SlideShare uma empresa Scribd logo

Social Media Security Risk Slide Share Version

F
famudal

Social Media Security Risk

1 de 42
Social Media Security: How Social Media May Leave You Vulnerable Timothy Youngblood Dell, Compliance and Information Security Officer
Social media platforms have entered the enterprise 24hrs of Video per 300 Million Users 75 Million Accts Min 3% Growth Per 6 Million Unique 3 Million Auto Week Visitors Connects 30 Billion Page 65 Million Tweets 2 Billion Views Per Views Per Day Per Day Day Public Sector / Private Sector Business Partners/Customers/End Users 2
Security managers have to apply rules to these open platforms 3
You have new risk that needs to be managed Malware Reputation Data Leakage 4
Integrated Social Media security strategy to address key risk Social Media Remote Access Outsourcer Compliance 5
Identify your risk, assess technology and policy /control mitigations Policy Technology Risk 6
Social Media exposes a new threat vector in the enterprise 7
Every platform has a weakness • Too Much Info (TMI) • Phishing • Password Sloth • Account Hi-Jacking 8
Facebook/MySpace/ect.. 9
Twitter 10
YouTube 11
Social Media in the headlines Twitter virus among shortest on record …. Mark Zuckerberg's Facebook Page Hacked …. YouTube Hack Hits Bieber Fans…. 12
Femee Fatale 13
Credential Phishing 14
Taxonomy of Exposure Service Disclosed Entrusted Data Data Data Incidental Behavioral Derived Data Data Data 15
Service Data, Disclosed Data 16
Entrusted Data, Incidental Data 17
Behavioral Data, Derived Data 18
Technology counter measures exist to address the threats 19
Responding to Social Media Threats Policy People Threats Process Technology 20
Federal Guidelines Guidelines for Secure Use of Social Media by Federal Departments and Agencies  Training  Network Controls  Host Controls  Policy Controls www.cio.gov/library/ 21
Secure Alternatives 22
Brand Protection Firm 23
Defense in Depth with Social Media in mind 24
Network/Client Security Hardened ACL’s Host Security Agent IPS Lockdown Policy Firewall Drive Encryption Perimeter Perimeter 25
Threat & Vulnerability Mgt Logging & Alerting 26
Securing the Mobile Workforce 27
Specialized Solutions 28
Social Mention 29
Websense Advanced Classification Engine (ACE) • Real-time security classification • Real-time content classification • Websense PreciseID™ technology data identification • Reputation services • URL filtering 30
Governance must be integrated into your strategy 31
Policies Protect the Organization Over Sharing Information (Intellectual Property) Mixing Business with Personal info (Tweet/Facebook/MyS pace/ect..) Rage Connection indulgence Click Happiness Password Sloth 32
IAN Study 10% 34% 2008 2009 33
Guidelines • Protect information • Be transparent and disclose • associations • Follow the law, follow the Code • Be responsible • Be nice, have fun and connect 34
Controls ensure policies are followed • Change Implementation • Information Security • Program Development • Disaster Recovery • Contracting • Facilities • IT Governance • IT Operations 35
CoBIT 36
Risk IT 37
ISACA – Social Media Presence Strategy and • Has a risk assessment been conducted to map risks to the enterprise present by use of social media? Governance • Has effective training been conducted for all users, and People do users receive regular awareness communications regarding policies and risks? • Have business processes that utilize social media been Process reviewed to ensure that they are aligned with policies and standards of the enterprise? • Does IT have a strategy and the supporting capabilities Technology to manage technical risks presented by social media? 38
Relationships with key stakeholders 39
Inclusive of a Team Team Members 1. IT 2. Marketing/Sales 3. Legal 4. External / Internal Audit 5. Compliance 6. Privacy 7. Ethics
Key Topics 41
Social Media Security Strategy Risk Technology Social Media Platforms Defined? Policy How do current How are the solutions address Are employees platforms utilized? the threats? trained on how to Who is currently Are there supporting use Social Media? utilizing them? technologies to Are there supporting address risk? controls and policies? 42

Recomendados

Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptxPink Elephant
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
 
20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security Threats20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security ThreatsJesse Wilkins
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Social media risk
Social media riskSocial media risk
Social media riskMosoco Ltd
 
Social media and Security: How to Ensure Safe Social Networking
Social media and Security: How to Ensure Safe Social NetworkingSocial media and Security: How to Ensure Safe Social Networking
Social media and Security: How to Ensure Safe Social NetworkingIshfaq Majid
 
Social Media Security 2011
Social Media Security 2011Social Media Security 2011
Social Media Security 2011Donald E. Hester
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 

Recomendados

Social media and security essentials.pptx
Social media and security essentials.pptxSocial media and security essentials.pptx
Social media and security essentials.pptxPink Elephant
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
 
20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security Threats20160317 ARMA Wyoming Social Media Security Threats
20160317 ARMA Wyoming Social Media Security ThreatsJesse Wilkins
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Social media risk
Social media riskSocial media risk
Social media riskMosoco Ltd
 
