Social Media Security Risk Slide Share Version

2,525 views

Published on

Social Media Security Risk

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,525
On SlideShare
0
From Embeds
0
Number of Embeds
43
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Social Media Security Risk Slide Share Version

  1. 1. Social Media Security:How Social Media May Leave You VulnerableTimothy YoungbloodDell, Compliance and Information Security Officer
  2. 2. Social media platforms have entered the enterprise 24hrs of Video per300 Million Users 75 Million Accts Min 3% Growth Per 6 Million Unique 3 Million Auto Week Visitors Connects 30 Billion Page 65 Million Tweets 2 Billion Views Per Views Per Day Per Day Day Public Sector / Private Sector Business Partners/Customers/End Users 2
  3. 3. Security managers have to apply rules to these open platforms 3
  4. 4. You have new risk that needs to be managed Malware Reputation Data Leakage 4
  5. 5. Integrated Social Media security strategy to address key risk Social Media Remote Access Outsourcer Compliance 5
  6. 6. Identify your risk, assess technology and policy /control mitigations Policy Technology Risk 6
  7. 7. Social Media exposes a new threat vector in the enterprise 7
  8. 8. Every platform has a weakness • Too Much Info (TMI) • Phishing • Password Sloth • Account Hi-Jacking 8
  9. 9. Facebook/MySpace/ect.. 9
  10. 10. Twitter 10
  11. 11. YouTube 11
  12. 12. Social Media in the headlinesTwitter virus amongshortest on record ….Mark ZuckerbergsFacebook Page Hacked ….YouTube Hack HitsBieber Fans…. 12
  13. 13. Femee Fatale 13
  14. 14. Credential Phishing 14
  15. 15. Taxonomy of Exposure Service Disclosed Entrusted Data Data DataIncidental Behavioral Derived Data Data Data 15
  16. 16. Service Data, Disclosed Data 16
  17. 17. Entrusted Data, Incidental Data 17
  18. 18. Behavioral Data, Derived Data 18
  19. 19. Technology counter measures exist to address the threats 19
  20. 20. Responding to Social Media Threats Policy People Threats Process Technology 20
  21. 21. Federal Guidelines Guidelines for Secure Use of Social Media by Federal Departments and Agencies  Training  Network Controls  Host Controls  Policy Controlswww.cio.gov/library/ 21
  22. 22. Secure Alternatives 22
  23. 23. Brand Protection Firm 23
  24. 24. Defense in Depth with Social Media in mind 24
  25. 25. Network/Client Security Hardened ACL’s Host Security Agent IPS Lockdown Policy Firewall Drive Encryption Perimeter Perimeter 25
  26. 26. Threat & Vulnerability Mgt Logging & Alerting 26
  27. 27. Securing the Mobile Workforce 27
  28. 28. Specialized Solutions 28
  29. 29. Social Mention 29
  30. 30. Websense Advanced Classification Engine (ACE)• Real-time security classification• Real-time content classification• Websense PreciseID™ technology data identification• Reputation services• URL filtering 30
  31. 31. Governance must be integrated into your strategy 31
  32. 32. Policies Protect the OrganizationOver SharingInformation(Intellectual Property)Mixing Business withPersonal info(Tweet/Facebook/MySpace/ect..) RageConnection indulgenceClick HappinessPassword Sloth 32
  33. 33. IAN Study10% 34%2008 2009 33
  34. 34. Guidelines• Protect information• Be transparent and disclose• associations• Follow the law, follow the Code• Be responsible• Be nice, have fun and connect 34
  35. 35. Controls ensure policies are followed • Change Implementation • Information Security • Program Development • Disaster Recovery • Contracting • Facilities • IT Governance • IT Operations 35
  36. 36. CoBIT 36
  37. 37. Risk IT 37
  38. 38. ISACA – Social Media PresenceStrategy and • Has a risk assessment been conducted to map risks to the enterprise present by use of social media?Governance • Has effective training been conducted for all users, and People do users receive regular awareness communications regarding policies and risks? • Have business processes that utilize social media been Process reviewed to ensure that they are aligned with policies and standards of the enterprise? • Does IT have a strategy and the supporting capabilitiesTechnology to manage technical risks presented by social media? 38
  39. 39. Relationships with key stakeholders 39
  40. 40. Inclusive of a Team Team Members 1. IT 2. Marketing/Sales 3. Legal 4. External / Internal Audit 5. Compliance 6. Privacy 7. Ethics
  41. 41. Key Topics 41
  42. 42. Social Media Security StrategyRisk TechnologySocial MediaPlatforms Defined? Policy How do currentHow are the solutions address Are employeesplatforms utilized? the threats? trained on how toWho is currently Are there supporting use Social Media?utilizing them? technologies to Are there supporting address risk? controls and policies? 42

×