Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to Information Security


Published on

A short talk about Information Security, mainly focusing on start-ups and entrepreneurs.

Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.

Published in: Technology

Introduction to Information Security

  1. 1. An Introduction to Information Security – What?    @ShaolinTiger & @THEdarknet on Twitter
  2. 2. So who am I? Founder & Writer - Top 5 infosec blog in the world - 40,000+ RSS Subscribers - 11,000+ Twitter followers -
  3. 3. Co-Founded - Top 3 infosec forum in the World - Founded in 2002 to get out of Usenet - Sold in 2004 to
  4. 4. What is Information Security? - It is quite a vague term – but it can be defined. C AI
  5. 5. CIA? Confidentiality Integrity Availability
  6. 6. Confidentiality - If confidentiality is breached it’s generally classified as a ‘leak’ - Can have legal implications - Bad for your reputation - Hacker only needs read access
  7. 7. Integrity - Less common but more serious - Can cause persistent problems - Possible to remain undetected for a long period - Hacker does need write access
  8. 8. Availability - This is what DDoS attacks do - Usually short term but VERY damaging - Hard to solve - Hacker needs no access
  9. 9. What can I do? - Passwords, passwords passwords! - This is THE most important thing
  10. 10. Use a password manager  This will help you to:  Generate, maintain & manage strong passwords  Use different passwords for every site/service  Manage password access for your company  Change passwords when employees leave  Use KeepassX, LastPass, 1Password or Passpack
  11. 11. Resource Management - People can be bad, make sure all master accounts are under the company not under individuals - Separate access so changes can be logged - This is especially critical for tech services such as: - Github - Amazon Web Services - Linode - Bitbucket - Dropbox - Anywhere that your code/resources are stored
  12. 12. Turn on MAX Security - Pretty much all services like AWS/Github etc support 2FA (Two factor authentication) PLEASE TURN IT ON! If not you could end up like Code Spaces.
  13. 13. Education - The weakest part of any organisation is always the human element, known in infosec as ‘wetware’ - Prone to social engineering - If you are a company owner or the tech go-to person, it’s your job to educate
  14. 14. Safe Coding Practises - Use a framework - Don’t EVER EVER EVER EVER trust user input - Always Hash passwords - Build your APIs with Authentication - Check ‘OWASP Top 10’ for more info
  15. 15. DDoS Protection - Unfortunately if you get popular this is a serious risk (Happening to Feedly/Evernote last month) - There are various services that you can look at to mitigate against DDoS attacks: - - -
  16. 16. Platform Security - ALWAYS keep the core up to date - If you can use a specialist host (WPengine/ - Use as few plugins as possible - NEVER pirate themes/plugins as they often contain malware
  17. 17. The END! Questions? Stalk me @ShaolinTiger or @THEdarknet on Twitter If you are interested in Infosec – This preso will be on