https://github.com/betterangels/better-angels/wiki/Practical-digital-security
Another guide for hosting workshops and trainings on your own
https://medium.com/@geminiimatt/how-to-give-a-digital-security-training-4c83af667d40
How To Give A Digital Security Training
https://medium.com/@geminiimatt/security-training-resources-for-security-trainers-winte
r-2016-edition-4d10670ef8d3
Digital Security training resources for security trainers, Winter 2017 Edition
https://holistic-security.tacticaltech.org/news/trainers-manual
A more advanced and comprehensive guide for trainers using Tactical Tech Collective’s
Holistic Security Manual
Lab: Data in Motion/At Rest
Data in motion and data at rest are both complicated things that each come with their own
sets of risks as you use them. One must be aware of these risks as they use technology in order to
use it in the safest ways possible. From this lab, I became aware of all of the risks that come with
technology, and not just the basic ones such as viruses, and the reason why you should keep a
strong password. Our data is something that we should protect, and in order to do that we must
know the risks that we face while using technology.
For data in rest, I came up with ideas such as my iphone, my laptop, a USB drive, a
printer, and an Internet router. These items at rest each have their own sets of risks. Some of
these risks are simple such as losing or breaking the item, while there are also more complex
risks such as having to open your phone with your fingerprint in it for the police and your
computer being tracked. Some of the ways I found to handle these risks were encryption of your
devices, adding stronger passwords and security measures, and backing up your data. Data at rest
is seen as data that is not moving itself, but it is important to keep our data at rest secure in order
for no one to retrieve our personal information.
Data in motion is data that is being moved and sent. Some examples of data in motion
can be social media, storage such as Google Drive, sending emails, the Internet, and online
shopping stores. All of these hold important information of ours, so it is important to keep that
safe. On social media, you run into problems of harassment, hacking, doxxing, and losing access
to your account. Some things that can be done for this is having a strong password (as is
important for many things dealing with data in motion), removing anything that could be
dangerous to have on the Internet, and changing security settings. For something like emails, you
can also find a private email or make your own. For something like online shopping, where you
can use your credit card, it is extremely important that you don’t save your information in the
website. By keeping your data in motion safe, you are keeping your personal information safe.
REFLECTION
Before this lab, I didn’t really realize how much information I have on the Internet and
everything that I should be doing to protect it. For example, I had no idea that having my
fingerprint on my phone would let police open it if I was arrested, and when using the Internet
there were things that I had never thought of before when using public wifi. I had never heard of
data at rest or in motion before so seeing it in relation to things that I know and use was helpful,
but it was difficult thinking of things that would fit in the categories.
Purchase answer to see full
attachment