The document discusses how social networks pose risks like revealing personally identifiable information and social engineering attacks. It emphasizes that organizations need effective social media policies and engaging training programs to exercise due care and diligence. Without these, employees may unintentionally damage an organization's reputation or fall victim to attacks. The presentation argues that blocking social media access is not enough and that policies and training are needed to mitigate risks while allowing organizations to benefit from social networking.
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
This white paper summarizes the results of a survey done by RSA, NYSE Governance Series, and Corporate Board Member, in association with Ernst & Young, with 200 audit committee members responding on a variety of issues regarding their cyber risk oversight program.
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
A webinar I gave in September 2010 about protecting organizations from phishing scams. This talk is based on our research at Carnegie Mellon University.
My article published in the Canadian Institute of Corporate Directors journal, Director, outlining why not only the CIO, but also the COO and CHRO have roles to play in effective cybersecurity leadership
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
This white paper summarizes the results of a survey done by RSA, NYSE Governance Series, and Corporate Board Member, in association with Ernst & Young, with 200 audit committee members responding on a variety of issues regarding their cyber risk oversight program.
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
A webinar I gave in September 2010 about protecting organizations from phishing scams. This talk is based on our research at Carnegie Mellon University.
My article published in the Canadian Institute of Corporate Directors journal, Director, outlining why not only the CIO, but also the COO and CHRO have roles to play in effective cybersecurity leadership
This workshop delivered July 20, 2011 at FOSE 2011 described the elements of a social media governance framework, identified structural and policy statements to include in the social media policy, and describes strategies for capturing and managing social media-generated content as records.
Linkedin the Social Bridge to the IT CommitteeJill Sida
Social media is not just for connecting with peers. The IT Committee actively seeks insights and conversations with vendors on social media.
•2 in 3 are open to connecting with a new vendor.
•3 in 4 are ready to have a conversation with a new vendor on social media.
Trust drives brand perception, and the IT Committee trust LinkedIn more than other websites to receive information relevant to their IT decisions.
The IT Committee are >50% more likely to engage with their vendors on LinkedIn than on other social networks.
Presentation on data security for nonprofit organizations presented by Ken Robey, CISSP, of Security in Focus, Inc., as part of the Project Ignite forum series.
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
The State of Endpoint Risk 2011 study, conducted by the Ponemon Institute, has been published. Learn the latest endpoint protection best practices that can assist in your 2011 security planning, including:
• Increasingly sophisticated malware and the associated costs
• The top 5 applications that concern IT the most
• Third-party and Web 2.0 application usage policies and the importance of security awareness training programs
• Effective methods to communicate with senior management on evolving endpoint risk and its impact to the business
• Technologies that effectively prevent targeted malware and cyber attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
Social engineering relies on momentary weaknesses in people, and it’s easier to deceive someone than it is to hack into systems. VIMRO's Larry Boettger and Michael Horsch Fizz share critical elements in workforce cybersecurity training empowering workers to protect themselves and the company they work for.
Mapping Roles and Responsibilities for Social Media Risk ManagementNexgate
Social media has quickly proven to be a tremendous resource for marketing, human resources, support, and many other business functions. However, that same communications tool can also introduce a significant amount of risk to an organization – risk to corporate compliance, from security threats, employee error and abuse, and much more.
View the slides from Alan Webber, Principal at Asymmetric Insights, John Hair, Director, IT Advisory for KPMG, Chris Walker, Partner at Connect Marketing, and Devin Redmond, Co-Founder & CEO of Nexgate and their webcast on organizational roles and responsibilities in social risk management. Our expert panel shared their insights into how to define and manage enterprise social risk across your social media marketing teams.
You can watch a recording of the webcast here: http://nexgate.com/resources/webcast-roles-and-responsibilities-for-social-risk-management/
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?" with Mac McMillan, FHIMSS, CISM, CEO & Founder, CynergisTek, Inc.
This is the slide eck that we used when we raised $1.2 million from investors for the angel round of IMSafer, back in 2006. The original company name was Collabarent.
