Learn how to build an information security program from scratch in this 26-minute conference talk. Explore essential steps from initial goals and inventory to implementing logging, physical security, and system monitoring. Discover the benefits of various tools, including a central syslog server, Snort IDS, and Nagios. Examine the pros and cons of different setups, and gain insights into future considerations for expanding your infosec program. Ideal for those starting in cybersecurity or looking to enhance their existing security infrastructure.
Overview
Syllabus
Introduction
Goals
Inventory and Logging
Don't Forget Physical Security Devices
System Monitoring Server V1
Benefits of Tools
Central Syslog Server
Snort IDS
Request Tracker
Nagios Config Example
Server V1 Pitfalls
Additional Tools with Security Onion
ELSA Rules/Alerts
Pros of the Current Setup
Limitations of the Current Setup
Future Considerations
Conclusion
Questions?
References
