Kim Jensen, profile picture
Uploaded byKim Jensen
721 views

Mitigating Web 2.0 Threats

The document discusses the evolving threats posed by Web 2.0 technologies, highlighting security challenges such as identity theft, data leaks, and cross-site scripting. It emphasizes the need for a multi-faceted approach to security that includes both technical and managerial recommendations, advocating for updates to policies and the use of advanced protective measures. The conclusion stresses the importance of a holistic security strategy to address the unique risks associated with interactive web technologies.

Embed presentation

Downloaded 20 times
Mitigating Web 2.0 Threats Or, “This isn’t your mother’s internet!” David Sherry CISSP CISM Chief Information Security Officer Sponsored By: Brown University
Security @ Brown •Security evangelism •Public Safety support •Incident Response Team •Human Resources support •Audit support •Records Management •Compliance and legal •Business Continuity standards •Disaster Recovery •Firewalls, IDS, IPS, VPN, •Copyright / DMCA agent sniffers, A/V, DNS, etc…. •Discipline Committee •Security audits and •Mandatory / elective training certifications •Awareness 2
Today’s Agenda (or is it a mashup?) • Our changing world of security • What is web 2.0? • Attack vectors and areas of concern • The evolution of the threats….they’re nothing new! • What should be focused on • Recommendations to reduce the threat
Our World is Changing May you live in interesting times….. Chinese Proverb • Compliance is a key competency of security pros • Identity Theft is fastest growing crime • President’s Cyber Security Initiative provides spotlight • Online underground economy has matured • National and global economy means “do more with less” • Threat evolution: • Infrastructure > web/messaging > DLP > Web 2.0
What is Web 2.0? Used with permission via Creative Commons: http://kosmar.de/archives/2005/11/11/the-huge-cloud-lens-bubble-map-web20/
What is Web 2.0? From Wikipedia: (which is, itself, a 2.0 phenomenon) "Web 2.0" refers to web development and web design that facilitates interactive information sharing, interoperability, user-centered design and collaboration on the World Wide Web. Examples of Web 2.0 include web-based communities, hosted services, web applications, social-networking sites, video-sharing sites, wikis, blogs, mashups and folksonomies. A Web 2.0 site allows its users to interact with other users or to change website content, in contrast to non-interactive websites where users are limited to the passive viewing of information that is provided to them.
Common Web 2.0 Descriptors • “User generated content” • “Mashups and web services” • “Consumer and enterprise convergence” • “Diversity of client software” • “Complexity and asynchronous operations”
The Enterprise Triple-Threat of 2.0 1. Loss of productivity 2. Vulnerable to data leaks 3. Increased security risks
Characteristics of Web 2.0 Security • Web filtering is no longer adequate • AJAX, SAML, XML create problems for detection • RSS and RIA can enter directly into networks • Non-static makes identification difficult • High bandwidth use can hinder availability • User generated content hard to contain
Web 2.0 Attack Vectors • Blogs • Social networks • Web portals • Mashups • Pop-ups • Anonymizing proxies • Spamdexing • Widgets
Web 2.0 Areas of Concern • Client side issues • Transparency and cross-domain communications; AJAX and JavaScript attacks on the rise • Protocols • New protocols on top of HTTP/S (SOAP, XML, etc) • Information sources • Concerns over integrity, transiency, and diversity • Information structures • Variations of data structures, injection attacks • Server side • Architecture, authorization, and authentication weaknesses
Evolution of the Threats in 2.0 • USB and auto-run malicious code • Insiders are a threat, but they don’t know it • Adobe PDFs and Flash replace Word and Excel • Worms travel through social spaces into offices • DOS attacks against social networks • Malware travels via all conduits • Pop-ups advertise seemingly legitimate services and take advantage of current events
So what do you focus on? From Secure Enterprise 2.0, the dangers come from: 1. Insufficient authentication controls 2. Cross-site scripting 3. Cross-site request forgery 4. Phishing 5. Information leakage 6. Injection flaws 7. Information integrity 8. Insufficient anti-automation www.secure-enterprise20.org
Recommendations for Web 2.0 Technical: • Experts recommend a three-tiered, integrated data protection approach: • Maintain vigilant anti-virus protection • Establish a robust anti-malware protection program • Utilize an AJAX-aware analysis platform • Use real-time content and security scanning • Make sure browsers and plug-ins are patched • Don’t just patch “high” rated patches! • Remember your end points • Use encryption as a key strategic defense
Recommendations for Web 2.0 Managerial: • Ensure that your policies are current and address 2.0 • Subjective policy setting • Group level access • Productivity based policies • Use a Data Loss Prevention as an essential teaching tool • Education and awareness must go beyond passwords • Ensure cross-functional response and participation • Speak with data!
Ensuring a Defensive Web 2.0 Policy • Revisit your Acceptable Use Policy • View the policy from a web 2.0 lens • Be sure to cover new technologies like anonymizing proxies • Include other groups for strength • Human Resources, Risk Management, Privacy, Physical Security, Audit, and Legal • Step up your training and awareness for Web 2.0 concerns
Support your policy through technology • IDS / IPS • Bandwidth shaping and throttling • Standard images • Group policy objects • Firewall rules • Anti-virus, spyware, and malware • Monitor for your good name!
Summary • We are living in a changing world, and Web 2.0 is part of it • 2.0 brings added challenges and characteristics to security professionals • There are technical and managerial solutions to reduce Web 2.0 concerns • Like all emerging technologies and their related threats, a holistic security approach is needed
There is never enough time; thank you for some of yours. David Sherry, CISSP CISM Chief Information Security Officer Brown University Campus Box 1885 Providence, RI 02912 401.863-7266 david_sherry@brown.edu
Thanks to our Sponsors Product trial download page Free Whitepaper: Reduce shopping cart abandonment. Increase revenue.