How Law Firms Build Trust for Your Business Online (Social Media Policy)Mike Mintz
This presentation gives the legal and business framework for corporations looking to build trust online with their customers. Through partnering with a law firm to craft a custom social media policy, deploy it to staff, and maintain continuous monitoring and litigation support, businesses can more effectively enter the social media space with confidence.
This workshop delivered July 20, 2011 at FOSE 2011 described the elements of a social media governance framework, identified structural and policy statements to include in the social media policy, and describes strategies for capturing and managing social media-generated content as records.
Linkedin the Social Bridge to the IT CommitteeJill Sida
Social media is not just for connecting with peers. The IT Committee actively seeks insights and conversations with vendors on social media.
•2 in 3 are open to connecting with a new vendor.
•3 in 4 are ready to have a conversation with a new vendor on social media.
Trust drives brand perception, and the IT Committee trust LinkedIn more than other websites to receive information relevant to their IT decisions.
The IT Committee are >50% more likely to engage with their vendors on LinkedIn than on other social networks.
Presentation on data security for nonprofit organizations presented by Ken Robey, CISSP, of Security in Focus, Inc., as part of the Project Ignite forum series.
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
The State of Endpoint Risk 2011 study, conducted by the Ponemon Institute, has been published. Learn the latest endpoint protection best practices that can assist in your 2011 security planning, including:
• Increasingly sophisticated malware and the associated costs
• The top 5 applications that concern IT the most
• Third-party and Web 2.0 application usage policies and the importance of security awareness training programs
• Effective methods to communicate with senior management on evolving endpoint risk and its impact to the business
• Technologies that effectively prevent targeted malware and cyber attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
Social engineering relies on momentary weaknesses in people, and it’s easier to deceive someone than it is to hack into systems. VIMRO's Larry Boettger and Michael Horsch Fizz share critical elements in workforce cybersecurity training empowering workers to protect themselves and the company they work for.
Mapping Roles and Responsibilities for Social Media Risk ManagementNexgate
Social media has quickly proven to be a tremendous resource for marketing, human resources, support, and many other business functions. However, that same communications tool can also introduce a significant amount of risk to an organization – risk to corporate compliance, from security threats, employee error and abuse, and much more.
View the slides from Alan Webber, Principal at Asymmetric Insights, John Hair, Director, IT Advisory for KPMG, Chris Walker, Partner at Connect Marketing, and Devin Redmond, Co-Founder & CEO of Nexgate and their webcast on organizational roles and responsibilities in social risk management. Our expert panel shared their insights into how to define and manage enterprise social risk across your social media marketing teams.
You can watch a recording of the webcast here: http://nexgate.com/resources/webcast-roles-and-responsibilities-for-social-risk-management/
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?" with Mac McMillan, FHIMSS, CISM, CEO & Founder, CynergisTek, Inc.
This is the slide eck that we used when we raised $1.2 million from investors for the angel round of IMSafer, back in 2006. The original company name was Collabarent.
How Law Firms Build Trust for Your Business Online (Social Media Policy)Mike Mintz
This presentation gives the legal and business framework for corporations looking to build trust online with their customers. Through partnering with a law firm to craft a custom social media policy, deploy it to staff, and maintain continuous monitoring and litigation support, businesses can more effectively enter the social media space with confidence.
Presentation by Sara Meaney, co-owner of Comet Branding, a PR+Social Media agency, and Kelly Twigger, owner of ESI Attorneys on the legal implications of social media given at BizTech 2010 in Milwaukee, Wisconsin on April 30, 2010.
NFSSC - The Good, the Bad and the Ugly of Social MediaHelen Levinson
Expert advice on how to protect and monitor your brand online
Social media has experienced an explosion of growth over the last few years and has become much more than just a personal tool to have fun and stay connected; it is a vehicle that brands use to market their businesses, services and products online. But along with the benefits of using these tools lie potential pitfalls. Consider if information was leaked online and, even worse, you didn’t know it was out there. Are you prepared for serious damage control? Regularly monitoring your online reputation is crucial in protecting your brand. By following activity on social networks, blogs, message boards, and keeping an eye on YouTube videos, retailers can be aware of issues that arise, in turn respond quickly, minimizing the potential threat.
