a best practices guide for mitigating risk in the use of social media
Post on 06-Apr-2018
217 Views
Preview:
TRANSCRIPT
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
1/36
Strengthening
Cybersecurity Series
A Best Practices Guide for Mitigating Risk in the Use of Social Media
Alan Oxley
Universiti Teknologi PETRONAS
Malaysia
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
2/36
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
3/36
A Best Practices Guide for Mitigating Risk
in the Use of Social Media
Strengthening Cybersecurity Series 2011
Alan Oxley
ProfessorComputer and Information Sciences Department
Universiti Teknologi PETRONAS Malaysia
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
4/36
2
Foreword ............................................................................................................................3
Executive Summary ............................................................................................................. 4
Introduction ........................................................................................................................ 5Background .................................................................................................................... 5
How We Participate and Collaborate Online ........................................................................6
The Potentialand Potential Risko Social Media ............................................................ 7
Relevant Security Threats ................................................................................................. 8
Mitigating The Risk o Identity Thet ...................................................................................... 9
Inormation Scraping ........................................................................................................9
Social Engineering .........................................................................................................12
Phishing .......................................................................................................................14
Spoofng .......................................................................................................................18
Mitigating the Risk o Malware ............................................................................................ 20
E-mail Attachments .......................................................................................................20
Social Media Websites ...................................................................................................22
Unsecured Data Storage Devices .....................................................................................25Reerences ........................................................................................................................ 27
About the Author ............................................................................................................... 30
Key Contact Inormation ..................................................................................................... 31
TABLE OF CONTENTS
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
5/36
3
On behal o the IBM Center or The Business o Government, we are pleased to present this report,A Best Practices Guide or Mitigating Risk in the Use o Social Media, by Proessor Alan Oxley.
Social media continue to grow across the globe, and the United States ederal government is no exception.The administration and Congress actively and increasingly use social media to communicate, to take inorma-tion in, and to collaborate across boundaries. Yet the benefts o increased involvement through social mediaalso raise new risks to the security o agency inormation.
This guidewas written to help government managers, IT sta, and end users understand the risksthey ace when turning to social media to accomplish agency missions, and to mitigate those risks.The guideollows the publication o several other recent IBM Center reports which examine the cur-rent and potential use o social media by government agencies, including:
Assessing Public Participation in an Open Government Era by Carolyn J. Lukensmeyer, Joseph P.Goldman, and David Stern
Using Wikis in Government: A Guide or Public Managers by Ines Mergel Using Online Tools to Engageand be Engaged byThe Public by Matt Leighninger
Thisguide complements these reports, presenting a view o the cybersecurity risks intrinsic to socialmedia use and, more important, how to mitigate them. We hope that its suggested risk mitigationactivities inorm government agencies on how best to leverage social media in accomplishing theirmissions more eectively and efcientlyand more securely.
FOREWORD
Jonathan D. BreulExecutive DirectorIBM Center or The Business o Governmentjonathan.d.breul @ us.ibm.com
Dan ChenokSenior Fellow, IBM Center or The Business oGovernmentIBM Global Business Serviceschenokd @ us.ibm.com
http://www.businessofgovernment.org/report/assessing-public-participation-open-government-erahttp://www.businessofgovernment.org/report/using-wikis-government-guide-public-managershttp://www.businessofgovernment.org/report/using-online-tools-engage-publichttp://www.businessofgovernment.org/report/using-online-tools-engage-publichttp://www.businessofgovernment.org/report/using-wikis-government-guide-public-managershttp://www.businessofgovernment.org/report/assessing-public-participation-open-government-era -
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
6/36
4
EXECUTIVE SUMMARY
This guide explores how security controls can be used by government inormation technology sta,managers, and users to mitigate the risks intrinsic to social media. Specifcally, this guide seeks tohelp readers understand the risks posed by many Web 2.0 applications and how best to mitigate
those risks. Throughout the text, the term government reers to ederal, state, and local government.
Cybersecurity is a complex topic. Social media have vulnerabilities, as do all computer applications.Some o these are specifc to certain websites or applications, while others are intrinsic to all socialmedia. The goal o this guide is to suggest hardware and sotware controls and acceptable use poli-cies (AUPs) that mitigate risk.
