SlideShare a Scribd company logo

Introduction to Information Security

Download as PPTX, PDF
Gareth Davies
Gareth Davies

A short talk about Information Security, mainly focusing on start-ups and entrepreneurs. Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.

Technology
1 of 17
An Introduction to Information Security – What?  http://www.shaolintiger.com  http://www.darknet.org.uk  @ShaolinTiger & @THEdarknet on Twitter
So who am I? Founder & Writer - Top 5 infosec blog in the world - 40,000+ RSS Subscribers - 11,000+ Twitter followers - http://www.darknet.org.uk
Co-Founded Security-Forums.com - Top 3 infosec forum in the World - Founded in 2002 to get out of Usenet - Sold in 2004 to windowsecurity.com
What is Information Security? - It is quite a vague term – but it can be defined. C AI
CIA? Confidentiality Integrity Availability
Confidentiality - If confidentiality is breached it’s generally classified as a ‘leak’ - Can have legal implications - Bad for your reputation - Hacker only needs read access
Integrity - Less common but more serious - Can cause persistent problems - Possible to remain undetected for a long period - Hacker does need write access
Availability - This is what DDoS attacks do - Usually short term but VERY damaging - Hard to solve - Hacker needs no access
What can I do? - Passwords, passwords passwords! - This is THE most important thing
Use a password manager  This will help you to:  Generate, maintain & manage strong passwords  Use different passwords for every site/service  Manage password access for your company  Change passwords when employees leave  Use KeepassX, LastPass, 1Password or Passpack
Resource Management - People can be bad, make sure all master accounts are under the company not under individuals - Separate access so changes can be logged - This is especially critical for tech services such as: - Github - Amazon Web Services - Linode - Bitbucket - Dropbox - Anywhere that your code/resources are stored
Turn on MAX Security - Pretty much all services like AWS/Github etc support 2FA (Two factor authentication) PLEASE TURN IT ON! If not you could end up like Code Spaces.
Education - The weakest part of any organisation is always the human element, known in infosec as ‘wetware’ - Prone to social engineering - If you are a company owner or the tech go-to person, it’s your job to educate
Safe Coding Practises - Use a framework - Don’t EVER EVER EVER EVER trust user input - Always Hash passwords - Build your APIs with Authentication - Check ‘OWASP Top 10’ for more info
DDoS Protection - Unfortunately if you get popular this is a serious risk (Happening to Feedly/Evernote last month) - There are various services that you can look at to mitigate against DDoS attacks: - http://www.incapsula.com/ - https://www.cloudflare.com/ - http://www.akamai.com/
Platform Security - ALWAYS keep the core up to date - If you can use a specialist host (WPengine/Page.ly) - Use as few plugins as possible - NEVER pirate themes/plugins as they often contain malware
The END! Questions? Stalk me @ShaolinTiger or @THEdarknet on Twitter If you are interested in Infosec – http://fb.me/darknetorguk This preso will be on http://slideshare.net/shaolintiger

Recommended

Web security
Web securityWeb security
Web securitySubhash Basistha
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and AwarenessSanjiv Arora
 

Recommended

Web security
Web securityWeb security
Web securitySubhash Basistha
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and AwarenessSanjiv Arora
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
HACKING
HACKINGHACKING
HACKINGD's Surti
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 

More Related Content

What's hot

Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virussumitra22
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 

What's hot (20)

Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
HACKING
HACKINGHACKING
HACKING
 
Spoofing
SpoofingSpoofing
Spoofing
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Torjan horse virus
Torjan horse virusTorjan horse virus
Torjan horse virus
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Network Security
Network SecurityNetwork Security
Network Security
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 
Cyber security
Cyber securityCyber security
Cyber security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 

Viewers also liked

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Building Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLBuilding Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLGareth Davies
 
High Performance Wordpress
High Performance WordpressHigh Performance Wordpress
High Performance WordpressGareth Davies
 
The History Of The Future
The History Of The FutureThe History Of The Future
The History Of The FutureGareth Davies
 
High Availabiltity & Replica Sets with mongoDB
High Availabiltity & Replica Sets with mongoDBHigh Availabiltity & Replica Sets with mongoDB
High Availabiltity & Replica Sets with mongoDBGareth Davies
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Introduction To Information Systems Security 365 765
Introduction To Information Systems Security 365 765Introduction To Information Systems Security 365 765
Introduction To Information Systems Security 365 765Nicholas Davis
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recoverymadunix
 

Viewers also liked (20)

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Information security
Information securityInformation security
Information security
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Information security management
Information security managementInformation security management
Information security management
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Building Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLBuilding Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KL
 
High Performance Wordpress
High Performance WordpressHigh Performance Wordpress
High Performance Wordpress
 
The History Of The Future
The History Of The FutureThe History Of The Future
The History Of The Future
 
High Availabiltity & Replica Sets with mongoDB
High Availabiltity & Replica Sets with mongoDBHigh Availabiltity & Replica Sets with mongoDB
High Availabiltity & Replica Sets with mongoDB
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Introduction To Information Systems Security 365 765
Introduction To Information Systems Security 365 765Introduction To Information Systems Security 365 765
Introduction To Information Systems Security 365 765
 