CIO Executive Series Group virtual roundtable presentation with special guest Kristin Burnham, Web 2.0 Advisor at CIO.com.
TOPIC: Facebook and the CIO - top threats and opportunities within the enterprise
Risks of social media for businesses (and how to manage them)CrowdControlHQ
In a meeting with Security specialists held at the University of Loughborough we discussed the risks of social media and how they can be managed. This is our contribution to the topic.
A presentation of survey results that Grant Thornton, LLP has done on Social Media plus a discussion on Social Analytics and improving Profitability using Social Media.
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social MediaHelen Levinson
While beneficial for marketing purposes, social media activity creates potential pitfalls in terms of protecting a company’s assets and reputation. What if sensitive company information was leaked online and, even worse, you didn’t know it was out there? Are you prepared for serious damage control? A social media expert will show you how to manage and track your online reputation, identify online threats and address compliance issues. Learn investigative techniques to solve retail theft and the six key social media best practices.
(This presentation was given at the Asset Protection Conference 2011 - Food Marketing Institute)
Presentation from Robert Morris University's Bayer Center's TechNow11 conference on why you need social media policies and ways for a nonprofit to minimize risk.
New England Organized Retail Crime Symposium and Tradeshow - The Good, The Ba...Helen Levinson
While beneficial for marketing purposes, social media activity creates potential pitfalls in terms of protecting a company’s assets and reputation. What if sensitive company information was leaked online and, even worse, you didn’t know it was out there? Are you prepared for serious damage control? A social media expert will show you how to manage and track your online reputation, identify online threats and address compliance issues. Learn investigative techniques to solve retail theft and the six key social media best practices.
(This presentation was given at the New England Organized Retail Crime Symposium and Tradeshow)
From Social Media to Social Business - Marketing in the 'Social Age'Stefan Pfeiffer
Presentation on how Marketing needs to change in the 'Social Age' from Mass Marketing to 1:1 Marketing taking in particular Social Channels and behaviors into consideration. A bit of a focus on Healthcare due to the fact, that this was presented for one of our Healthcare customers.
Effective Training and Policy Takes the Fear out of Social Networking - Shawn Davis - NETSECURE 2011
1. Effective Training and Policy Takes
the Fear out of Social Networking
Shawn Davis
NETSECURE 2011
2. Presentation Goals:
• To provide an overview of social networks and common
attack vectors
• Best practices for initial social media policy creation
• Make the case for the need of an engaging and interesting
end-user training program
3. What is a Social Network?
• Is it a website designed to allow you to share pictures
of your cat with the masses?
• Or a means to post by the minute details of your dental
appointment?
4. What is a Social Network?
♦ A social network is like a “digital version of a
relationship.”
(Messmer, 2009)
5. Why is this important to realize?
• Relationships offline are built on establishing trust.
• Online relationships often skip this step.
Q- Would you give a stranger on the street your home
address, cell phone number, spouse’s name, your
birth date, job title, and information on current
projects at your work?
A- Of course not!
♦ However, people give out this information online
EVERY DAY!
6. Top 4 Social Networking Sites:
• Estimated unique monthly visitors:
• 550 million
• 90.5 million
• 89.8 million
• 50 million
(eBizMBA, 2010)
10. Personally Identifiable Information (PII)
• Main Risk to User = Identity Theft
• Main Risk to Organization = Logon Credential Acquisition
• Password guessing and narrowing down cracking
parameters:
• Password reset forms:
11. PII - Logon Credential Acquisition
• Attackers will often circulate surveys and quizzes like this
one:
(Dinerman, 2010)
12. PII
• Valuable PII for attackers is mostly found across
Facebook, Myspace, and LinkedIn.
• Real Life Example:
- Hacker GMZ was able to guess the password of a
Twitter support staffer ultimately taking control of
33 high profile accounts including Britney Spears,
U.S. President Obama, and Fox News.
• PII also aids another common type of attack that requires
more creativity from an attacker:
(McMillan, 2009)
14. What is Social Engineering?
• Social Engineering – Threat that occurs when an
an attacker uses social skills to trick a user into
revealing their password or other confidential
information.
