SlideShare ist ein Scribd-Unternehmen logo

Social Networks and Security: What Your Teenager Likely Won't Tell You

Denim Group
Denim Group

John Dickson's presentation to a group of Chief Security Officers (CSOs) about the security implications of social networking sites such as LinkedIn, Facebook, Twitter and MySpace. He encourages CSOs to approach social networking as a business issue rather than a security issue if they want to maximize their influence.

TechnologieBusiness
1 von 17
Downloaden Sie, um offline zu lesen
Social Networks & Security: What Your Teenager Likely Won't Tell You John B. Dickson, CISSP Twitter @johnbdickson
Overview • Provide overview of Social Networks • The Business Case for Social Networks • Existing Security Challenges Associated with Social Networks • Potential Approaches to Provide Security & Case Study • Q&A & Discussion 1
Social Networking Background 2
Why am I here today? • Denim Group background • Consultant • Background in Social Network • Business case for doing social networks • Exposure • What we quickly learned… 3
What we learned… • Transparency is good, to a point… • Smart people will do clever things – Excited to work on new project – Fixing systems that might be down – Proud to work with a Fortune 500 client • Messaging quickly becomes critical – Who should speak for what? – Do you want the new sales guy’s take on software security – What is appropriate? • There is a slight impact on productivity – Between projects? Perhaps 20 tweets/day not so good – What tempo should we expect from key contributors? 4
Social Networking Background – Conversation Prism 5
Social Networking Background – Forrester predicts that by the end of 2009, 85% of US online consumers will make use of online social technology – By 2010 Gen Y will outnumber Baby Boomers – 96% of them are on social networks – 80% of HR departments use LinkedIn for recruiting – If Facebook were a country, it would be the 4th largest in the world – 25% of search results for the World’s top brands are linked to user-generated content – Social media have overtaken porn at the #1 activity on the web • Source: “The Growth of Social Technology Adoption,” Oct. 2008, Forrester • Source: “Socialnomics09 “ http://www.youtube.com/watch?v=sIFYPQjYhv8 6
Facebook Principles • “Facebook promotes openness and transparency by giving individuals greater power to share and connect, and certain principles guide Facebook in pursuing these goals. Achieving these principles should be constrained only by limitations of law, technology, and evolving social norms.” 1. Freedom to Share and Connect 2. Ownership and Control of Information 3. Free Flow on Information 4. Fundamental Equality 5. Social Value 6. Open Platforms and Standards 7. Fundamental Service 8. Common Welfare 9. Transparent Process 10. One World Source: http://www.facebook.com/facebook?ref=pf#/principles.php 7
The Business case for Social Networking – Social Network is a viable business tool – Viral marketing to loyal followers – Transparency – Personal brand – Micropublishing – Part of Gen Y & Z’s world 8
Existing Security Challenges Associated with Social Networks • Technical • Social networking malware • Most AV challenged in web-base malware • Bots • Bandwidth concerns • Non-technical • Obvious productivity impact • Information disclosure • The graying of personal and professional lives • Twitter corporate disclosure • Social engineering made easy! • Sharing of passwords/predictable usernames 9
Existing Security Challenges Associated with Social Networks – Varied responses to social networking • Responses range from laissez faire to draconian – NFL – Military – Corporate America • Approach reflects business philosophy and culture – Not a security response – a business response – Remember e-mail was a new thing 15 years ago 10
Potential Approaches to Provide Security: Case Study • Draft Denim Group statement about social media • Discretion and common sense are the guide - communicate through social media tools in an appropriate manner similar to how you would communicate in electronic and non-electronic means • Understand existing corporate policies apply to communicating via social media. If you are updating social media through company systems during work hours, Denim Group policies are in effect • We use certain social media tools in order to promote Denim Group and further the vision of building a world where technology is trusted (our company vision). 11
Potential Approaches to Provide Security: Case Study As part of these efforts we use popular tools like Twitter, Facebook, and LinkedIn to promote company initiatives and communicate to the world what our company is doing. To that end, the DG management team has put together guidance of how best to use social media for your professional development and to provide examples of what is and is not appropriate at Denim Group • It is appropriate to have a LinkedIn profile • It is appropriate to follow certain approved Denim Group social media accounts (Dan Cornell & John Dickson) for updates on certain events that might be relevant to you • It is OK to update your Facebook status or “tweet” occasionally while at work • Use common sense – if you are on a deadline or between projects, “tweeting” throughout the day or updating your Facebook account 20 times a day could be perceived negatively by some 12
Potential Approaches to Provide Security: Case Study • Social media participation is a not-to-interfere with work duties activities; certain discretionary activity is permissible; again, common sense is the guide here • No client information (names, project types, etc.) should ever be published in social media with DG management approval 13
Potential Approaches to Provide Security: Case Study • No mention of internal operational activities at DG; Examples of what not to do include: – “Working on our e-mail server that just crashed” (e.g., operational shortfalls) – “Working on new e-Learning product DG will release in Q4” – “Researching SAP security for new DG services offering” – Operational shortfalls or internal personnel matters – Never update social media on a client site! • Regardless, if you are on client computers or Denim Group’s, updating your Facebook account and Twittering while on client site is strictly forbidden (“I’m paying how much to have that Denim Group guy update his Facebook account on my dime?”) – If you are a DG recognized subject matter expert, then you have latitude to tweet on a variety of relevant topics; if not, use discretion before making strong statements about particularly technologies or security issues; others might infer this to be a tacit Denim Group endorsement or criticism 14
Potential Approaches to Provide Security: Potential Next Steps • Understand corporate position on social networking • Conduct an initial audit for information leakage and existing practices – Baseline your current posture • Consider updating security policy to address new areas involved with social networking • Begin an employee awareness program – Tell the Twitter story • Start to evaluate technical solutions for enforcement • Ask a 20-something for advice 15
Questions & Answer • John B. Dickson, CISSP #4649 – Follow me on Twitter @johnbdickson 16