Sharing of Information
Sharing of InformationSharing of Information
Sharing of Information
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recovery
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 
Information security
Information securityInformation security
Information security
 

Similar to Introduction to Information Security

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
C:\Fakepath\Ethical Hacking
C:\Fakepath\Ethical HackingC:\Fakepath\Ethical Hacking
C:\Fakepath\Ethical Hackingsumit dimri
 
PHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsPHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsxsist10
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
M|18 How InfoArmor Harvests Data from the Underground Economy
M|18 How InfoArmor Harvests Data from the Underground EconomyM|18 How InfoArmor Harvests Data from the Underground Economy
M|18 How InfoArmor Harvests Data from the Underground EconomyMariaDB plc
 
Modern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetModern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetmatt806068
 
Chapter 6 network security
Chapter 6 network securityChapter 6 network security
Chapter 6 network securitySyaiful Ahdan
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024Michael Noel
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Introduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityIntroduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityRobert Hurlbut
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 

Similar to Introduction to Information Security (20)

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
 
C:\Fakepath\Ethical Hacking
C:\Fakepath\Ethical HackingC:\Fakepath\Ethical Hacking
C:\Fakepath\Ethical Hacking
 
PHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsPHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projects
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
M|18 How InfoArmor Harvests Data from the Underground Economy
M|18 How InfoArmor Harvests Data from the Underground EconomyM|18 How InfoArmor Harvests Data from the Underground Economy
M|18 How InfoArmor Harvests Data from the Underground Economy
 
Rails Security
Rails SecurityRails Security
Rails Security
 
Modern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetModern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budget
 
We are losing our tweets!
We are losing our tweets!We are losing our tweets!
We are losing our tweets!
 
Chapter 6 network security
Chapter 6 network securityChapter 6 network security
Chapter 6 network security
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwords
 
Introduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityIntroduction to Personal Privacy and Security
Introduction to Personal Privacy and Security
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Introduction to Information Security

  • 1. An Introduction to Information Security – What?  http://www.shaolintiger.com  http://www.darknet.org.uk  @ShaolinTiger & @THEdarknet on Twitter
  • 2. So who am I? Founder & Writer - Top 5 infosec blog in the world - 40,000+ RSS Subscribers - 11,000+ Twitter followers - http://www.darknet.org.uk
  • 3. Co-Founded Security-Forums.com - Top 3 infosec forum in the World - Founded in 2002 to get out of Usenet - Sold in 2004 to windowsecurity.com
  • 4. What is Information Security? - It is quite a vague term – but it can be defined. C AI
  • 6. Confidentiality - If confidentiality is breached it’s generally classified as a ‘leak’ - Can have legal implications - Bad for your reputation - Hacker only needs read access
  • 7. Integrity - Less common but more serious - Can cause persistent problems - Possible to remain undetected for a long period - Hacker does need write access
  • 8. Availability - This is what DDoS attacks do - Usually short term but VERY damaging - Hard to solve - Hacker needs no access
  • 9. What can I do? - Passwords, passwords passwords! - This is THE most important thing
  • 10. Use a password manager  This will help you to:  Generate, maintain & manage strong passwords  Use different passwords for every site/service  Manage password access for your company  Change passwords when employees leave  Use KeepassX, LastPass, 1Password or Passpack
  • 11. Resource Management - People can be bad, make sure all master accounts are under the company not under individuals - Separate access so changes can be logged - This is especially critical for tech services such as: - Github - Amazon Web Services - Linode - Bitbucket - Dropbox - Anywhere that your code/resources are stored
  • 12. Turn on MAX Security - Pretty much all services like AWS/Github etc support 2FA (Two factor authentication) PLEASE TURN IT ON! If not you could end up like Code Spaces.
  • 13. Education - The weakest part of any organisation is always the human element, known in infosec as ‘wetware’ - Prone to social engineering - If you are a company owner or the tech go-to person, it’s your job to educate
  • 14. Safe Coding Practises - Use a framework - Don’t EVER EVER EVER EVER trust user input - Always Hash passwords - Build your APIs with Authentication - Check ‘OWASP Top 10’ for more info
  • 15. DDoS Protection - Unfortunately if you get popular this is a serious risk (Happening to Feedly/Evernote last month) - There are various services that you can look at to mitigate against DDoS attacks: - http://www.incapsula.com/ - https://www.cloudflare.com/ - http://www.akamai.com/
  • 16. Platform Security - ALWAYS keep the core up to date - If you can use a specialist host (WPengine/Page.ly) - Use as few plugins as possible - NEVER pirate themes/plugins as they often contain malware
  • 17. The END! Questions? Stalk me @ShaolinTiger or @THEdarknet on Twitter If you are interested in Infosec – http://fb.me/darknetorguk This preso will be on http://slideshare.net/shaolintiger