Social media and Security: How to Ensure Safe Social Networking
Social media and Security: How to Ensure Safe Social NetworkingSocial media and Security: How to Ensure Safe Social Networking
Social media and Security: How to Ensure Safe Social NetworkingIshfaq Majid
 
Social Media Security 2011
Social Media Security 2011Social Media Security 2011
Social Media Security 2011Donald E. Hester
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
Online Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyOnline Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyTom Eston
 
Cyber security for women using mobile devices
Cyber security for women using mobile devicesCyber security for women using mobile devices
Cyber security for women using mobile devicesJ A Bhavsar
 
Privacy and Social Networks
Privacy and Social NetworksPrivacy and Social Networks
Privacy and Social Networksblogzilla
 
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Rahul Boga
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Social Media for Science
Social Media for ScienceSocial Media for Science
Social Media for ScienceRoss Mounce
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessRobin Rafique
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
Online Privacy
Online PrivacyOnline Privacy
Online PrivacyIWMW
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
CybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINTCybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINTAimee Shuck
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...
Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...
Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...SpareBank 1 Gruppen AS
 
Security and social media
Security and social mediaSecurity and social media
Security and social mediaJP Rains, MBA
 

Mais conteúdo relacionado

Mais procurados

Online Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyOnline Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyTom Eston
 
Cyber security for women using mobile devices
Cyber security for women using mobile devicesCyber security for women using mobile devices
Cyber security for women using mobile devicesJ A Bhavsar
 
Privacy and Social Networks
Privacy and Social NetworksPrivacy and Social Networks
Privacy and Social Networksblogzilla
 
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Rahul Boga
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Social Media for Science
Social Media for ScienceSocial Media for Science
Social Media for ScienceRoss Mounce
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessRobin Rafique
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
Online Privacy
Online PrivacyOnline Privacy
Online PrivacyIWMW
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
CybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINTCybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINTAimee Shuck
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 

Mais procurados (20)

Online Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyOnline Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safely
 
Cyber security for women using mobile devices
Cyber security for women using mobile devicesCyber security for women using mobile devices
Cyber security for women using mobile devices
 
Privacy and Social Networks
Privacy and Social NetworksPrivacy and Social Networks
Privacy and Social Networks
 
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Social Media for Science
Social Media for ScienceSocial Media for Science
Social Media for Science
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness Briefing
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaks
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
 
Online Privacy
Online PrivacyOnline Privacy
Online Privacy
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
 
Data breach
Data breachData breach
Data breach
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Security
 
CybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINTCybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINT
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
 

Destaque

Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...
Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...
Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...SpareBank 1 Gruppen AS
 
Security and social media
Security and social mediaSecurity and social media
Security and social mediaJP Rains, MBA
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecurityBrian Honan
 
Social Media
Social MediaSocial Media
Social MediaAlex Wong
 

Destaque (6)

Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...
Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...
Social Media From a Security Point Of View - Telenor GoToSec and Telenor Peop...
 
Security and social media
Security and social mediaSecurity and social media
Security and social media
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
WeChat operation
WeChat operationWeChat operation
WeChat operation
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Social Media
Social MediaSocial Media
Social Media
 

Semelhante a Social Media Security Risk Slide Share Version

Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...SurfWatch Labs
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
FORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFERMA
 
Presentation sdimi risks, challenges and benefits of social media 2011
Presentation sdimi risks, challenges and benefits of social media 2011Presentation sdimi risks, challenges and benefits of social media 2011
Presentation sdimi risks, challenges and benefits of social media 2011ZoeMM
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Ben Rothke
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationCloudLock
 
Building A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentBuilding A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentMichael Smith
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Symantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
Best Practices for Secure Enterprise Social Media Deployments
Best Practices for Secure Enterprise Social Media DeploymentsBest Practices for Secure Enterprise Social Media Deployments
Best Practices for Secure Enterprise Social Media DeploymentsSprinklr
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
 
Ernst & Youngin Liiketoiminnan lait -seminaari 14.2.2013 Helsingissä, Antti H...
Ernst & Youngin Liiketoiminnan lait -seminaari 14.2.2013 Helsingissä, Antti H...Ernst & Youngin Liiketoiminnan lait -seminaari 14.2.2013 Helsingissä, Antti H...
Ernst & Youngin Liiketoiminnan lait -seminaari 14.2.2013 Helsingissä, Antti H...EY Finland
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 

Semelhante a Social Media Security Risk Slide Share Version (20)

Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
FORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challenge
 
Presentation sdimi risks, challenges and benefits of social media 2011
Presentation sdimi risks, challenges and benefits of social media 2011Presentation sdimi risks, challenges and benefits of social media 2011
Presentation sdimi risks, challenges and benefits of social media 2011
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
 