Empfohlen

The Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy WorldThe Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy World
Denim Group
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
Denim Group
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
Denim Group
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
Denim Group
 
Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security World
Denim Group
 
Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Software Security: Is OK Good Enough? OWASP AppSec USA 2011Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Denim Group
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb Apps
Denim Group
 

Empfohlen

The Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy WorldThe Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy World
Denim Group
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
Denim Group
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
Denim Group
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
Denim Group
 
Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security World
Denim Group
 
Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Software Security: Is OK Good Enough? OWASP AppSec USA 2011Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Software Security: Is OK Good Enough? OWASP AppSec USA 2011
Denim Group
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb Apps
Denim Group
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
Denim Group
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
Denim Group
 
What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?
Denim Group
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
Denim Group
 
Mobile Browser Content Handling
Mobile Browser Content HandlingMobile Browser Content Handling
Mobile Browser Content Handling
Denim Group
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
Denim Group
 
Skeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsSkeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited Applications
Denim Group
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
Denim Group
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps Pipelines
Denim Group
 
Designing Secure Mobile Apps
Designing Secure Mobile AppsDesigning Secure Mobile Apps
Designing Secure Mobile Apps
Denim Group
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
Denim Group
 
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
Denim Group
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
DevOps.com
 
How is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to OthersHow is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to Others
Denim Group
 
The ThreadFix Ecosystem: Vendors, Volunteers, and Versions
The ThreadFix Ecosystem: Vendors, Volunteers, and VersionsThe ThreadFix Ecosystem: Vendors, Volunteers, and Versions
The ThreadFix Ecosystem: Vendors, Volunteers, and Versions
Denim Group
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
pvanwoud
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
Andris Soroka
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates
 
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Denim Group
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security Landscape
Peter Wood
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
Amir Neziri
 
Building Social Networks
Building Social NetworksBuilding Social Networks
Building Social Networks
nyccamp
 

Weitere ähnliche Inhalte

Was ist angesagt?

Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
Denim Group
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
Denim Group
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
Denim Group
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
Denim Group
 
Skeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsSkeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited Applications
Denim Group
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps Pipelines
Denim Group
 
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
Denim Group
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
DevOps.com
 
How is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to OthersHow is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to Others
Denim Group
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
pvanwoud
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates
 
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Denim Group
 

Was ist angesagt? (20)

Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
 
What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
 
Mobile Browser Content Handling
Mobile Browser Content HandlingMobile Browser Content Handling
Mobile Browser Content Handling
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
 
Skeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsSkeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited Applications
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps Pipelines
 
Designing Secure Mobile Apps
Designing Secure Mobile AppsDesigning Secure Mobile Apps
Designing Secure Mobile Apps
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
 