The extent to which social media should be used in government depends on the likely benefts andpotential risksa determination that government managers must make. Government managers should
place a high priority on the security o their digital assets, computer networks, sta, and constituents.They will have to decide whether or not there is a business case or the use o social media in theirindividual organizations. A risk assessment is inherent in the decision.
This guide describes the security measures that can be applied in the context o Web 2.0 socialmedia applications. The guide covers two topics: identity thet, which is a threat both to governmentemployees and the constituents they serve, and malware, which is a threat to computers and com-puter networks.
This guide presents risk mitigation activities or our identity thet threats: inormation scraping, socialengineering, phishing, and spoofng. The guide also presents risk mitigation activities or three malwarethreats: e-mail attachments, spoofng, and unsecured data storage devices.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
7/36
5
INTRODUCTION
BACKGROUND
In January 2009, President Barack Obama issued a memorandum on the subject o transparency
and open government, calling or transparency, participation, and collaboration (Obama, January2009). Technological advances, especially those related to social media, have the potential to bringabout a greater engagement by the public in government. Governments interest in using social mediais growing rapidly, encouraged by administrators, politicians, and the general public.
Governments should implement strategies to motivate citizens to become active. Public involvementin society is desirable in democracies, and Web 2.0 is one way to achieve it. A main beneft oincreased public involvement is increased public service efciency with a consequent reduction incost. A social network also has the potential value o building social capital.
As ar as ormulating U.S. technology policy is concerned, a conerence was held in 2008Computers,Freedom, and Privacy: Technology Policy 08to discuss cybersecurity issues. Its organizers drewattention to the act that In the areas o privacy, intellectual property, cybersecurity, telecommunica-tions, and reedom o speech, an increasing number o issues once confned to experts now penetratepublic conversation (Computers, Freedom, and Privacy Conerence, 2008).
This guide addresses the cybersecurity measures, tools, and approaches that can enhance national,agency, and individual security (Bertot et al., August 12, 2010). The issues to be discussed are
undamental to the successul adoption o social media by government.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
8/36
6
INTRODUCTION
HOW WE PARTICIPATE AND COLLABORATE ONLINE
Participation and collaboration are acets o sel-governance, and the tools we use to participate and
collaborate are shaped by (and in turn shape) the relationship between collaborating parties. Theprimary vehicle or participation and collaboration is sharing: inormation, perspectives, tasks, andeven resources. In discussing social media, there are our broad ways in which sharing can take place(Drapeau & Wells II, April 2009):1. Inward sharing, or sharing inormation within agencies. This type o sharing is restricted to gov-
ernment ofcials and excludes the public. Proprietary sotware exists or this, such as SharePointand the micro-blogging service Yammer.
2. Outward sharing, or sharing inormation with entities beyond agency boundaries. Examples o this
type o sharing are GovLoop and STAR-TIDES. GovLoop is a social network or the governmentcommunity which is not run by the U.S. government. STAR-TIDES is an acronym or Sharing ToAccelerate ResearchTransormative Innovation or Development and Emergency Support, a DoDsponsored knowledge-sharing research project that promotes sustainable support and humanitar-ian assistance to stressed populations across the world.
3. Inbound sharing, also called crowdsourcing, allows government to obtain input rom citizens andother persons outside the government more easily. One kind o crowdsourcing task is online voting,but there are several others. Two experiments in crowdsourcing are the Obama administrationsSAVE awards, which requested ideas on how to streamline the U.S. government, and the House
Republican website America Speaking Out, which requests ideas rom Americans on how to bal-ance the budget and reduce the defcit.
4. Outbound sharing, whose purpose is to communicate with and/or empower people outside thegovernment. This can be achieved by web conerencing. A control group experiment to evaluate theacceptability and eectiveness o holding online town hall meetings was conducted in 2009 (Lazeret al., 2009). One fnding: Participants in the sessions were more likely to vote and were dramati-cally more likely to ollow the election and to attempt to persuade other citizens how to vote.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
9/36
7
INTRODUCTION
THE POTENTIALAND POTENTIAL RISKOF SOCIAL MEDIA
This guide provides advice on the security issues relating to the use o social media. Social media
usage has the potential to enable U.S. citizens to participate more ully in government. It has alreadyplayed a signifcant role in some o todays dramatic events.
