SlideShare une entreprise Scribd logo

Introduction to Information Security

Télécharger en tant que PPTX, PDF
Gareth Davies
Gareth Davies

A short talk about Information Security, mainly focusing on start-ups and entrepreneurs. Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.

Technologie
1  sur  17
An Introduction to Information Security – What?  http://www.shaolintiger.com  http://www.darknet.org.uk  @ShaolinTiger & @THEdarknet on Twitter
So who am I? Founder & Writer - Top 5 infosec blog in the world - 40,000+ RSS Subscribers - 11,000+ Twitter followers - http://www.darknet.org.uk
Co-Founded Security-Forums.com - Top 3 infosec forum in the World - Founded in 2002 to get out of Usenet - Sold in 2004 to windowsecurity.com
What is Information Security? - It is quite a vague term – but it can be defined. C AI
CIA? Confidentiality Integrity Availability
Confidentiality - If confidentiality is breached it’s generally classified as a ‘leak’ - Can have legal implications - Bad for your reputation - Hacker only needs read access
Integrity - Less common but more serious - Can cause persistent problems - Possible to remain undetected for a long period - Hacker does need write access
Availability - This is what DDoS attacks do - Usually short term but VERY damaging - Hard to solve - Hacker needs no access
What can I do? - Passwords, passwords passwords! - This is THE most important thing
Use a password manager  This will help you to:  Generate, maintain & manage strong passwords  Use different passwords for every site/service  Manage password access for your company  Change passwords when employees leave  Use KeepassX, LastPass, 1Password or Passpack
Resource Management - People can be bad, make sure all master accounts are under the company not under individuals - Separate access so changes can be logged - This is especially critical for tech services such as: - Github - Amazon Web Services - Linode - Bitbucket - Dropbox - Anywhere that your code/resources are stored
Turn on MAX Security - Pretty much all services like AWS/Github etc support 2FA (Two factor authentication) PLEASE TURN IT ON! If not you could end up like Code Spaces.
Education - The weakest part of any organisation is always the human element, known in infosec as ‘wetware’ - Prone to social engineering - If you are a company owner or the tech go-to person, it’s your job to educate
Safe Coding Practises - Use a framework - Don’t EVER EVER EVER EVER trust user input - Always Hash passwords - Build your APIs with Authentication - Check ‘OWASP Top 10’ for more info
DDoS Protection - Unfortunately if you get popular this is a serious risk (Happening to Feedly/Evernote last month) - There are various services that you can look at to mitigate against DDoS attacks: - http://www.incapsula.com/ - https://www.cloudflare.com/ - http://www.akamai.com/
Platform Security - ALWAYS keep the core up to date - If you can use a specialist host (WPengine/Page.ly) - Use as few plugins as possible - NEVER pirate themes/plugins as they often contain malware
The END! Questions? Stalk me @ShaolinTiger or @THEdarknet on Twitter If you are interested in Infosec – http://fb.me/darknetorguk This preso will be on http://slideshare.net/shaolintiger

Recommandé

Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information securityRashad Aliyev
 
Internet security
Internet securityInternet security
Internet securityTapan Khilar
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityNeil Parker
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Billtrust
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Home cyber security
Home cyber securityHome cyber security
Home cyber securityMichael File
 

Recommandé

Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information securityRashad Aliyev
 
Internet security
Internet securityInternet security
Internet securityTapan Khilar
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityNeil Parker
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Billtrust
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Home cyber security
Home cyber securityHome cyber security
Home cyber securityMichael File
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYPranjalShah18
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Jobayer Almahmud Hossain (RHCA, RHCDS, RHCSS)
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsDominikaJoanna
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Cyber security
Cyber securityCyber security
Cyber securityHarsh verma
 
10 steps to cyber security
10 steps to cyber security10 steps to cyber security
10 steps to cyber securityTevfik Üret
 
Cybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedCybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedProf .Pragati Khade
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionSkyport Systems
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityTushar Nikam
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBhandari Hìmáñßhü
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaTheko Moima
 
Cyber security
Cyber securityCyber security
Cyber securityvishakha bhagwat
 
Cyber security snowe vazeer
Cyber security snowe vazeerCyber security snowe vazeer
Cyber security snowe vazeersnowe123
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYharsh arora
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 

Contenu connexe

Tendances

General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
10 steps to cyber security
10 steps to cyber security10 steps to cyber security
10 steps to cyber securityTevfik Üret
 
Cybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedCybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedProf .Pragati Khade
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionSkyport Systems
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaTheko Moima
 
Cyber security snowe vazeer
Cyber security snowe vazeerCyber security snowe vazeer
Cyber security snowe vazeersnowe123
 

Tendances (20)

General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Internet Threats
Internet ThreatsInternet Threats
Internet Threats
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber security
Cyber securityCyber security
Cyber security
 
10 steps to cyber security
10 steps to cyber security10 steps to cyber security
10 steps to cyber security
 
Cybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedCybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-converted
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval Protection
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security snowe vazeer
Cyber security snowe vazeerCyber security snowe vazeer
Cyber security snowe vazeer
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 

En vedette

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Building Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLBuilding Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLGareth Davies
 
High Performance Wordpress
High Performance WordpressHigh Performance Wordpress
High Performance WordpressGareth Davies
 
The History Of The Future
The History Of The FutureThe History Of The Future
The History Of The FutureGareth Davies
 
High Availabiltity & Replica Sets with mongoDB
High Availabiltity & Replica Sets with mongoDBHigh Availabiltity & Replica Sets with mongoDB
High Availabiltity & Replica Sets with mongoDBGareth Davies
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Introduction To Information Systems Security 365 765
Introduction To Information Systems Security 365 765Introduction To Information Systems Security 365 765
Introduction To Information Systems Security 365 765Nicholas Davis
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recoverymadunix
 