• Social Engineering attacks are widely used across all four
of the top social networking sites
15. Social Engineering
• The attacker will study PII, message posts, and friend lists
in order to learn more about their target and develop a
trust relationship.
• It has been documented that many cyber criminals
would rather engineer a user to uncover information than
use their efforts to attack technology and controls for
security.
(Tiptop & Krause, 2007)
16. Social Engineering - Phishing
• Phishing – Targets “a specific user or group of users and
attempts to deceive the user into performing
an action that launches an attack.”
• This attack is usually carried out through Cross Site
Scripting (XSS), keyloggers, worms, or other malware.
• Distribution: 52% by a user opening an attachment
36% by a user clicking a link
9% by link redirect
3% unknown
(FCIOC, 2009, p.9) & (Graham, 2009)
17. Social Engineering - Phishing
• PII from social media sites make messages more
believable.
• Malware embedded links on wall posts of social media
allow for greater distribution.
• Shortened URL services such as http://tinyurl.com/ and
http://bit.ly/ are used to hide these malicious sites.
18. Social Engineering - Phishing
• What happens if an account is compromised as well?
20. Reputation Damage
• Users give a play-by-play of their life on social networking
sites.
• Possible threats to organizations include:
- Embarrassment
- Market share loss
- Revenue losses
- Legal liability
♦ 74% of 2,008 employed adults surveyed by Deloitte agreed
that it is easy to damage a company’s reputation on social
media.
http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/us_2009_ethics_workplace_survey_220509.pdf
21. Reputation Damage – Real Life Examples
• Employee of a campground chain posts a spreadsheet
showing reservation statuses for their campsites on
Facebook that contains customer credit card numbers.
• The former chief marketing officer at Eastman Kodak admits
to accidentally posting a damaging tweet about a product
they had worked six months to protect.
• A worker at a major fried chicken chain posts, “I just posted
a funny video of myself frying a rodent at the restaurant
where I work.”
(Mitchell, 2009, Dinerman, 2010)
22. Reputation Damage – Legal Liability
• What if your employee at work posts a derogatory
statement about a competitor or individual that is untrue?
- Your organization could be sued for defamation
from practically any country or state.
♦ If no policy is in place preventing this action, your
organization may even be pulled into litigation if an
employee does this off hours from a home account.
23. Reputation Damage – Legal Liability
• What happens if you try to terminate an employee after
they damage the reputation of your organization or
another party’s?
- An employee fired for making the damaging posts
could take legal recourse against their employer if
the employee can prove that a policy was either
not in place forbidding the action or that they were
not made aware of it.
24. Legal Responsibility
• An organization is legally responsible to exercise due care
and due diligence in regards to social networking use by
its employees.
25. Due Care and Due Diligence:
• To demonstrate due care, an organization must take
measures to ensure that every employee is aware of
what is and is not acceptable in the workplace as well
as the consequences of actions that are illegal or unethical.
• To demonstrate due diligence, an organization needs to
partake in continual activities to protect others.
(Whitman & Mattord, 2010)
26. How to exercise Due Care?
♦ A social media policy MUST be in place and actively
updated for EVERY organization.
♦ An engaging social media training program MUST be in
place for ALL employees (including executives.)
♦ Policy compliance documentation
♦ Training completion documentation
27. Due Care (cont)
♦ Short quiz to demonstrate comprehension.
♦ Clear consequences to violations must be listed in your
social media policy.
♦ These consequences must be enforced company-wide
(including executives.)
♦ Don’t forget about policy review and training for
subsequent new hires!
28. How to exercise Due Diligence?
♦ Annual review of your social media policy with
IT, HR, and your legal department
♦ Annual refresher training for all employees
and executives.
♦ Short annual refresher quiz.
♦ Again, keep records of all training and signatures.
29. If a simple policy and training program can mitigate this
much risk, then all organizations probably already have
their own in place…
Right?
31. How often is a Social Media policy not in
place?