Building A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentBuilding A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and Government
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Unit 1 ip
Unit 1 ipUnit 1 ip
Unit 1 ip
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Symantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global ResultsSymantec 2011 Social Media Protection Flash Poll Global Results
Symantec 2011 Social Media Protection Flash Poll Global Results
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
Best Practices for Secure Enterprise Social Media Deployments
Best Practices for Secure Enterprise Social Media DeploymentsBest Practices for Secure Enterprise Social Media Deployments
Best Practices for Secure Enterprise Social Media Deployments
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
 
Ernst & Youngin Liiketoiminnan lait -seminaari 14.2.2013 Helsingissä, Antti H...
Ernst & Youngin Liiketoiminnan lait -seminaari 14.2.2013 Helsingissä, Antti H...Ernst & Youngin Liiketoiminnan lait -seminaari 14.2.2013 Helsingissä, Antti H...
Ernst & Youngin Liiketoiminnan lait -seminaari 14.2.2013 Helsingissä, Antti H...
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 

Social Media Security Risk Slide Share Version

  • 1. Social Media Security: How Social Media May Leave You Vulnerable Timothy Youngblood Dell, Compliance and Information Security Officer
  • 2. Social media platforms have entered the enterprise 24hrs of Video per 300 Million Users 75 Million Accts Min 3% Growth Per 6 Million Unique 3 Million Auto Week Visitors Connects 30 Billion Page 65 Million Tweets 2 Billion Views Per Views Per Day Per Day Day Public Sector / Private Sector Business Partners/Customers/End Users 2
  • 3. Security managers have to apply rules to these open platforms 3
  • 4. You have new risk that needs to be managed Malware Reputation Data Leakage 4
  • 5. Integrated Social Media security strategy to address key risk Social Media Remote Access Outsourcer Compliance 5
  • 6. Identify your risk, assess technology and policy /control mitigations Policy Technology Risk 6
  • 7. Social Media exposes a new threat vector in the enterprise 7
  • 8. Every platform has a weakness • Too Much Info (TMI) • Phishing • Password Sloth • Account Hi-Jacking 8
  • 10. Twitter 10
  • 11. YouTube 11
  • 12. Social Media in the headlines Twitter virus among shortest on record …. Mark Zuckerberg's Facebook Page Hacked …. YouTube Hack Hits Bieber Fans…. 12
  • 15. Taxonomy of Exposure Service Disclosed Entrusted Data Data Data Incidental Behavioral Derived Data Data Data 15
  • 19. Technology counter measures exist to address the threats 19
  • 20. Responding to Social Media Threats Policy People Threats Process Technology 20
  • 21. Federal Guidelines Guidelines for Secure Use of Social Media by Federal Departments and Agencies  Training  Network Controls  Host Controls  Policy Controls www.cio.gov/library/ 21
  • 24. Defense in Depth with Social Media in mind 24
  • 25. Network/Client Security Hardened ACL’s Host Security Agent IPS Lockdown Policy Firewall Drive Encryption Perimeter Perimeter 25
  • 26. Threat & Vulnerability Mgt Logging & Alerting 26
  • 27. Securing the Mobile Workforce 27
  • 30. Websense Advanced Classification Engine (ACE) • Real-time security classification • Real-time content classification • Websense PreciseID™ technology data identification • Reputation services • URL filtering 30
  • 31. Governance must be integrated into your strategy 31
  • 32. Policies Protect the Organization Over Sharing Information (Intellectual Property) Mixing Business with Personal info (Tweet/Facebook/MyS pace/ect..) Rage Connection indulgence Click Happiness Password Sloth 32
  • 33. IAN Study 10% 34% 2008 2009 33
  • 34. Guidelines • Protect information • Be transparent and disclose • associations • Follow the law, follow the Code • Be responsible • Be nice, have fun and connect 34
  • 35. Controls ensure policies are followed • Change Implementation • Information Security • Program Development • Disaster Recovery • Contracting • Facilities • IT Governance • IT Operations 35
  • 36. CoBIT 36
  • 37. Risk IT 37
  • 38. ISACA – Social Media Presence Strategy and • Has a risk assessment been conducted to map risks to the enterprise present by use of social media? Governance • Has effective training been conducted for all users, and People do users receive regular awareness communications regarding policies and risks? • Have business processes that utilize social media been Process reviewed to ensure that they are aligned with policies and standards of the enterprise? • Does IT have a strategy and the supporting capabilities Technology to manage technical risks presented by social media? 38
  • 39. Relationships with key stakeholders 39
  • 40. Inclusive of a Team Team Members 1. IT 2. Marketing/Sales 3. Legal 4. External / Internal Audit 5. Compliance 6. Privacy 7. Ethics
  • 42. Social Media Security Strategy Risk Technology Social Media Platforms Defined? Policy How do current How are the solutions address Are employees platforms utilized? the threats? trained on how to Who is currently Are there supporting use Social Media? utilizing them? technologies to Are there supporting address risk? controls and policies? 42