Throughout the world, the public can use social networking websites to voice objections abouttheir governments plans. At a more extreme level, social networks have played a role in organiz-ing protests that have brought down national governments. In the January 2011 protests in Egypt,social networking was credited with being a key mobilizing orce. Facebook, a social networkingwebsite central to Egyptian protestors, has also been reported as being instrumental in the February2011 social unrest in Bahrain. At the end o April 2011, it was widely reported that a Facebook
page entitled Syrian Revolution 2011 called or mass demonstrations ater Friday prayers. Also inlate April 2011 in Vietnam, Nguyen Cong Chinh was arrested, allegedly due to his anti-governmentstance, partly expressed through web posts (Viet Nam News, April 29, 2011).
Leaving these sensational examples aside, social media can allow people to interact in a more prosaicway with their elected leaders and know that the leaders themselves are listening. For example, DavidPloue, senior advisor to the president, monitors social networking chatter or Barack Obama (Scherer,May 30, 2011), an activity termed sentiment analysis. Ploue ollows what is happening on Twitterand Facebook. On Twitter, the hashtags used to identiy the topic o a tweet (or example, #immigration)allow all those who ollow the specifc topic to view the tweet.
Social media, however, also present a variety o new threats posed by cybercriminals and oreignpartners. For example, when people use a social media website, they do not know how vulnerablethe website is to security breaches. Furthermore, there is the problem o social engineering, a termused when someone is trying to raudulently acquire confdential personal inormation rom a user.Another problem is that social media websites also allow users to run third-party applications suchas games and provide tools to personalize their page, and these uses have vulnerabilities.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
10/36
8
INTRODUCTION
RELEVANT SECURITY THREATS
Government inormation systems are a constant target o attacks rom malicious individuals. There
are a variety o threats, but most that are perpetrated through social media all into one o two types:identity thet and malware.
Mitigating the Risk o Identity Thet
Identity thet is a crime that may occur to individuals or groups as large as hundreds o thousands opeople at a single time. The damage may be as little as the loss o a hundred dollars (usually borneby fnancial institutions, in the case o stolen credit or debit cards) or hundreds o thousands o dol-lars in the case o raudulently opened bank, credit, or even mortgage accounts; resulting in more
losses rom the legal work that must be done by both fnancial institutions and individuals to achieveresolution and restitution. To mitigate this risk, it is essential to understand how identity thet is per-petrated. Identity thet can occur by inormation scraping via social media websites and social mediaapplications; social engineering; phishing; and spoofng.
Mitigating the Risk o Malware
Malware is short or malicious sotware, and covers a range o threats, including viruses, worms,trojans, bots, and other harmul code. Hackers develop malware or a number o reasons, includ-ing the desire to cripple the government or simply the potential o personal gain. Some malware is
designed to attack the system in which it is installed; other orms are intended to take over their hostsystem to launch an attack on a third party; and yet other applications are written not to cause anydamage to the system, but to enable the creators to steal data residing on that system.
Whatever the goal o the malware, there are steps that end users, managers, and technical sta cantake to mitigate the risk o malware. The point o attack determines the best countermeasures. Thethree most common sources or malware are e-mail attachments; websites, including social mediawebsites; and unsecured data storage devices, such as thumb drives.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
11/36
9
INFORMATION SCRAPING
Understanding the Risk
People put an astounding amount o personal inormation online: a phone number on one website, apicture on another, a birthdate on a third, an address on a ourth, and so on. What they ail to real-ize is that this inormation can be harvested or scraped rom many websites and compiled into asingle, comprehensive portrait o the user. This inormation can then be used by cybercriminals eitherto commit identity raud or to sell to organizations who will commit identity raud.
Why Social Media are Vulnerable
Social media websites are especially tempting targets or inormation scraping. There are two ways
that this can happen. The frst way is simply through accessing a persons inormation page. Oten,people will divulge inormation through a social media website, and then relax their privacy controls.Thankully, this is easy to correct.
