InfoSec is back for another seaon at BanklessDAO

Program Name: BanklessDAO Information Security Team Program Champion: BogDrakonov#1337 Start Date: August 8th, 2022 End Date: October 30th, 2022 Meeting Discussions: InfoSec Meetings are held Wednesdays at 7pm EST

Program Justification

BanklessDAO members and crypto users as a whole have suffered many personal security breaches of their wallets, accounts, and other resources. After a serious round of Discord Nitro phishing campaigns 1 and a constant raid of spam bots, and scammers in Season 3, and random continued attacks throughout Season 4, the DAO’s need for an InfoSec team remains high in Season 5. We’ve seen a few long standing members also get hit with sophisticated phishing attacks targeting BANK holders.

InfoSec continues to manage GitHub, Google Workspace, and AWS as we continue to leverage some of these Web2 vendors for the benefit of the DAO.

We plan on continuing to fine tune our anti-spam/scam measures as well as improve our educational materials in Season 5. In Season 5 we plan to host live training and workshops to teach everything from Crypto Wallet Security 101 to advanced personal OpSec to avoid falling for scams.

The success of the InfoSec team will be measurable by a few key points:

• BanklessDAO members, contributors, and guests gain an overall better understanding of how to stay safe online, and how to remain safe when transacting on EVM-based networks.
• BanklessDAO remains secure against data breaches, attacks, vandalism, and theft/fraud.
• Educational programs and content around information security, resulting in peer to peer education amongst Discord members, and the wider Bankless community
• Timely support and operations of Web2 vendors under the InfoSec Team’s purview.

Program Terms

The BanklessDAO InfoSec team is cross-functional in nature, as information security is everyone’s responsibility. In order to remain transparent, the InfoSec team acts as an independent “project” and is not tied to any guild. We will collaborate heavily with every guild and project to provide security advice and operations wherever they may be needed. Some core cross-collab operations include:

• Gatekeeping access and evaluating Principle of Least Privilege across the DAO.
• Monitoring and alerting on critical systems where an intrusion would publicly harm the DAO (ie: defaced websites, DEGEN infrastructure takeover, email spam from @bankless.community addresses, etc…)
• Securing the bankless.community DNS service with logged and gated access via Route53
• Help with improvements to onboarding new DAO members, and the DAO-curious to proper personal operational security (OpSec) around protecting your accounts and assets. (ie: First quest security tasks, easy to follow guides and educational material, newsletter and Medium content)
• Collaborate with various projects during their design to help keep a “Security First” mindset without getting in the way of work
• Collaborate with the Writers Guild and EPA to develop and publish content both in bDAO’s Weekly Rollup and on its Medium page. At least initially, there would be a regular - InfoSec or OpSec column to provide a forum to educate DAO members on best practices in the Weekly rollup.