Abstract
Around the world, domestic violence, human trafficking, and stalking affect millions of lives every day. According to a report published by the Center for Disease Control and Prevention in January 2015, every minute 20 people fall victim to physical violence perpetrated by an intimate partner in the United States (US). As offenders use advancements in technology to perpetuate abuse and isolate victims, the scale of services provided by crisis organizations must rise to meet the demand while keeping a close eye on potential digital security vulnerabilities. It has been reported in general media and research that phishing emails, social engineering attacks, denial of service attacks, and other data breaches are gaining popularity and affecting business environments of all sizes and in any sector, including organizations dedicated to working with victims of violence.
To address this, an exploratory research study to identify the current state of information security within the US-based non-profit crisis organizations was conducted. This study identified the gaps between a theoretical maximum level of information security and the observed level of information security in organizations working with victims of violence inspired by a recognized and respected framework, National Institute of Standards and Technology (NIST) Cybersecurity Framework. This research establishes the critical foundation for researchers, security professionals, technology companies, and crisis organizations to develop assessment tools, technology solutions, training curriculum, awareness programs, and other strategic initiatives specific to crisis organizations and other non-profit organizations to aid them in improving information security for themselves and the victims they serve.