Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Social Networks & Security: What Your
Teenager Likely Won't Tell You
     John B. Dickson, CISSP
     Twitter @johnbdickson
Overview


•   Provide overview of Social Networks
•   The Business Case for Social Networks
•   Existing Security Challen...
Social Networking Background




                               2
Why am I here today?
•   Denim Group background
•   Consultant
•   Background in Social Network
•   Business case for doin...
What we learned…
• Transparency is good, to a point…
• Smart people will do clever things
    – Excited to work on new pro...
Social Networking Background – Conversation Prism




                                                    5
Social Networking Background
  – Forrester predicts that by the end of 2009, 85% of US online consumers will make
    use ...
Facebook Principles
•   “Facebook promotes openness and transparency by giving individuals
    greater power to share and ...
The Business case for Social Networking
   –   Social Network is a viable business tool
   –   Viral marketing to loyal fo...
Existing Security Challenges Associated with Social Networks
   • Technical
      • Social networking malware
          • ...
Existing Security Challenges Associated with Social Networks
   – Varied responses to social networking
      • Responses ...
Potential Approaches to Provide Security: Case Study


• Draft Denim Group statement about social media

•     Discretion ...
Potential Approaches to Provide Security: Case Study

      As part of these efforts we use popular tools like Twitter, Fa...
Potential Approaches to Provide Security: Case Study



•   Social media participation is a not-to-interfere with work dut...
Potential Approaches to Provide Security: Case Study
•   No mention of internal operational activities at DG; Examples of ...
Potential Approaches to Provide Security: Potential Next Steps
•   Understand corporate position on social networking
•   ...
Questions & Answer

• John B. Dickson, CISSP #4649

   – Follow me on Twitter @johnbdickson




                          ...
Nächste SlideShare
Wird geladen in …5
×

Social Networks and Security: What Your Teenager Likely Won't Tell You

2.149 Aufrufe

Veröffentlicht am

John Dickson's presentation to a group of Chief Security Officers (CSOs) about the security implications of social networking sites such as LinkedIn, Facebook, Twitter and MySpace. He encourages CSOs to approach social networking as a business issue rather than a security issue if they want to maximize their influence.

Veröffentlicht in: Technologie, Business
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • This was a slide deck I used for the August 2009 South Texas CSO Council comprised of many of the security leaders in the San Antonio metropolitan area. The Council, hosted by the Institute of Cyber Security Studies at the University of Texas at San Antonio, focused on the implications of social networking and social media technologies on corporate security operations. If you are interested in this topic, feel free to DM me on Twitter; I'm @johnbdickson there...
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Social Networks and Security: What Your Teenager Likely Won't Tell You

