Skip to main content

Introduction

Welcome to sikkerhet.bouvet.no! ✨

This is the place to go for developers, infrastructure engineers, DevOps personell and anyone else in Bouvet for information on how to developer, operate and manage secure IT solutions for our customers. The overall information found here is also useful for other roles, such as project managers, advisors and anyone else tasked with following up on security in our many projects.

The goal of this site is not to contain everything there is to know about a subject, but rather to communicate the basics on a level anyone can understand.

Another goal is to raise awareness related to security, and the aspects we need to consider when implementing projects. It defines a common vocabulary for Information Security in Bouvet, giving the reader a foundation for further exploration.

Many projects will require a more in-depth breakdown of what information security entails. For these OWASP ASVS is recommended as a starting point. You can also reach out on the #sikkerhet Slack channel.

Remember!

We are going to do our utmost to deliver the most secure solutions and services

What is Information Security?

Information Security is all about securing the following elements of an IT-system: Confidentiality The information contained or processed within the system shall not be available for unauthorized persons.

An example of this can be a misconfigured access control system - Described as Broken Access Control in OWASP Top 10

Integrity The information is accurate, and cannot be modified without authorization or without being detected.

Integrity can be compromized by system defects, allowing a user to manipulate information

Availability The system must be available when needed, and security mechanisms must be implemented in order to protect it.

Security mechanisms are required to mitigate against possible threats, such as a DDoS attack trying to affect availability

How can I use sikkerhet.bouvet.no?

sikkerhet.bouvet.no consists of multiple sections, each containing useful information on specific subjects. You can either select a specific section and study it, or you can start from the beginning and work through the whole thing. Use the information and compare it with your project, and see how you can improve it.

Sections marked 🧙‍♂️, are more in-depth, and the benefits has to be compared to the effort required and the project requirements.

TODO:sikkerhet.bouvet.no can also be downloaded and used as a checklist in your project source.