Introduction to Information Security


Published on

A short talk about Information Security, mainly focusing on start-ups and entrepreneurs.

Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Introduction to Information Security

  1. 1. An Introduction to Information Security – What?    @ShaolinTiger & @THEdarknet on Twitter
  2. 2. So who am I? Founder & Writer - Top 5 infosec blog in the world - 40,000+ RSS Subscribers - 11,000+ Twitter followers -
  3. 3. Co-Founded - Top 3 infosec forum in the World - Founded in 2002 to get out of Usenet - Sold in 2004 to
  4. 4. What is Information Security? - It is quite a vague term – but it can be defined. C AI
  5. 5. CIA? Confidentiality Integrity Availability
  6. 6. Confidentiality - If confidentiality is breached it’s generally classified as a ‘leak’ - Can have legal implications - Bad for your reputation - Hacker only needs read access
  7. 7. Integrity - Less common but more serious - Can cause persistent problems - Possible to remain undetected for a long period - Hacker does need write access
  8. 8. Availability - This is what DDoS attacks do - Usually short term but VERY damaging - Hard to solve - Hacker needs no access
  9. 9. What can I do? - Passwords, passwords passwords! - This is THE most important thing
  10. 10. Use a password manager  This will help you to:  Generate, maintain & manage strong passwords  Use different passwords for every site/service  Manage password access for your company  Change passwords when employees leave  Use KeepassX, LastPass, 1Password or Passpack
  11. 11. Resource Management - People can be bad, make sure all master accounts are under the company not under individuals - Separate access so changes can be logged - This is especially critical for tech services such as: - Github - Amazon Web Services - Linode - Bitbucket - Dropbox - Anywhere that your code/resources are stored
  12. 12. Turn on MAX Security - Pretty much all services like AWS/Github etc support 2FA (Two factor authentication) PLEASE TURN IT ON! If not you could end up like Code Spaces.
  13. 13. Education - The weakest part of any organisation is always the human element, known in infosec as ‘wetware’ - Prone to social engineering - If you are a company owner or the tech go-to person, it’s your job to educate
  14. 14. Safe Coding Practises - Use a framework - Don’t EVER EVER EVER EVER trust user input - Always Hash passwords - Build your APIs with Authentication - Check ‘OWASP Top 10’ for more info
  15. 15. DDoS Protection - Unfortunately if you get popular this is a serious risk (Happening to Feedly/Evernote last month) - There are various services that you can look at to mitigate against DDoS attacks: - - -
  16. 16. Platform Security - ALWAYS keep the core up to date - If you can use a specialist host (WPengine/ - Use as few plugins as possible - NEVER pirate themes/plugins as they often contain malware
  17. 17. The END! Questions? Stalk me @ShaolinTiger or @THEdarknet on Twitter If you are interested in Infosec – This preso will be on