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the EnterpriseThe Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
 
How is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to OthersHow is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to Others
 
The ThreadFix Ecosystem: Vendors, Volunteers, and Versions
The ThreadFix Ecosystem: Vendors, Volunteers, and VersionsThe ThreadFix Ecosystem: Vendors, Volunteers, and Versions
The ThreadFix Ecosystem: Vendors, Volunteers, and Versions
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
 
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security Landscape
 

Andere mochten auch

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
Amir Neziri
 
Building Social Networks
Building Social NetworksBuilding Social Networks
Building Social Networks
nyccamp
 
Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risks
osuhaibany
 
Data Visualization and Social Network Analysis for Recruiting.
Data Visualization and Social Network Analysis for Recruiting.Data Visualization and Social Network Analysis for Recruiting.
Data Visualization and Social Network Analysis for Recruiting.
Matt Charney
 
FITC - Bootstrap Unleashed
FITC - Bootstrap UnleashedFITC - Bootstrap Unleashed
FITC - Bootstrap Unleashed
Rami Sayar
 
Responsive Web Design - Introduction & Workflow Overview
Responsive Web Design - Introduction & Workflow OverviewResponsive Web Design - Introduction & Workflow Overview
Responsive Web Design - Introduction & Workflow Overview
Aidan Foster
 
Design of recommender systems
Design of recommender systemsDesign of recommender systems
Design of recommender systems
Rashmi Sinha
 

Andere mochten auch (20)

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Building Social Networks
Building Social NetworksBuilding Social Networks
Building Social Networks
 
Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risks
 
Data Visualization and Social Network Analysis for Recruiting.
Data Visualization and Social Network Analysis for Recruiting.Data Visualization and Social Network Analysis for Recruiting.
Data Visualization and Social Network Analysis for Recruiting.
 
Introduction to Cryptography Part I
Introduction to Cryptography Part IIntroduction to Cryptography Part I
Introduction to Cryptography Part I
 
FITC - Bootstrap Unleashed
FITC - Bootstrap UnleashedFITC - Bootstrap Unleashed
FITC - Bootstrap Unleashed
 
(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)
(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)
(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)
 
Social journalism: Community building through social networks
Social journalism: Community building through social networksSocial journalism: Community building through social networks
Social journalism: Community building through social networks
 
Responsive Web Design - Introduction & Workflow Overview
Responsive Web Design - Introduction & Workflow OverviewResponsive Web Design - Introduction & Workflow Overview
Responsive Web Design - Introduction & Workflow Overview
 
Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and III
 
Presentacion diapositiva 40
Presentacion diapositiva 40Presentacion diapositiva 40
Presentacion diapositiva 40
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Responsive Web Design
Responsive Web DesignResponsive Web Design
Responsive Web Design
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
ESSIR 2013 Recommender Systems tutorial
ESSIR 2013 Recommender Systems tutorial ESSIR 2013 Recommender Systems tutorial
ESSIR 2013 Recommender Systems tutorial
 
Responsive Web Design Basics
Responsive Web Design BasicsResponsive Web Design Basics
Responsive Web Design Basics
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Design of recommender systems
Design of recommender systemsDesign of recommender systems
Design of recommender systems
 
Visual cryptography1
Visual cryptography1Visual cryptography1
Visual cryptography1
 
Building Recommendation Systems on Social Data @KTH - FutureFriday - March 2014
Building Recommendation Systems on Social Data @KTH - FutureFriday - March 2014Building Recommendation Systems on Social Data @KTH - FutureFriday - March 2014
Building Recommendation Systems on Social Data @KTH - FutureFriday - March 2014
 

Ähnlich wie Social Networks and Security: What Your Teenager Likely Won't Tell You

Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
sdavis532
 
Building a social business
Building a social businessBuilding a social business
Building a social business
David Meiselman
 
Final social media in business is 460
Final social media in business is 460Final social media in business is 460
Final social media in business is 460
msiakpere
 
Finance and Control Implications of Social Media
Finance and Control Implications of Social MediaFinance and Control Implications of Social Media
Finance and Control Implications of Social Media
Samuel Driessen
 
Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010
Donny Shimamoto
 

Ähnlich wie Social Networks and Security: What Your Teenager Likely Won't Tell You (20)

Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
 
Social Media for CPAs - Student Edition
Social Media for CPAs - Student EditionSocial Media for CPAs - Student Edition
Social Media for CPAs - Student Edition
 
Social Media Presentation Gt Vfinal
Social Media Presentation Gt VfinalSocial Media Presentation Gt Vfinal
Social Media Presentation Gt Vfinal
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The Enterprise
 
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
 
Iap2 Conference
Iap2 ConferenceIap2 Conference
Iap2 Conference
 
AMA SIG Social Media 11-4-09
AMA SIG Social Media 11-4-09AMA SIG Social Media 11-4-09
AMA SIG Social Media 11-4-09
 
Building a social business
Building a social businessBuilding a social business
Building a social business
 
Chesapeake Bay Forum - Using Social Media
Chesapeake Bay Forum - Using Social MediaChesapeake Bay Forum - Using Social Media
Chesapeake Bay Forum - Using Social Media
 
Social Media: Managing Risk
Social Media: Managing RiskSocial Media: Managing Risk
Social Media: Managing Risk
 
Final social media in business is 460
Final social media in business is 460Final social media in business is 460
Final social media in business is 460
 
How Social Media has changed the landscape of public relations
How Social Media has changed the landscape of public relationsHow Social Media has changed the landscape of public relations
How Social Media has changed the landscape of public relations
 
Infusionsoft Socially Enabled Internal Communication Proposal
Infusionsoft Socially Enabled Internal Communication ProposalInfusionsoft Socially Enabled Internal Communication Proposal
Infusionsoft Socially Enabled Internal Communication Proposal
 
Finance and Control Implications of Social Media
Finance and Control Implications of Social MediaFinance and Control Implications of Social Media
Finance and Control Implications of Social Media
 
Strathclyde MBA Social Media Class, Bahrain August 2012
Strathclyde MBA Social Media Class, Bahrain August 2012Strathclyde MBA Social Media Class, Bahrain August 2012
Strathclyde MBA Social Media Class, Bahrain August 2012
 
Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010
 
Mining and analyzing social media hicss 45 tutorial – part 1
Mining and analyzing social media hicss 45 tutorial – part 1Mining and analyzing social media hicss 45 tutorial – part 1
Mining and analyzing social media hicss 45 tutorial – part 1
 
Digital Marketing Tour
Digital Marketing TourDigital Marketing Tour
Digital Marketing Tour
 
Social Media London Presentation 5th April 2011
Social Media London Presentation 5th April 2011Social Media London Presentation 5th April 2011
Social Media London Presentation 5th April 2011
 
How to build a social media campaign: strategy and tools
How to build a social media campaign: strategy and toolsHow to build a social media campaign: strategy and tools
How to build a social media campaign: strategy and tools
 

Mehr von Denim Group

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Denim Group
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
Denim Group
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
Denim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
Denim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
Denim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
Denim Group
 

Mehr von Denim Group (20)

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 

Kürzlich hochgeladen

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Social Networks and Security: What Your Teenager Likely Won't Tell You

