I need a crash course in information security
April 6, 2015 1:05 PM   Subscribe

I have until tomorrow to acquire a broad (though not necessarily deep) understanding of the basic concepts of information security, current hot topics in the field, and who the major players are in education and training. I realize this is a complex field, but I don't need to become an expert. I just need to be casually and comfortably conversant. Can you point me to some online reading that can serve as a crash course?

My personal comfort with tech concepts is above average, but my current knowledge is largely limited to things I've absorbed peripherally through mass media. Can you recommend sites, articles, primers, etc. that I can access online tonight that can help me improve my knowledge level quickly?
posted by DirtyOldTown to Computers & Internet (14 answers total) 25 users marked this as a favorite
 
I should clarify that I am not intending to pass myself off as more knowledgeable than I am. I just want to be able to follow what is said in a situation where these topics are bound to come up.
posted by DirtyOldTown at 1:11 PM on April 6, 2015


The Electronic Frontier Foundation offers a lot of information in Surveillance Self-Defense: Tips, Tools and How-tos for Safer Online Communications, including overviews and tutorials.
posted by Little Dawn at 1:12 PM on April 6, 2015


h/t Bangaioh, in this previous Askme, which may also be helpful for a quick overview of issues related to information security.
posted by Little Dawn at 1:21 PM on April 6, 2015


Any particular areas? Here are some to get you started:

The OWASP Top Ten Project highlights a list of what's considered the current-worst sorts of vulnerabilities in web applications. The Internet Storm Center is run by SANS, which is also in the business of training/certification in a variety of areas. They publish a fair amount of information for free, too. Infosec Institute is another organization that does this as well.

Many vendors publish regular blogs on current goings-on in the infosec space. Examples: Kaspersky, FireEye, BlueCoat, and Cisco.

Brian Krebs is a go-to for breaches and ATM skimming news. He's broken the stories on just about every big breach in the last couple of years. Dark Reading is also pretty good.
posted by jquinby at 1:23 PM on April 6, 2015 [4 favorites]


I worked in insurance for a few years. Information security was a big deal there. I will recommend you read a quick overview of some HIPAA stuff, from the U.S. government:
Summary of the HIPAA Security Rule

Like most types of security, people are your biggest risk. Training people doing entry level work to be aware of information security best practices was one of the big responsibilities of the people working on information security at the company where I worked. You can have all the best tech in the world, if your people are lackadaisical and unaware, it won't make any real impact. It's super easy to be in violation of HIPAA.
posted by Michele in California at 1:24 PM on April 6, 2015


In addition to what others have already said, SANS will have some good resources on specific topics and they have a category just for the basics.
posted by schnee at 1:27 PM on April 6, 2015


To dovetail with Michele in California's (excellent) recommendation to glance at HIPAA, you may also as well take a peek at PCI DSS, which (for better or worse) governs credit card handling and security.
posted by jquinby at 1:28 PM on April 6, 2015


Bruce Schneier is the grand old man of the information security field. He started out by publishing several very deep books about cryptography. He then had the good sense to learn that humans are the most complicated and random aspect of information security, so he changed the focus of his work to identity, trust, and motivation. Schneier publishes a monthly newsletter that is a good overview of the field.
posted by Multicellular Exothermic at 2:17 PM on April 6, 2015 [3 favorites]


You may find some useful information on the website of the International Association of Privacy Professionals (IAPP).
posted by DuckGirl at 2:25 PM on April 6, 2015


Schneier publishes a monthly newsletter that is a good overview of the field.

Seconding this. I am only casually conversant in a lot of this stuff as well--mostly wondering how this stuff affects libraries--so I'm often looking for "Getting started" stuff not deep stuff. I also have my Google News landing page include their Computer Security category (link may not work) and I get a good overview of current topics as well as vocabulary from there. The EFF's privacy coverage is worthwhile. There are also some people who regularly tweet goings-on that may be helpful to keep as background info. I really like Dymaxion (she comes from a very seriously activist background which may not be what you are looking for but she is smart, concise and well-read) this InfoSec list, and InfoSec Taylor Swift for semi-serious lulz.
posted by jessamyn at 2:30 PM on April 6, 2015 [2 favorites]


I passed CompTIA Security Plus (low bar, I know) in two days after watching some videos like this one and skimming a study guide like this one (which is probably available used somewhere near you).
posted by j_curiouser at 4:42 PM on April 6, 2015


I marked some best answers, but every bit of this page was helpful. Thanks everybody.
posted by DirtyOldTown at 10:04 AM on April 7, 2015


This was for a job interview, btw. And I totally got the job.
posted by DirtyOldTown at 12:46 PM on May 7, 2015 [15 favorites]


Congratulations! This just went from interesting story to made my day.
posted by maxsparber at 2:43 PM on May 7, 2015


« Older What the monk is he doing?   |   Why would an army of spoofers hammer my cell phone... Newer »
This thread is closed to new comments.