More Related Content

PPT
Security and privacy
byMohammed Adam
 
PDF
Cloud security Deep Dive 2011
byKim Jensen
 
PDF
State of Internet 2H 2008
byKim Jensen
 
PPTX
Cybersecurity
byNational LECET
 
PDF
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
byAngelaHoltby
 
PDF
Managing and Securing Web 2.0
byJason Edelstein
 
PPTX
Tim Willoughby presentation to cloud workshop 2016
byTim Willoughby
 
PPTX
Cyber Security College Workshop
byRahul Nayan
 
Security and privacy
byMohammed Adam
 
Cloud security Deep Dive 2011
byKim Jensen
 
State of Internet 2H 2008
byKim Jensen
 
Cybersecurity
byNational LECET
 
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
byAngelaHoltby
 
Managing and Securing Web 2.0
byJason Edelstein
 
Tim Willoughby presentation to cloud workshop 2016
byTim Willoughby
 
Cyber Security College Workshop
byRahul Nayan
 

What's hot

PDF
Cyber Resilience
byIan-Edward Stafrace
 
PPTX
Cyberskills shortage: Where is the cyber workforce of tomorrow
byStephen Cobb
 
PDF
ACS Talk (Melbourne) - The future of security
bysiswarren
 
PDF
INSECURE Magazine - 39
byFelipe Prado
 
DOC
Master Thesis Security in Distributed Databases- Ian Lee
byIan Lee
 
PPTX
Network Security of Data Protection
byUthsoNandy
 
PDF
Akamai___WebSecurity_eBook_Final
byCheryl Goldberg
 
PDF
How To Defeat Advanced Malware. New Tools for Protection and Forensics
byLondon School of Cyber Security
 
PDF
Ijnsa050215
byIJNSA Journal
 
PDF
Isolation Platform - Data Sheet
bySutedjo Tjahjadi
 
PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
PPTX
Cybersecurity for the non-technical
byStephen Cobb
 
PPT
Bulletproof IT Security
byLondon School of Cyber Security
 
PDF
Wk online trust solutions overview january 2012
byCreus Moreira Carlos
 
PDF
Etude sur le marché de la cyber sécurité (2011)
byPwC France
 
PDF
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
bySymantec
 
PDF
Sizing the Cyber Skills Gap
byStephen Cobb
 
PDF
Overview of Information Security & Privacy
byNawanan Theera-Ampornpunt
 
PDF
Security Firm Program - Corporate College
byWorkSmart Integrated Marketing
 
Cyber Resilience
byIan-Edward Stafrace
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
byStephen Cobb
 
ACS Talk (Melbourne) - The future of security
bysiswarren
 
INSECURE Magazine - 39
byFelipe Prado
 
Master Thesis Security in Distributed Databases- Ian Lee
byIan Lee
 
Network Security of Data Protection
byUthsoNandy
 
Akamai___WebSecurity_eBook_Final
byCheryl Goldberg
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
byLondon School of Cyber Security
 