  • 1. Social Networks & Security: What Your Teenager Likely Won't Tell You John B. Dickson, CISSP Twitter @johnbdickson
  • 2. Overview • Provide overview of Social Networks • The Business Case for Social Networks • Existing Security Challenges Associated with Social Networks • Potential Approaches to Provide Security & Case Study • Q&A & Discussion 1
  • 4. Why am I here today? • Denim Group background • Consultant • Background in Social Network • Business case for doing social networks • Exposure • What we quickly learned… 3
  • 5. What we learned… • Transparency is good, to a point… • Smart people will do clever things – Excited to work on new project – Fixing systems that might be down – Proud to work with a Fortune 500 client • Messaging quickly becomes critical – Who should speak for what? – Do you want the new sales guy’s take on software security – What is appropriate? • There is a slight impact on productivity – Between projects? Perhaps 20 tweets/day not so good – What tempo should we expect from key contributors? 4
  • 6. Social Networking Background – Conversation Prism 5
  • 7. Social Networking Background – Forrester predicts that by the end of 2009, 85% of US online consumers will make use of online social technology – By 2010 Gen Y will outnumber Baby Boomers – 96% of them are on social networks – 80% of HR departments use LinkedIn for recruiting – If Facebook were a country, it would be the 4th largest in the world – 25% of search results for the World’s top brands are linked to user-generated content – Social media have overtaken porn at the #1 activity on the web • Source: “The Growth of Social Technology Adoption,” Oct. 2008, Forrester • Source: “Socialnomics09 “ http://www.youtube.com/watch?v=sIFYPQjYhv8 6
  • 8. Facebook Principles • “Facebook promotes openness and transparency by giving individuals greater power to share and connect, and certain principles guide Facebook in pursuing these goals. Achieving these principles should be constrained only by limitations of law, technology, and evolving social norms.” 1. Freedom to Share and Connect 2. Ownership and Control of Information 3. Free Flow on Information 4. Fundamental Equality 5. Social Value 6. Open Platforms and Standards 7. Fundamental Service 8. Common Welfare 9. Transparent Process 10. One World Source: http://www.facebook.com/facebook?ref=pf#/principles.php 7
  • 9. The Business case for Social Networking – Social Network is a viable business tool – Viral marketing to loyal followers – Transparency – Personal brand – Micropublishing – Part of Gen Y & Z’s world 8
  • 10. Existing Security Challenges Associated with Social Networks • Technical • Social networking malware • Most AV challenged in web-base malware • Bots • Bandwidth concerns • Non-technical • Obvious productivity impact • Information disclosure • The graying of personal and professional lives • Twitter corporate disclosure • Social engineering made easy! • Sharing of passwords/predictable usernames 9
  • 11. Existing Security Challenges Associated with Social Networks – Varied responses to social networking • Responses range from laissez faire to draconian – NFL – Military – Corporate America • Approach reflects business philosophy and culture – Not a security response – a business response – Remember e-mail was a new thing 15 years ago 10
  • 12. Potential Approaches to Provide Security: Case Study • Draft Denim Group statement about social media • Discretion and common sense are the guide - communicate through social media tools in an appropriate manner similar to how you would communicate in electronic and non-electronic means • Understand existing corporate policies apply to communicating via social media. If you are updating social media through company systems during work hours, Denim Group policies are in effect • We use certain social media tools in order to promote Denim Group and further the vision of building a world where technology is trusted (our company vision). 11
  • 13. Potential Approaches to Provide Security: Case Study As part of these efforts we use popular tools like Twitter, Facebook, and LinkedIn to promote company initiatives and communicate to the world what our company is doing. To that end, the DG management team has put together guidance of how best to use social media for your professional development and to provide examples of what is and is not appropriate at Denim Group • It is appropriate to have a LinkedIn profile • It is appropriate to follow certain approved Denim Group social media accounts (Dan Cornell & John Dickson) for updates on certain events that might be relevant to you • It is OK to update your Facebook status or “tweet” occasionally while at work • Use common sense – if you are on a deadline or between projects, “tweeting” throughout the day or updating your Facebook account 20 times a day could be perceived negatively by some 12
  • 14. Potential Approaches to Provide Security: Case Study • Social media participation is a not-to-interfere with work duties activities; certain discretionary activity is permissible; again, common sense is the guide here • No client information (names, project types, etc.) should ever be published in social media with DG management approval 13
  • 15. Potential Approaches to Provide Security: Case Study • No mention of internal operational activities at DG; Examples of what not to do include: – “Working on our e-mail server that just crashed” (e.g., operational shortfalls) – “Working on new e-Learning product DG will release in Q4” – “Researching SAP security for new DG services offering” – Operational shortfalls or internal personnel matters – Never update social media on a client site! • Regardless, if you are on client computers or Denim Group’s, updating your Facebook account and Twittering while on client site is strictly forbidden (“I’m paying how much to have that Denim Group guy update his Facebook account on my dime?”) – If you are a DG recognized subject matter expert, then you have latitude to tweet on a variety of relevant topics; if not, use discretion before making strong statements about particularly technologies or security issues; others might infer this to be a tacit Denim Group endorsement or criticism 14
  • 16. Potential Approaches to Provide Security: Potential Next Steps • Understand corporate position on social networking • Conduct an initial audit for information leakage and existing practices – Baseline your current posture • Consider updating security policy to address new areas involved with social networking • Begin an employee awareness program – Tell the Twitter story • Start to evaluate technical solutions for enforcement • Ask a 20-something for advice 15
  • 17. Questions & Answer • John B. Dickson, CISSP #4649 – Follow me on Twitter @johnbdickson 16