Your SlideShare is downloading. ×
Introduction to Information Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Introduction to Information Security

6,692
views

Published on

A short talk about Information Security, mainly focusing on start-ups and entrepreneurs. …

A short talk about Information Security, mainly focusing on start-ups and entrepreneurs.

Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
6,692
On Slideshare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. An Introduction to Information Security – What?  http://www.shaolintiger.com  http://www.darknet.org.uk  @ShaolinTiger & @THEdarknet on Twitter
  • 2. So who am I? Founder & Writer - Top 5 infosec blog in the world - 40,000+ RSS Subscribers - 11,000+ Twitter followers - http://www.darknet.org.uk
  • 3. Co-Founded Security-Forums.com - Top 3 infosec forum in the World - Founded in 2002 to get out of Usenet - Sold in 2004 to windowsecurity.com
  • 4. What is Information Security? - It is quite a vague term – but it can be defined. C AI
  • 5. CIA? Confidentiality Integrity Availability
  • 6. Confidentiality - If confidentiality is breached it’s generally classified as a ‘leak’ - Can have legal implications - Bad for your reputation - Hacker only needs read access
  • 7. Integrity - Less common but more serious - Can cause persistent problems - Possible to remain undetected for a long period - Hacker does need write access
  • 8. Availability - This is what DDoS attacks do - Usually short term but VERY damaging - Hard to solve - Hacker needs no access
  • 9. What can I do? - Passwords, passwords passwords! - This is THE most important thing
  • 10. Use a password manager  This will help you to:  Generate, maintain & manage strong passwords  Use different passwords for every site/service  Manage password access for your company  Change passwords when employees leave  Use KeepassX, LastPass, 1Password or Passpack
  • 11. Resource Management - People can be bad, make sure all master accounts are under the company not under individuals - Separate access so changes can be logged - This is especially critical for tech services such as: - Github - Amazon Web Services - Linode - Bitbucket - Dropbox - Anywhere that your code/resources are stored
  • 12. Turn on MAX Security - Pretty much all services like AWS/Github etc support 2FA (Two factor authentication) PLEASE TURN IT ON! If not you could end up like Code Spaces.
  • 13. Education - The weakest part of any organisation is always the human element, known in infosec as ‘wetware’ - Prone to social engineering - If you are a company owner or the tech go-to person, it’s your job to educate
  • 14. Safe Coding Practises - Use a framework - Don’t EVER EVER EVER EVER trust user input - Always Hash passwords - Build your APIs with Authentication - Check ‘OWASP Top 10’ for more info
  • 15. DDoS Protection - Unfortunately if you get popular this is a serious risk (Happening to Feedly/Evernote last month) - There are various services that you can look at to mitigate against DDoS attacks: - http://www.incapsula.com/ - https://www.cloudflare.com/ - http://www.akamai.com/
  • 16. Platform Security - ALWAYS keep the core up to date - If you can use a specialist host (WPengine/Page.ly) - Use as few plugins as possible - NEVER pirate themes/plugins as they often contain malware
  • 17. The END! Questions? Stalk me @ShaolinTiger or @THEdarknet on Twitter If you are interested in Infosec – http://fb.me/darknetorguk This preso will be on http://slideshare.net/shaolintiger