En vedette (20)

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Information security
Information securityInformation security
Information security
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Information security management
Information security managementInformation security management
Information security management
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Building Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLBuilding Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KL
 
High Performance Wordpress
High Performance WordpressHigh Performance Wordpress
High Performance Wordpress
 
The History Of The Future
The History Of The FutureThe History Of The Future
The History Of The Future
 
High Availabiltity & Replica Sets with mongoDB
High Availabiltity & Replica Sets with mongoDBHigh Availabiltity & Replica Sets with mongoDB
High Availabiltity & Replica Sets with mongoDB
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Introduction To Information Systems Security 365 765
Introduction To Information Systems Security 365 765Introduction To Information Systems Security 365 765
Introduction To Information Systems Security 365 765
 
Sharing of Information
Sharing of InformationSharing of Information
Sharing of Information
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recovery
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 

Similaire à Introduction to Information Security

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
C:\Fakepath\Ethical Hacking
C:\Fakepath\Ethical HackingC:\Fakepath\Ethical Hacking
C:\Fakepath\Ethical Hackingsumit dimri
 
PHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsPHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsxsist10
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
M|18 How InfoArmor Harvests Data from the Underground Economy
M|18 How InfoArmor Harvests Data from the Underground EconomyM|18 How InfoArmor Harvests Data from the Underground Economy
M|18 How InfoArmor Harvests Data from the Underground EconomyMariaDB plc
 
Modern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetModern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetmatt806068
 
Chapter 6 network security
Chapter 6 network securityChapter 6 network security
Chapter 6 network securitySyaiful Ahdan
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024Michael Noel
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Introduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityIntroduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityRobert Hurlbut
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 

Similaire à Introduction to Information Security (20)

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
 
C:\Fakepath\Ethical Hacking
C:\Fakepath\Ethical HackingC:\Fakepath\Ethical Hacking
C:\Fakepath\Ethical Hacking
 
PHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsPHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projects
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
M|18 How InfoArmor Harvests Data from the Underground Economy
M|18 How InfoArmor Harvests Data from the Underground EconomyM|18 How InfoArmor Harvests Data from the Underground Economy
M|18 How InfoArmor Harvests Data from the Underground Economy
 
Rails Security
Rails SecurityRails Security
Rails Security
 
Modern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetModern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budget
 
We are losing our tweets!
We are losing our tweets!We are losing our tweets!
We are losing our tweets!
 
Chapter 6 network security
Chapter 6 network securityChapter 6 network security
Chapter 6 network security
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwords
 
Introduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityIntroduction to Personal Privacy and Security
Introduction to Personal Privacy and Security
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 

Dernier

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

Dernier (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 

Introduction to Information Security

  • 1. An Introduction to Information Security – What?  http://www.shaolintiger.com  http://www.darknet.org.uk  @ShaolinTiger & @THEdarknet on Twitter
  • 2. So who am I? Founder & Writer - Top 5 infosec blog in the world - 40,000+ RSS Subscribers - 11,000+ Twitter followers - http://www.darknet.org.uk
  • 3. Co-Founded Security-Forums.com - Top 3 infosec forum in the World - Founded in 2002 to get out of Usenet - Sold in 2004 to windowsecurity.com
  • 4. What is Information Security? - It is quite a vague term – but it can be defined. C AI
  • 6. Confidentiality - If confidentiality is breached it’s generally classified as a ‘leak’ - Can have legal implications - Bad for your reputation - Hacker only needs read access
  • 7. Integrity - Less common but more serious - Can cause persistent problems - Possible to remain undetected for a long period - Hacker does need write access
  • 8. Availability - This is what DDoS attacks do - Usually short term but VERY damaging - Hard to solve - Hacker needs no access
  • 9. What can I do? - Passwords, passwords passwords! - This is THE most important thing
  • 10. Use a password manager  This will help you to:  Generate, maintain & manage strong passwords  Use different passwords for every site/service  Manage password access for your company  Change passwords when employees leave  Use KeepassX, LastPass, 1Password or Passpack
  • 11. Resource Management - People can be bad, make sure all master accounts are under the company not under individuals - Separate access so changes can be logged - This is especially critical for tech services such as: - Github - Amazon Web Services - Linode - Bitbucket - Dropbox - Anywhere that your code/resources are stored
  • 12. Turn on MAX Security - Pretty much all services like AWS/Github etc support 2FA (Two factor authentication) PLEASE TURN IT ON! If not you could end up like Code Spaces.
  • 13. Education - The weakest part of any organisation is always the human element, known in infosec as ‘wetware’ - Prone to social engineering - If you are a company owner or the tech go-to person, it’s your job to educate
  • 14. Safe Coding Practises - Use a framework - Don’t EVER EVER EVER EVER trust user input - Always Hash passwords - Build your APIs with Authentication - Check ‘OWASP Top 10’ for more info
  • 15. DDoS Protection - Unfortunately if you get popular this is a serious risk (Happening to Feedly/Evernote last month) - There are various services that you can look at to mitigate against DDoS attacks: - http://www.incapsula.com/ - https://www.cloudflare.com/ - http://www.akamai.com/
  • 16. Platform Security - ALWAYS keep the core up to date - If you can use a specialist host (WPengine/Page.ly) - Use as few plugins as possible - NEVER pirate themes/plugins as they often contain malware
  • 17. The END! Questions? Stalk me @ShaolinTiger or @THEdarknet on Twitter If you are interested in Infosec – http://fb.me/darknetorguk This preso will be on http://slideshare.net/shaolintiger