The Information Security Big Picture

Information security is an increasingly critical part of life, yet it can be a struggle to keep the hackers at bay. This course tackles some common misunderstandings and gets straight to the heart of what's essential to know about infosec today.
Course info
Rating
(173)
Level
Beginner
Updated
Nov 22, 2016
Duration
2h 17m
Table of contents
Description
Course info
Rating
(173)
Level
Beginner
Updated
Nov 22, 2016
Duration
2h 17m
Description

Security is an essential part of everyday life, from how you create accounts on websites, to how you use your mobile devices, to the activities you perform behind the corporate firewall. However, major information security incidents have become an everyday occurrence that are only growing in scale and impact. This course, The Information Security Big Picture, presents a raft of security fundamentals and sets forth to distill many of the common myths people believe in that frequently put them at greater risk. You'll start by looking at some of the problems we're facing in the industry and why everyone needs to have the security discussion. You'll then go over some of the misconceptions that tend to be repeated time and time again. You'll also go over some of the problems with passwords, how you can mitigate the risks and what long-accepted password "truth" is now being approached differently. After completing this evidence-based approach to security, you should have a firm grasp of the essentials of infosec today.

About the author
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Modern Browser Security Reports
Beginner
57m
Aug 3, 2018
More courses by Troy Hunt
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, this is Troy Hunt and welcome to the Information Security Big Picture. I am a Microsoft Regional Director MVP and very frequent Pluralsight author from my home here in Australia. We have a security problem, a big one and a lot of this is because we just don't get many of the fundamental principles that are essential to working with modern day connected systems. For example, we assume that just because our organization has a corporate firewall, that everything behind it is safe, but it's not and in fact very frequently there are already attackers inside the network, but this course isn't just about networks and firewalls, it's about all sort of aspects of security we frequently just don't get right. We make incorrect trust assumptions about which sites are safe and which ones are dangerous. We believe that antivirus will protect us from malware, when it simply can't keep up. Even the security principles we've believed for so long are adapting. We are now being told not to force regular password changes. This course dispels many of the myths about information security. It looks at what's happening in the real world, what the evidence tells us about security. It's a big picture course too, so it can be consumed by anyone regardless of their technical depths. I really enjoyed creating this course, especially dispelling some of the myths about security and I really hope you enjoy watching it.

The Soft Center Within Our Networks
One of the most fundamental security misunderstandings we have in this industry is people thinking what's inside the network, behind the firewall, is secure. This thinking leads to this term that you often hear about the soft center within the network. Where the network is the hard shell and then inside there's not the same focus on security because nothing bad get in through the hard shell, right? Let's go ahead and look at the overview of the module. We're going to talk a lot about the perimeter. Now the perimeter may be the gateway into your own home network. Very often when we talk about perimeter, it's what protects corporate networks. Many companies have very large corporate networks behind the firewall, not directly exposed to the public web and therefore people think that they're protected by that perimeter. By being protected, the bad guys stay out, and the good guys inside are okay. This is the traditional thinking and it's a very black and white position. Bad guys outside but not able to get in, good guys inside not needing to worry because the bad guys are outside. But it's a very simplistic view and what we're finding is that it's an increasingly flawed view. The bad guys are getting in. In fact, many times the bad guys even come from the inside in the first place. And that's very counterintuitive to the thinking that many people have about the sanctity of networks that are protected by a perimeter. Let's go and have a look at just how insecure that perimeter can be.

The Security Lies We Tell Ourselves
We humans can be very good at convincing ourselves of the things that we want to believe. And one area that we particularly do that in is information security. In this module, I want to talk about a number of areas where we have certain beliefs about how security works, which really just aren't that accurate. And in fact, in some cases, they actually put us more at risk. Let's go and look at what we're going to cover in the module. People frequently don't realize that they're convincing themselves of a falsehood. Now, I'm sure we can apply that statement to all aspects of life, but in security, which is both high-tech and also an environment that does change quite a bit, it's particularly true, especially as we start to look beyond non-technical people. But the thing is, it's also a very fluid state. So there may well be beliefs, which were quite accurate, say, a decade ago, but now turn out to be rather risky beliefs. Those beliefs aren't always based on fact. In fact, sometimes they're quite aspirational, so they're a belief of how people would like things to be, as opposed to a factual representation of how they actually are. Knowing the difference is really important. And just establishing that this is something that happens, and I'm going to give you a really good example of that, is something that we really need people to understand better. Let's go and jump into the module and talk about what sorts of sites might be dangerous to browse.