Downloaded 169 times
Uploaded byGareth Davies
Introduction to Information Security
The document provides an introduction to information security, defining key concepts such as confidentiality, integrity, and availability. It emphasizes the importance of strong password management, resource management, and employee education to safeguard against security breaches. The document also highlights the risks of DDoS attacks and recommends using protective services and best practices for platform security.
More Related Content
![Overview of the Cyber Kill Chain [TM]](https://cdn.slidesharecdn.com/ss_thumbnails/cybersecuritykillchain8-161209191549-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Introduction to Information Security
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
Introduction to Information Security
- 1. An Introduction toInformation Security – What? http://www.shaolintiger.com http://www.darknet.org.uk @ShaolinTiger & @THEdarknet on Twitter
- 2. So who amI? Founder & Writer - Top 5 infosec blog in the world - 40,000+ RSS Subscribers - 11,000+ Twitter followers - http://www.darknet.org.uk
- 3. Co-Founded Security-Forums.com - Top3 infosec forum in the World - Founded in 2002 to get out of Usenet - Sold in 2004 to windowsecurity.com
- 4. What is InformationSecurity? - It is quite a vague term – but it can be defined. C AI
- 5.
- 6. Confidentiality - If confidentialityis breached it’s generally classified as a ‘leak’ - Can have legal implications - Bad for your reputation - Hacker only needs read access
- 7. Integrity - Less commonbut more serious - Can cause persistent problems - Possible to remain undetected for a long period - Hacker does need write access
- 8. Availability - This iswhat DDoS attacks do - Usually short term but VERY damaging - Hard to solve - Hacker needs no access
- 9. What can Ido? - Passwords, passwords passwords! - This is THE most important thing
- 10. Use a passwordmanager This will help you to: Generate, maintain & manage strong passwords Use different passwords for every site/service Manage password access for your company Change passwords when employees leave Use KeepassX, LastPass, 1Password or Passpack
- 11. Resource Management - Peoplecan be bad, make sure all master accounts are under the company not under individuals - Separate access so changes can be logged - This is especially critical for tech services such as: - Github - Amazon Web Services - Linode - Bitbucket - Dropbox - Anywhere that your code/resources are stored
- 12. Turn on MAXSecurity - Pretty much all services like AWS/Github etc support 2FA (Two factor authentication) PLEASE TURN IT ON! If not you could end up like Code Spaces.
- 13. Education - The weakestpart of any organisation is always the human element, known in infosec as ‘wetware’ - Prone to social engineering - If you are a company owner or the tech go-to person, it’s your job to educate
- 14. Safe Coding Practises -Use a framework - Don’t EVER EVER EVER EVER trust user input - Always Hash passwords - Build your APIs with Authentication - Check ‘OWASP Top 10’ for more info
- 15. DDoS Protection - Unfortunatelyif you get popular this is a serious risk (Happening to Feedly/Evernote last month) - There are various services that you can look at to mitigate against DDoS attacks: - http://www.incapsula.com/ - https://www.cloudflare.com/ - http://www.akamai.com/
- 16. Platform Security - ALWAYSkeep the core up to date - If you can use a specialist host (WPengine/Page.ly) - Use as few plugins as possible - NEVER pirate themes/plugins as they often contain malware
- 17. The END! Questions? Stalk me@ShaolinTiger or @THEdarknet on Twitter If you are interested in Infosec – http://fb.me/darknetorguk This preso will be on http://slideshare.net/shaolintiger