• Two surveys from 2009 that asked employers and
executives if their organization has a formal policy
in place for social media use:
Manpower Survey of 11,000 Deloitte Survey of 500
Employers Business Executives
2% 6%
29% Yes 22% Yes
No No
69% Unsure Unsure
72%
32. ♦ A 2009 survey by ad agency Russell Herder and law firm
Ethos Business Law asked 438 respondents these questions:
Do you have concerns about social
media and its implications for both
corporate security and reputation Have you implemented
damage? social media guidelines?
No Yes
19% 33%
No
Yes
81% 67%
33. If this is so important, why the low numbers?
1. Lack of engagement from upper management towards
information security.
-C-Level financial and administrative support is vital for
any information security department to function.
2. Some organizations only focus on technological solutions
Technology based solutions need to complement policy
and training, not replace.
34. If this is so important, why the low numbers?
3. An organization may just block all access to social media
and hope for the best.
-Blocking these sites without instilling policy will not
protect an organization from potential litigation.
-Blocking would also take away all of the benefits that
social media has to offer such as:
-Increased collaboration
-Greater interactive relationship with customers
-Sales and marketing strategies
-Incentivized working conditions for employees
35. Another large benefit - New Customer
Acquisition:
Organizations that have acquired new
customers through social networking:
Small Business
26%
41%
Medium
Companies
Large Firms
33%
• Regus survey of 15,000 business owners of all sizes
worldwide
http://www.regus.presscentre.com/imagelibrary/downloadMedia.ashx?MediaDetailsID=463
36. How to take the fear out of social media?
♦ An effective social media policy in combination with an
effective end user training program is the best way to
prevent threats from:
-PII
-Social Engineering / Phishing
-Reputation Damage
-Potential Litigation
37. Social Media Policy Creation:
• A social media policy is really just an extension of an
organization’s acceptable use and other existing policies.
• The creation of this document should be a joint effort by:
-Information Security
-Information Technology
-Human Resources
-Legal
-End Users
38. Social Media Policy Creation: (Cont)
• Led by a team leader employed in an Information Security or
Risk Management function.
• Project champion with the ear of upper management to
ensure financial and administrative support.
(Whitman & Mattord, 2010)
• A good first step is to review policies of other organizations.
41. Social Media Policy Creation: (Cont)
• Each organization will likely have different philosophies on
social media use.
• For example: A liberal arts college, a global corporation,
and a government agency will mostly likely not all be able
to use the same social media policy.
42. A Liberal Arts College:
• Unrestricted information sharing and allow open access to
all social networking.
• Policy may focus on guidelines for posting but will still
need to cover all potential threats.
43. A Liberal Arts College: (Cont)
• University of Michigan’s social media policy starts with
general rules to follow and then has separate guidelines
for posting as an individual versus posting on behalf of the
University.
• They end with safety and privacy tips that cover the topics
of privacy, PII, liabilities, and malware.
44. A Global Corporation:
• May utilize social media for brand management as well as
a sales and marketing tool.
• Policy will need to cover all possible threats and may focus
on reputation damage and data leaks.
45. A Global Corporation: (Cont)
• Coca-Cola Company’s social media policy starts with their
company vision and commitments and then delves into
principals and expectations.
• They also have guidelines on posting for individual use
versus company business use.
46. A Global Corporation: (Cont)
• Certified online spokespeople: These certified
spokespeople are the only employees allowed to speak on
behalf of Coca-Cola online.
♦ This is a great idea!
• Their online spokespeople are also expected to follow 10
specific principles:
47. A Global Corporation: (Cont)
1. Be Certified in the Social Media Certification Program.
2. Follow our Code of Business Conduct and all other Company
polices.
3. Be mindful that you are representing the Company.
4. Fully disclose your affiliation with the Company.
5. Keep records.
6. When in doubt, do not post.
7. Give credit where credit is due and don’t violate others’
rights.
8. Be responsible to your work.
9. Remember that your local posts can have global significance.
10. Know that the internet is permanent.
48. A Government Agency:
• The government agency will often have the strictest
requirements in regards to social media use.
49. A Government Agency: (Cont)
• The Federal CIO council created a document in 2009
entitled Guidelines for Secure Use of Social Media by
Federal Departments and Agencies.
