Introduction

Overview

This is an introduction to basic information security practices ("InfoSec101") for professionals dealing with sensitive information, such as journalists, doctors, lawyers, counselors, political activists, and so forth. Contents:

Resources

1. InfoSec101. How can you keep your information private and secure? An introduction (covering more secure passwords, browsing, chatting, etc.), including a curated, commented list of recommended software.

2. What to do next. A concrete list of some quick and simple steps, for users of computers (OS X, Windows), and smart phones (iOS, Android), and a list of further guides.

3. If you're not yet convinced that one ought to care about Information Security, there is some background, motivation, examples, and quotes.

4. If you wish, you can read more on the technical background.

Presentation

This short presentation was given to the Foreign Correspondents Club in HK in February 2015. Here is an alternative version, somewhat drier, but more comprehensive.

Updates

• 2015-12-25: Added reminder to avoid short passwords and use at least 12 characters; added GCF Internet Safety link
• 2015-11-23: Added short youtube video on Clients, Servers, Protocols from Udacity to the Technical Background page.
• 2015-11-19: Added the (advanced) OS X Security and Privacy Guide.
• 2015-11-15: Ed Snowden, in an interview with The Intercept, recommends:
  • use Signal by Open Whisper Systems,
  • encrypt your hard disk,
  • use a password manager,
  • enable Two-Factor-Authentication.
  • use Tor,
  • use ad block software.
• 2015-10-05: Reporta, security app designed for journalists, might not be as secure as claimed.
• 2015-09-22: More security flaws and fixes for Flash. Really - just uninstall it completely.
• 2015-03-02: Open Whisper Systems released Signal 2.0 for iPhone. This is the recommended solution now for voice and text chat for iOS (Signal) and Android (RedPhone, TextSecure).

Meta-Notes

These documents are intended as a supplement to an introductory talk on Information Security for (non-IT) professionals.

Thus:

• They're not necessarily elaborate enough to be fully self-contained.
• They're not meant to elucidate every aspect comprehensively and objectively, but to give some opionated advice on "the best" tool to use for users with
  • average technical IT background, and
  • somewhat above average need for privacy and security of information.

Thanks

Feedback from Joseph Bonneau, Dr Melanie Bryan, Silkie Carlo, Nan-Hie In, Michael Lee, Pete Membrey, Larry Salibra, Max Veytsman, Leonhard Weese gratefully acknowledged.