  1. 1. Social Networks & Security: What Your Teenager Likely Won't Tell You John B. Dickson, CISSP Twitter @johnbdickson
  2. 2. Overview • Provide overview of Social Networks • The Business Case for Social Networks • Existing Security Challenges Associated with Social Networks • Potential Approaches to Provide Security & Case Study • Q&A & Discussion 1
  3. 3. Social Networking Background 2
  4. 4. Why am I here today? • Denim Group background • Consultant • Background in Social Network • Business case for doing social networks • Exposure • What we quickly learned… 3
  5. 5. What we learned… • Transparency is good, to a point… • Smart people will do clever things – Excited to work on new project – Fixing systems that might be down – Proud to work with a Fortune 500 client • Messaging quickly becomes critical – Who should speak for what? – Do you want the new sales guy’s take on software security – What is appropriate? • There is a slight impact on productivity – Between projects? Perhaps 20 tweets/day not so good – What tempo should we expect from key contributors? 4
  6. 6. Social Networking Background – Conversation Prism 5
  7. 7. Social Networking Background – Forrester predicts that by the end of 2009, 85% of US online consumers will make use of online social technology – By 2010 Gen Y will outnumber Baby Boomers – 96% of them are on social networks – 80% of HR departments use LinkedIn for recruiting – If Facebook were a country, it would be the 4th largest in the world – 25% of search results for the World’s top brands are linked to user-generated content – Social media have overtaken porn at the #1 activity on the web • Source: “The Growth of Social Technology Adoption,” Oct. 2008, Forrester • Source: “Socialnomics09 “ http://www.youtube.com/watch?v=sIFYPQjYhv8 6
  8. 8. Facebook Principles • “Facebook promotes openness and transparency by giving individuals greater power to share and connect, and certain principles guide Facebook in pursuing these goals. Achieving these principles should be constrained only by limitations of law, technology, and evolving social norms.” 1. Freedom to Share and Connect 2. Ownership and Control of Information 3. Free Flow on Information 4. Fundamental Equality 5. Social Value 6. Open Platforms and Standards 7. Fundamental Service 8. Common Welfare 9. Transparent Process 10. One World Source: http://www.facebook.com/facebook?ref=pf#/principles.php 7
  9. 9. The Business case for Social Networking – Social Network is a viable business tool – Viral marketing to loyal followers – Transparency – Personal brand – Micropublishing – Part of Gen Y & Z’s world 8
  10. 10. Existing Security Challenges Associated with Social Networks • Technical • Social networking malware • Most AV challenged in web-base malware • Bots • Bandwidth concerns • Non-technical • Obvious productivity impact • Information disclosure • The graying of personal and professional lives • Twitter corporate disclosure • Social engineering made easy! • Sharing of passwords/predictable usernames 9
  11. 11. Existing Security Challenges Associated with Social Networks – Varied responses to social networking • Responses range from laissez faire to draconian – NFL – Military – Corporate America • Approach reflects business philosophy and culture – Not a security response – a business response – Remember e-mail was a new thing 15 years ago 10
  12. 12. Potential Approaches to Provide Security: Case Study • Draft Denim Group statement about social media • Discretion and common sense are the guide - communicate through social media tools in an appropriate manner similar to how you would communicate in electronic and non-electronic means • Understand existing corporate policies apply to communicating via social media. If you are updating social media through company systems during work hours, Denim Group policies are in effect • We use certain social media tools in order to promote Denim Group and further the vision of building a world where technology is trusted (our company vision). 11
  13. 13. Potential Approaches to Provide Security: Case Study As part of these efforts we use popular tools like Twitter, Facebook, and LinkedIn to promote company initiatives and communicate to the world what our company is doing. To that end, the DG management team has put together guidance of how best to use social media for your professional development and to provide examples of what is and is not appropriate at Denim Group • It is appropriate to have a LinkedIn profile • It is appropriate to follow certain approved Denim Group social media accounts (Dan Cornell & John Dickson) for updates on certain events that might be relevant to you • It is OK to update your Facebook status or “tweet” occasionally while at work • Use common sense – if you are on a deadline or between projects, “tweeting” throughout the day or updating your Facebook account 20 times a day could be perceived negatively by some 12
  14. 14. Potential Approaches to Provide Security: Case Study • Social media participation is a not-to-interfere with work duties activities; certain discretionary activity is permissible; again, common sense is the guide here • No client information (names, project types, etc.) should ever be published in social media with DG management approval 13
  15. 15. Potential Approaches to Provide Security: Case Study • No mention of internal operational activities at DG; Examples of what not to do include: – “Working on our e-mail server that just crashed” (e.g., operational shortfalls) – “Working on new e-Learning product DG will release in Q4” – “Researching SAP security for new DG services offering” – Operational shortfalls or internal personnel matters – Never update social media on a client site! • Regardless, if you are on client computers or Denim Group’s, updating your Facebook account and Twittering while on client site is strictly forbidden (“I’m paying how much to have that Denim Group guy update his Facebook account on my dime?”) – If you are a DG recognized subject matter expert, then you have latitude to tweet on a variety of relevant topics; if not, use discretion before making strong statements about particularly technologies or security issues; others might infer this to be a tacit Denim Group endorsement or criticism 14
  16. 16. Potential Approaches to Provide Security: Potential Next Steps • Understand corporate position on social networking • Conduct an initial audit for information leakage and existing practices – Baseline your current posture • Consider updating security policy to address new areas involved with social networking • Begin an employee awareness program – Tell the Twitter story • Start to evaluate technical solutions for enforcement • Ask a 20-something for advice 15
  17. 17. Questions & Answer • John B. Dickson, CISSP #4649 – Follow me on Twitter @johnbdickson 16

×