• “The decision to embrace social media technology is a risk-
based decision, not a technology based decision.”
50. A Government Agency: (Cont)
• Sections on risk, social media traits, and recommendations
for controls.
• Assists an agency in making a business case for social
media use based on a risk management approach.
• Mentions spear phishing, social engineering, and web
applications attacks as main risks to a government agency.
51. Social Media Policy Creation: (Cont)
• After reviewing various policies, choose a few that are
similar to your organization’s mission as a reference point.
• The next step – Evaluate your own organization’s social
networking use.
-Involve end users
-Find out what future plans sales, marketing, etc has
for using social media.
-InfoSec should analyze likely threats from
organizational use as well as personal use from end
users at work and at home.
52. Social Media Policy Creation: (Cont)
• Start the creation process and involve HR.
(Refer the end user to review their employment
agreement and handbook early on in the new policy.)
• The employee handbook and acceptable use policy should
be updated to list the consequences of not abiding by the
guidelines of the new social media policy.
• Guidelines in the new policy should be based on
information and feedback from end users, IS, and HR.
53. Social Media Policy Creation (Cont)
• Issue specific policies need to be rewritten to account for
social media use.
• Once all sections and guidelines are complete, your legal
department should review the final draft of the new
social media policy and any changes to other existing
policies to cover all potential legal liabilities.
• Once a final draft is approved by all parties involved, it
should be submitted for approval by upper management.
54. Social Media Policy Distribution
• A step that is often missed is distribution of the new
policy!
• A Deloitte survey of 2,008 employees found that:
- 24% didn’t know if they had a policy
- 11% said there is a policy but don’t know what it is.
• You spent all of this time making the policy, don’t forget to
distribute it!
55. Social Media Policy Distribution (Cont)
• Distribution can be in paper or electronic form:
(Needs to document that the user has agreed to the
terms and conditions with a signature and date.)
• This is to protect an organization from a user stating that
they were not aware of the policy from a liability stand-
point.
• Be sure to file a copy as well as present a copy to the end
user.
57. Social Media Training:
• Training program should be designed during the policy
creation process.
• It is very difficult for an employee to state in court that
they were unaware of a policy when it can be documented
that they have completed a training program.
• All employees from the CEO down are required to attend
for compliance and to reflect a company-wide effort.
58. Social Media Training: (Cont)
• Training should be interesting, interactive and engaging!
♦ Goal of the training should be to gain the buy-in of
your end-users.
♦ First step is to prove to end-users that damage from
PII, Social Engineering, and Reputation Damage can
actually happen very easily.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87. Convinced that this could happen to you now?
• Show end-users that poor security habits not only affect
their company but could affect them personally as well:
88.
89.
90. Social Media Training (Cont)
• Also go over:
-What PII is okay and what should be removed.
-More examples of Reputation Damage.
-How to defend against Social Engineering attempts.
-How to avoid falling for Phishing attempts.
-Examples of current malware schemes
-Using very difficult password reset questions.
-Not using the same password for all sites.
-Not friending anyone unless you know them well.
91. Social Media Training (Cont)
• It only takes one random friending to erase privacy
controls!
93. Social Media Training (Cont)
• A quick side note about rainbow tables:
-1 PC can crack even a strong password in seconds.
-Most rainbow tables are not currently calculated out
past fourteen places at the moment.
94. Social Media Training (Cont)
• After the training is over don’t forget to retain that signed
completion document for each end-user.
• Also, don’t forget about new hires at their orientation and
follow-up trainings for all users.
95. Just think if after the training…
-Users finally saw the value of strong passwords and
no longer minded mandatory password changes…
-Malware infections on client systems decreased 70%
from users truly understanding which attachments
not to open…
-Users took a moment to think before they post…
-Executives appreciated the value of your job role…
96. Accomplish all of that and…
You have then increased security awareness and started
to develop that coveted security conscious culture within
your organization!
98. Research:
My paper and list of sources:
http://www.itm.iit.edu/data/IIT-
ITMwhitepaperTrainingAndPolicyForSocialNetworking.pdf
Shawn Davis’ email – sdavis17@iit.edu
Questions?