Ijnsa050215
byIJNSA Journal
 
Isolation Platform - Data Sheet
bySutedjo Tjahjadi
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
Cybersecurity for the non-technical
byStephen Cobb
 
Bulletproof IT Security
byLondon School of Cyber Security
 
Wk online trust solutions overview january 2012
byCreus Moreira Carlos
 
Etude sur le marché de la cyber sécurité (2011)
byPwC France
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
bySymantec
 
Sizing the Cyber Skills Gap
byStephen Cobb
 
Overview of Information Security & Privacy
byNawanan Theera-Ampornpunt
 
Security Firm Program - Corporate College
byWorkSmart Integrated Marketing
 

Viewers also liked

PPT
The next generation - by Stuart Ntlathi
byRAMP Group
 
PPS
Ave Maria en Kathedraal de Gaudi
byLuiz Carlos Dias
 
PPT
Czytam, więc wiem
byporanny24
 
PPS
Otoño en la Patagonia argentina
byLuiz Carlos Dias
 
PDF
Henk Kleynhans
byRAMP Group
 
PDF
Spam & Spyware Legal Study 2009
byKim Jensen
 
The next generation - by Stuart Ntlathi
byRAMP Group
 
Ave Maria en Kathedraal de Gaudi
byLuiz Carlos Dias
 
Czytam, więc wiem
byporanny24
 
Otoño en la Patagonia argentina
byLuiz Carlos Dias
 
Henk Kleynhans
byRAMP Group
 
Spam & Spyware Legal Study 2009
byKim Jensen
 

Similar to Mitigating Web 2.0 Threats

PPTX
Web 2.0/Social Networks and Security
bysherrymoon7121
 
PPTX
Slidecast ppt
byxinygu
 
PDF
Web 20 Security Defending Ajax Ria And Soa Shreeraj Shah
bygqkbolrijy636
 
PDF
Sivasubramanian Risk Management In The Web 2.0 Environment
byVinoth Sivasubramanan
 
PDF
Protecting Against Web Threats
byKim Jensen
 
PDF
Web 2.0 threats, vulnerability analysis,secure web 2.0 application developmen...
byMarco Morana
 
PPTX
Corp Web Risks and Concerns
byPINT Inc
 
PPTX
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
byRishi Singh
 
PPTX
11 19-2015 - iasaca membership conference - the state of security
byMatthew Pascucci
 
PDF
Cloud mz cto_roundtable
byeaiti
 
PDF
Esecurity e202
byCarl Frappaolo
 
PPT
Current Emerging Threats
bydnomura
 
PDF
Social Networks And Phishing
byecarrow
 
PPT
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
byKaukau9
 
PDF
Mcafee web20-balancingact
byWebEconomIA NL para profesionales y Pymes
 
PDF
20101012 isa larry_clinton
byCIONET
 
PPTX
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
byInfosecurity2010
 
PDF
Cyber security general perspective a
bymarukanda
 
PDF
Top 9 Data Security Trends for 2012
byImperva
 
PPTX
Social networks security risks
byosuhaibany
 
Web 2.0/Social Networks and Security
bysherrymoon7121
 
Slidecast ppt
byxinygu
 
Web 20 Security Defending Ajax Ria And Soa Shreeraj Shah
bygqkbolrijy636
 
Sivasubramanian Risk Management In The Web 2.0 Environment
byVinoth Sivasubramanan
 
Protecting Against Web Threats
byKim Jensen
 
Web 2.0 threats, vulnerability analysis,secure web 2.0 application developmen...
byMarco Morana
 
Corp Web Risks and Concerns
byPINT Inc
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
byRishi Singh
 
11 19-2015 - iasaca membership conference - the state of security
byMatthew Pascucci
 
Cloud mz cto_roundtable
byeaiti
 
Esecurity e202
byCarl Frappaolo
 
Current Emerging Threats
bydnomura
 
Social Networks And Phishing
byecarrow
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
byKaukau9
 
