UC Berkeley’s Citizen Clinic helped launch the cybersecurity clinic model and offers here open-source resources in basic cybersecurity – now augmented by the additional resources found at the Consortium of Cybersecurity Clinics that we helped establish and co-lead.
Curricula
| Link | Description |
| Citizen Clinic Course Syllabus | Description of course outline, materials, and modules |
| Modules | |
| 1. Introduction to Public Interest Cybersecurity | Introduction to core themes of the course such as access to cybersecurity, the threat landscape, and the role of ethical considerations in undertaking this work |
| 2. Ethics and the Citizen Clinic Code of Conduct | Coverage of ethics harms and challenges for the work of Citizen Clinic and cybersecurity as a whole |
| 3. Old School INFOSEC: Basic Controls | Introduction on security control tools and methods of organizational policy |
| 4. Digital Surveillance of Politically Vulnerable Organizations: The Threat Landscape | Exploration of common surveillance threats and the factors contributing to an attack |
| 5. Problem Diagnosis and Reframing | Overview of problem reframing methodology in the context of cybersecurity security and Citizen Clinic work |
| 6. Threat Modeling & Bounding Risk Assessments | Introduction to describing the state of cybersecurity protection of an organization with a focus on recognizing threats and vulnerabilities |
| 7. Contextual & Capacity Research | Coverage of methods and frameworks to analyze different organizational aspects that impact security with respect to differences in organizational type and industry |
| 8. Information Gathering | Comparison and contrast between interviews and surveys in collecting information from organizational members regarding security |
| 9. Open Source Research Methods, Safety, and Tools | Overview of open source investigative techniques and their limitations in gathering information about an organization, an individual, or their contexts |
| 10. Adversary Persona Development | Overview of the rationales and planning of different kinds of cybersecurity attacks to better understand how identity, motivations, and resources can describe the who |
| 11. Threat Scenario Development | Description of a framework to generate threat scenarios to better describe organizational vulnerabilities to clients |
| 12. Changing Security Behaviors | Description of the psychology of why individuals think the way they do regarding organizational security and threats as a way to better assess how to implement habit changes |
| 13. Social Engineering and Phishing | Overview of how security breaches occur due to attackers understanding human behavior and practicing specific interpersonal techniques to bypass security measures |
| 14. Designing Security Training | Development of an effective security training program |
| 15. Psychosocial Resilience | Overview of the overlap between mental wellness and organizational security and measures to improve resilience in an organizational |
| 16. Harmful Information (Misinformation and Harassment) | Description of a framework to assess and interpret threats of harmful information by organization type |
| Reading Materials & Guides | |
| Readings Lists | Compiled list of all articles, tools, and related media for modules |
| Case Studies in Client Engagement with Cybersecurity Clinics | Profiles of past Citizen Clinic projects with different organizational types |
| Baseline Organizational Security Guide for Low Risk Organizations (White Paper) | Guidance on how to set up a security policy for nonprofits and public interest organizations with little cybersecurity foundation |
| Creating Virtual Identities Guide | Guidance on the presence of identity and how to best disguise one’s self in cyberspace |
| Using Virtual Private Networks Guide | Guidance on setting up and using Virtual Private Networks |
| Security Evaluation Framework for Open Source Investigative Techniques | Guidance on best use of publicly available information and tools while protecting the researcher’s presence |
Comments or Ideas? Email us at citizenclinic@berkeley.edu.
License for written content: CC BY 3.0. See original sources for license information of any images and linked publications.
