- 1 Resource Kit
- Last modified: 6 August 2013 17:18:19
- русская версия
The training curricula will accompany digital security trainings. It is separated into sections applicable for the trainer as well as participants. Its purpose is to provide a framework within which trainings will be organised and lead. It will also act as an additional resources to participants wanting to review the training's documentation and lesson learnt.
The trainings and accompanying curricula is designed to guide a non-technical user to understand the issues and technologies that may affect their work and personal safety, as they relate to digital security.
Trainer's Resource Kit
The 'Trainer's Resource Kit' accompanies trainers when leading a digital security workshop. It comprises of a series of training modules on each of the included software tools, a guide to building a suitable and effective curricula for the session, as well as hints and tips on how best to organise a training, security considerations, understanding participant's needs and training methodology.
All trainers undertaking a digital security workshop should make themselves familiar with this Resource Kit. It will aid in planning a training, understanding your audience's needs and ability to receive information, help to avoid some of the common pitfalls for training preparation and execution.
The audience should be considered non technical and in need of solutions to improve and secure their working practice. The audience is made up of people from different language backgrounds, but English is assumed to be to the common language of communication. They may be highly stressed and overworked, thereby limiting the length of sessions and volume of information that can be presented at one time.
The most important element of any training is the trainer him or herself. Their job is comprised of preparing the agenda and hand out materials, ensuring the training space is equipped with sufficient computers and Internet access, as well as the comprehensive and communicative presentation itself. The trainer should ideally present in the audience's first or common language and be aware not only of the many technical issues, but also of the audience's needs and cultural specifics.
Technical requirements from the trainer include familiarity with all content presented in the curricula as well as the Digital Security Toolkit and the Digital Security & Privacy for Human Rights Defenders manual. A strong background in Windows XP – 7 and relevant software will aid the trainer during workshops. Additional expertise may be needed in accordance with the audience's needs. This may include experience with mobile telephony and popular platforms of 3G handsets (iPhone, Anroid, BB).
The technique and skill in explaining methodology and tools will be the most important element of a training. The trainer must at all times imagine themselves in the participant's shoes and carefully weigh the language and terms used for presentation. There should not be an unjust assumption as to the prior technical knowledge of the participants or their eagerness to learn any of the presented topics. All exercises and software 'walkthroughs' must be tested in advance and in consideration of the participants' needs and equipment at hand.
Technology trainings' can be dull if the speaker does not make an effort to relate difficult topics to everyday situations and appeal to the real life experience of the participants.
At no time should the trainer assume a manner of technical superiority nor should they explain topics as 'easy' or 'straightforward' as this can bring down morale of individual participants and implant an understanding that only very technical people can understand this material. When helping the participants perform certain actions on their computer, the trainer should never take control of their mouse or keyboard and give all instructions verbally.
It is incredibly advantageous to present information to an audience in a language they understand, i.e. not through a translator. Although there is an existing assumption trainings will be conducted in English, software discussed and used during the trainings is localised into multiple languages. It is recommended that participants install and use software in a language they feel most comfortable in, to ensure comprehension and uptake.
Training space and equipment
Every digital security training will require:
- Digital projector and screen
- At least one computer between two people, preferable one each
- A whiteboard and flip-chart
- Internet connection
- one USB memory stick per participant
An Internet connection (for the whole room) is required to teach any Internet related topics, like secure email, instant messaging, censorship circumvention, etc. Certain Internet ports should be accessible to ensure functionality for software like Tor, Pidgin and others. Most of the software can be run successfully over ports 80 and 443. Thunderbird with Gmail or Riseup will require open ports: 26, 465, 587 and 993. It is preferable that there are no proxy server settings on the local network, however all software tools that may be affected by this issue, can be configured to work over a network proxy. To ensure these settings, you may need to be in prior contact with the network administrator (if any) for the training space you are going to be using.
Since some exercises will require all participants being online at the same time, it is recommended to have at least 128Kb p/s for every 5 attendees (speed limit is based on standard DSL connection).
Computers for people
At least one computer/laptop between two participants is recommended. Participants should try out every exercise themselves and not merely look over someone else's shoulder. Ideally the operating system should be the same on all computers. Due to the internal IT policies, installation of new software may only be done in advance of the training with IT helpdesk's support. Alternatively, only portable software may be loaded and used from the participants' USB memory sticks.
USB Memory Sticks
The majority of software titles necessary for a digital security training can be run entirely from a USB memory stick. A necessary amount of new USB keys, already configured can be bought in advance and distributed to the participants. This will save time during the training and may reduce the risk of passing on viruses between the participants' computers. Some software titles need to be installed on the operating system in order to function properly, and they are described as such in 'Software Modules' section of this guide.
The trainer should lead with examples of good security practices which includes event planning.
- Training location: The venue for the training may likely be in an official training centre but may also take place in a different venue in lieu of available space, equipment and other considerations. The local organisers should be allowed to decide where they feel most comfortable in carrying out this event.
- Pre & post event communication: Should be conducted over a secure channel and as early as possible to ensure time for preparations and participants' attendance
- Photos, paper documents and carry-away materials: Although customary in many cultures, try to avoid unnecessary photo and video documentation of the event.
- Bear in mind that handouts the participants take home with them, including printouts of your presentation, CDs and USB memory devices may be inspected and confiscated by the local security services. Try to reduce any paper trail and demonstrate how to hide and obfuscate information on digital devices.
Evaluating user needs and environment
The trainer needs to understand, in advance, the issues and problems facing participants and what it is they hope to take from the training. There are several common areas of learning that would apply in most cases. Additional information should be sought by the trainer, from the participants and can be done in the form of a pre-training questionnaire (see below).
The most important and difficult task of a digital security trainer is to promote security practices and tools in a holistic manner. There is no one fits all solution to any problem on a computer or the Internet. Better security comes from having awareness of the risks and vulnerabilities as well as access to and familiarity with many different security software and topics. The trainer must present his/her audience with a suitcase full of solutions and continually promote an all inclusive approach to implementing them.