Mcafee web20-balancingact
byWebEconomIA NL para profesionales y Pymes
 
20101012 isa larry_clinton
byCIONET
 
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
byInfosecurity2010
 
Cyber security general perspective a
bymarukanda
 
Top 9 Data Security Trends for 2012
byImperva
 
Social networks security risks
byosuhaibany
 

More from Kim Jensen

PDF
Forcepoint Whitepaper 2016 Security Predictions
byKim Jensen
 
PDF
OpenDNS presenter pack
byKim Jensen
 
PDF
Infoworld deep dive - Mobile Security2015 updated
byKim Jensen
 
PDF
Hewlett-Packard Enterprise- State of Security Operations 2015
byKim Jensen
 
PDF
5 things needed to know migrating Windows Server 2003
byKim Jensen
 
PDF
Secunia Vulnerability Review 2014
byKim Jensen
 
PDF
Cisco 2013 Annual Security Report
byKim Jensen
 
PDF
Websense 2013 Threat Report
byKim Jensen
 
PDF
Security Survey 2013 UK
byKim Jensen
 
PDF
Miercom Security Effectiveness Test Report
byKim Jensen
 
PDF
DK Cert Trend Rapport 2012
byKim Jensen
 
PDF
Bliv klar til cloud med Citrix Netscaler (pdf)
byKim Jensen
 
PDF
Data Breach Investigations Report 2012
byKim Jensen
 
PDF
State of Web Q3 2011
byKim Jensen
 
PDF
Wave mobile collaboration Q3 2011
byKim Jensen
 
PDF
Corporate Web Security
byKim Jensen
 
PDF
Cloud rambøll mgmt - briefing d. 28. januar 2011
byKim Jensen
 
PDF
Cloud security deep dive infoworld jan 2011
byKim Jensen
 
PDF
Cloud services deep dive infoworld july 2010
byKim Jensen
 
PDF
Sådan kommer du i gang med skyen (pdf)
byKim Jensen
 
Forcepoint Whitepaper 2016 Security Predictions
byKim Jensen
 
OpenDNS presenter pack
byKim Jensen
 
Infoworld deep dive - Mobile Security2015 updated
byKim Jensen
 
Hewlett-Packard Enterprise- State of Security Operations 2015
byKim Jensen
 
5 things needed to know migrating Windows Server 2003
byKim Jensen
 
Secunia Vulnerability Review 2014
byKim Jensen
 
Cisco 2013 Annual Security Report
byKim Jensen
 
Websense 2013 Threat Report
byKim Jensen
 
Security Survey 2013 UK
byKim Jensen
 
Miercom Security Effectiveness Test Report
byKim Jensen
 
DK Cert Trend Rapport 2012
byKim Jensen
 
Bliv klar til cloud med Citrix Netscaler (pdf)
byKim Jensen
 
Data Breach Investigations Report 2012
byKim Jensen
 
State of Web Q3 2011
byKim Jensen
 
Wave mobile collaboration Q3 2011
byKim Jensen
 
Corporate Web Security
byKim Jensen
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
byKim Jensen
 
Cloud security deep dive infoworld jan 2011
byKim Jensen
 
Cloud services deep dive infoworld july 2010
byKim Jensen
 
Sådan kommer du i gang med skyen (pdf)
byKim Jensen
 

Recently uploaded

PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
BEP-20 Token on BNB Chain: From Concept to Deployment.pdf
byimoliviabennett
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
BEP-20 Token on BNB Chain: From Concept to Deployment.pdf
byimoliviabennett
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 

