canlı sex sohbet - sohbet hattı numaraları - sex hattı - sohbet numara - canlı sohbet hatları - sex hattı - bonus veren siteler casino siteleri
SKeyes Center for Media and Cultural Freedom - Samir Kassir Foundation

The State of Digital Security among Lebanese Independent Media Organizations

Monday , 02 May 2022
Design: Mahmoud Younis

This research was conducted to assess the digital security posture among independent media organizations in Lebanon. It is significant for media organizations in Lebanon to maintain a good standard of digital security, especially in an era when press freedom is increasingly under attack.

 

Media organizations, along with individual journalists, are constantly urged to protect their communications and the information they gather. However, media organizations tend to neglect digital security practices in favor of expediency.

 

With media production moving faster toward total digitalization, digital security concerns will keep targeting these organizations and the personnel they hire.

 

Although journalists working within media outlets do occasionally receive digital security training, it is often tailored for individuals not organizations. In order to ensure that basic security measures are applied, said security measures should be institutionalized and governed by organizational policies.

 

Should digital security remain neglected by outlets, there could be severe consequences on multiple levels: financial, reputational, and even physical repercussions.

 

Usually, cybersecurity incidents are accompanied by financial loss due to data compromise, damage, or even website downtime (losing advertisement). These losses are typically a burden on the outlet. Furthermore, a security incident, such as a social media account being hijacked, could lead to reputational damage either for the individual or the media organization due to extortion/blackmail. Additionally, in case of investigative journalism, if the identity of a whistleblower or confidential source was revealed, it could lead to physical danger (or even death).

 

The aim of this research is to examine the digital security posture of independent media organizations in Lebanon in order to increase their digital resilience. This study identified the existing digital security practices and policies through a standard survey.

 

To identify patterns and make generalizations, a unified survey was sent to all the participating organizations in this study. The survey had 13 questions, 10 of which were pertaining to the current implementation of digital security safeguards. An inherent limitation within this research is the number of safeguards that were examined. A 10-question survey will not be able to provide an accurate assessment for the entire digital security posture of an organization, which requires a more rigorous process. Furthermore, it is highly likely that the individuals who filled in the survey are executives with varying degrees of technical background; thus they might not be particularly well versed on the subject.

 

The total number of technical questions was limited to 10. For that, the researchers needed to identify 10 safeguards that can describe the basic digital security measures that any organization should take. Moreover, knowing that the studied media organizations are small-to-medium organizations, relevant security measure standards were explored. As such, two cybersecurity documentations were referred to:

 

  1. Canadian Centre for Cyber Security - Baseline Cyber Security Controls for Small and Medium Organizations
  2. UK National Cyber Security Centre - Small Business Guide: Cyber Security

 

As for scoring, each safeguard question had multiple choice answers and each choice was weighted differently with a range from 0 to 5. The organization needed to fill in the survey by answering the questions based on their implementation level/phase of each safeguard. In case the organization was fully implementing the safeguard or an existing policy, then the score for such an answer is 5 points. Meanwhile, if the organization was partially implementing the safeguard; the weighted choice score will be lowered (1-4). However, the organization might have never implemented or have not been aware of such safeguard in which case the score will be zero. All in all, the total range of score is between 0 (lowest) and 50 (highest) points.

 

The score was framed in a risk reduction mindset. The organizations were informed that the full implementation of the 10 examined safeguards will only reduce the risks associated with them, yet will not totally eliminate risks. As mentioned earlier, implementing 10 safeguards will not achieve the basic cyber hygiene, but it will enhance the digital security posture of the organization, with the assumption that the more safeguards fully implemented by the organization, the lower the associated risks are. A full score of 50/50 does not mean that the organization is fully secure. It is by no means the intent of this assessment to provide the organization with a false sense of security. The risk scale is a mere visual presentation that has direct correlation with associated risks of the indicated safeguards.

Share News