2. Index
●
Social Networking: A new standard for interpersonal
communication:
●
Personal
●
Professional
●
It is here to stay
●
Social Networking and Security
●
Old threats on a new support
●
New specific threats
February 8th 2010 Social Networks - Information Security 2
3. Social Networking: A new standard for
interpersonal communication
●
Social Networking is not just Facebook and Twitter:
It is a composite set of:
– Blogging (Wordpress / Blogger)
– Microblogging (Twitter)
– Tumble-logging, Link-logging (http://fr.wikipedia.org/wiki/Tumblelog)
(Tumblr, Delicious)
– Open Social Networks (Facebook, Myspace, Tuenty, Renren)
– Professional Social Networks (LinkedIn, Viadeo)
– Private/dedicated Social Networks (Ning)
– Photo and Video sharing (Flickr, Youtube)
– Slide Sharing (Slideshare)
– Document Sharing (Google docs)
– Music lists sharing (Spotify, Blip.fm)
Complemented and integrated with
– E-mail
– Chat
February 8th 2010 Social Networks - Information Security 3
4. Social Networking: A new standard for
interpersonal communication
Personal use
Professional use
Very linked to mobile communication
February 8th 2010 Social Networks - Information Security 4
5. Social Networking is here to stay
Think of many other previous innovations:
1960
●
Telephone
1970 ●
Computer Terminal
1980 ●
Personal Computer
●
Mail
1990 ●
Forums and Groupwares
●
Internet
2000 ●
Collaborative web and IM
●
Social Networking
2010
February 8th 2010 Social Networks - Information Security 5
6. Social Networking and Security
●
Social Networking provides support for
already existing threats:
●
Phishing
●
Social Engineering
●
Spam
●
Data Leakage
●
Malware infections
February 8th 2010 Social Networks - Information Security 6
7. Social Networking and Security
●
Social Network present new threats or extended
support for existing ones (Data loss, Identity
theft, Password theft, etc.):
●
Shortened URL (Twitter)
●
Complementary Applications (Facebook)
●
Unawareness of who is reading you, + sharing a lot of personal
information:
– Travelling details
– What you are working on
– Identity information
– Etc.
February 8th 2010 Social Networks - Information Security 7
8. Social Networking and Security
●
Beside the associated Information Security
threats, Social Networking represents a risk
since its intensive use could:
●
Overwhelm telecommunications resources
●
Reduce employee productivity
February 8th 2010 Social Networks - Information Security 8
9. Security Policy for Social Networking
●
The social networking boom shows no sign of stopping.
●
For young arriving employees it makes part of their everyday-life
●
Social networking sites are now a vital part of many marketing and
sales strategies.
●
Many companies are planning the use of social networking for
internal use
Therefore:
●
they cannot be blocked
●
but they cannot be allowed to
●
drain company resources or
●
be used as vectors for data loss or malware penetration
February 8th 2010 Social Networks - Information Security 9
10. Security Policy for Social Networking
A specific Social Networking Security Policy is needed to
provide:
granular access control,
secure encryption
data monitoring
comprehensive malware protection
And the most important
User Awareness
February 8th 2010 Social Networks - Information Security 10
11. Security Policy for Social Networking
●
Starting from existing policies:
●
User charter for the use of Information and Telecommunication resources
●
Basic Security recommendations
●
Internet Access best practices
●
Etc.
●
Additional awareness communication specific to Social
Networking:
●
How to adjust your settings to protect your identity
●
Use of additional applications integrated in Social Networks
●
Share only what really belongs to you
●
Use chat only with verified known people
●
Do not run for the biggest number of connections
●
Do not mix personal and professional
●
Be very restrictive and careful when sharing your company activities
●
Do not use the same password everywhere (good password tips)
●
Do not click quickly neither everywhere
●
Think you can endanger the others
February 8th 2010 Social Networks - Information Security 11
12. Security Policy for Social Networking
●
New restrictions and controls specific for
Social Networking:
●
¿Accessing hours restrictions? (Difficult and only for productivity
reasons)
●
Individual high volume traffic alert
●
Classification of Sensitive Information
●
Encryption of High sensitive data
●
Granular monitoring of Internet traffic
●
Identification of specific dangerous sites or tools and restrict its use
●
Regulation of the use of the company name and information
●
Specific restrictions depending on each Social Media and tool (per
user, per hours, etc.) Using last generation Firewalls
●
Etc.
February 8th 2010 Social Networks - Information Security 12
13. Security Policy for Social Networking
●
Can we forbid Social Networking?
Should we do that?
It is not a good idea because most of risks will still be there
since:
●
People will anyway use it at work with their personal mobile
devices
●
People will still use it at home
February 8th 2010 Social Networks - Information Security 13