Mitigating Web 2.0 Threats

  • 1.
    Mitigating Web 2.0Threats Or, “This isn’t your mother’s internet!” David Sherry CISSP CISM Chief Information Security Officer Sponsored By: Brown University
  • 2.
    Security @ Brown •Securityevangelism •Public Safety support •Incident Response Team •Human Resources support •Audit support •Records Management •Compliance and legal •Business Continuity standards •Disaster Recovery •Firewalls, IDS, IPS, VPN, •Copyright / DMCA agent sniffers, A/V, DNS, etc…. •Discipline Committee •Security audits and •Mandatory / elective training certifications •Awareness 2
  • 3.
    Today’s Agenda (oris it a mashup?) • Our changing world of security • What is web 2.0? • Attack vectors and areas of concern • The evolution of the threats….they’re nothing new! • What should be focused on • Recommendations to reduce the threat
  • 4.
    Our World isChanging May you live in interesting times….. Chinese Proverb • Compliance is a key competency of security pros • Identity Theft is fastest growing crime • President’s Cyber Security Initiative provides spotlight • Online underground economy has matured • National and global economy means “do more with less” • Threat evolution: • Infrastructure > web/messaging > DLP > Web 2.0
  • 5.
    What is Web2.0? Used with permission via Creative Commons: http://kosmar.de/archives/2005/11/11/the-huge-cloud-lens-bubble-map-web20/
  • 7.
    What is Web2.0? From Wikipedia: (which is, itself, a 2.0 phenomenon) "Web 2.0" refers to web development and web design that facilitates interactive information sharing, interoperability, user-centered design and collaboration on the World Wide Web. Examples of Web 2.0 include web-based communities, hosted services, web applications, social-networking sites, video-sharing sites, wikis, blogs, mashups and folksonomies. A Web 2.0 site allows its users to interact with other users or to change website content, in contrast to non-interactive websites where users are limited to the passive viewing of information that is provided to them.
  • 8.
    Common Web 2.0Descriptors • “User generated content” • “Mashups and web services” • “Consumer and enterprise convergence” • “Diversity of client software” • “Complexity and asynchronous operations”
  • 9.
    The Enterprise Triple-Threatof 2.0 1. Loss of productivity 2. Vulnerable to data leaks 3. Increased security risks
  • 10.
    Characteristics of Web2.0 Security • Web filtering is no longer adequate • AJAX, SAML, XML create problems for detection • RSS and RIA can enter directly into networks • Non-static makes identification difficult • High bandwidth use can hinder availability • User generated content hard to contain
  • 11.
    Web 2.0 AttackVectors • Blogs • Social networks • Web portals • Mashups • Pop-ups • Anonymizing proxies • Spamdexing • Widgets
  • 12.
    Web 2.0 Areasof Concern • Client side issues • Transparency and cross-domain communications; AJAX and JavaScript attacks on the rise • Protocols • New protocols on top of HTTP/S (SOAP, XML, etc) • Information sources • Concerns over integrity, transiency, and diversity • Information structures • Variations of data structures, injection attacks • Server side • Architecture, authorization, and authentication weaknesses
  • 13.
    Evolution of theThreats in 2.0 • USB and auto-run malicious code • Insiders are a threat, but they don’t know it • Adobe PDFs and Flash replace Word and Excel • Worms travel through social spaces into offices • DOS attacks against social networks • Malware travels via all conduits • Pop-ups advertise seemingly legitimate services and take advantage of current events
  • 14.
    So what doyou focus on? From Secure Enterprise 2.0, the dangers come from: 1. Insufficient authentication controls 2. Cross-site scripting 3. Cross-site request forgery 4. Phishing 5. Information leakage 6. Injection flaws 7. Information integrity 8. Insufficient anti-automation www.secure-enterprise20.org
  • 15.
    Recommendations for Web2.0 Technical: • Experts recommend a three-tiered, integrated data protection approach: • Maintain vigilant anti-virus protection • Establish a robust anti-malware protection program • Utilize an AJAX-aware analysis platform • Use real-time content and security scanning • Make sure browsers and plug-ins are patched • Don’t just patch “high” rated patches! • Remember your end points • Use encryption as a key strategic defense
  • 16.
    Recommendations for Web2.0 Managerial: • Ensure that your policies are current and address 2.0 • Subjective policy setting • Group level access • Productivity based policies • Use a Data Loss Prevention as an essential teaching tool • Education and awareness must go beyond passwords • Ensure cross-functional response and participation • Speak with data!
  • 17.
    Ensuring a DefensiveWeb 2.0 Policy • Revisit your Acceptable Use Policy • View the policy from a web 2.0 lens • Be sure to cover new technologies like anonymizing proxies • Include other groups for strength • Human Resources, Risk Management, Privacy, Physical Security, Audit, and Legal • Step up your training and awareness for Web 2.0 concerns
  • 18.
    Support your policythrough technology • IDS / IPS • Bandwidth shaping and throttling • Standard images • Group policy objects • Firewall rules • Anti-virus, spyware, and malware • Monitor for your good name!
  • 19.
    Summary • We areliving in a changing world, and Web 2.0 is part of it • 2.0 brings added challenges and characteristics to security professionals • There are technical and managerial solutions to reduce Web 2.0 concerns • Like all emerging technologies and their related threats, a holistic security approach is needed
  • 20.
    There is neverenough time; thank you for some of yours. David Sherry, CISSP CISM Chief Information Security Officer Brown University Campus Box 1885 Providence, RI 02912 401.863-7266 david_sherry@brown.edu
  • 21.
    Thanks to ourSponsors Product trial download page Free Whitepaper: Reduce shopping cart abandonment. Increase revenue.