Social media websites also allow users to personalize their pages and to run third-party applicationssuch as games. However, this grants the application access to all o a users personal inormation,irrespective o any privacy setting made in the social media website (Thomas et al., 2010). The vastmajority o these applications only need basic personal details o a user. Furthermore, anyone canwrite an application and so some applications will have no security controls. Worse still, an application
could have been developed by a cybercriminal.
Risk Mitigation Activities
Both managers and end users can help mitigate the risk o inormation scraping by creating and thenollowing prudent social media guidelines. Though the specifcs will be dierent or each ofce, theguiding principle is the same: dont put any more personally identifable inormation (PII) online thanis strictly necessary.
MITIGATING THE RISK OF IDENTITY THEFT
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
12/36
10
MITIGATING THE RISK OF IDENTITY THEFT
To protect citizens who are accessing government services or communicating with their governmentonline, management and IT sta must work together to ask or the least amount o personally identifableinormation possible rom citizens, and either delete that inormation once it is no longer necessary or
saeguard it against possible thet.
By users
Set privacy settings to their maximum, so that only trusted sources have access to personallyidentifable inormation.
Review all changes to the privacy policies o requently visited websites, including social mediawebsites.
Careully review the permissions requested by social media applications, including games andother add-ons requested by riends.
Never divulge more personal inormation than absolutely necessary on any website. Personallyidentifable inormation includes: Tagged photos A social security number (even a partial number) Full name Full date o birth Schools attended Work address (and phone number)
Family photos The names o children and amily members Home address (and phone number) Places regularly visited Dates and details o uture outings and vacations, and other times that the user will be away
rom home
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
13/36
11
MITIGATING THE RISK OF IDENTITY THEFT
By management
Create an acceptable use policy (AUP) speciying the rules o behavior when using social media.Among other things, this should inorm employees and the general public what inormation can
and cannot be posted on the social media website. Stay abreast o proposed confguration changes to social media websites. Decide how long social media messages are to be retained. Respect the privacy o users rom the general public. This applies not just to government data, but
to data hosted by the social media provider. Periodically warn citizens o the threat o identity thet rom inormation shared on social media
websites. Additionally, managers should share the link to their ofcial guidelines on what inorma-tion should and should not be shared through social media.
Create a process to handle unauthorized or raudulent postings.By IT sta
Ensure that all websites are compliant with management guidelines. Update all security patches as required. Research ways to serve constituents without requiring them to divulge personally identifable
inormation.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
14/36
12
SOCIAL ENGINEERING
Understanding the Risk
Social engineering is a method used by hackers to acquire confdential personal inormation throughraud. Sometimes the hacker will contact the victim directly and try to solicit personal inormationover the phone, through a web-based application like e-mail, or through a social media website.Another tactic is or a hacker to contact a third party, like an ofce administrator, executive assistant,or even IT sta. The hacker may ask or personally identifable inormation such as birthdates, homeor work addresses, or other data.
Why Social Media are Vulnerable
Managers, IT sta, and end users alike must recognize that connecting with people online posesprivacy and security risks. One orm o social engineering occurs when a cybercriminal on a socialmedia website tries to beriend others. The intention is to build up trust so that confdential privateinormation can be more easily extracted. The cybercriminal can create a ake Facebook profle or abogus Twitter account.
On social media websites there are difculties in establishing the authenticity o a persons identitywhen communicating with them, and in determining the accuracy o posts. Social media providersmay be ineective at detecting compromised accounts and subsequently restoring them. Another
cybercriminal ploy is to try to beriend someone by claiming to have something in common; thecybercriminal may then contact the person through e-mail, over a social media website, or even onthe telephone.
Risk Mitigation Activities
Social engineering relies primarily on person-to-person contact, bypassing many technical securitymeasures. Because o the ocus on individuals, the precautions all mainly to end users and manage-ment, though IT sta may play a supporting role or each.
MITIGATING THE RISK OF IDENTITY THEFT
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
15/36
13
By users
Never reveal personally identifable inormation (PII)whether through e-mail, a social mediawebsite, or even a phone conversationunless certain o the recipients credentials.
Review and ollow managements guidelines or interactions with constituents and IT administratorsto protect all parties PII.
By management
Create a set o guidelines or sharing PII that encourages users to: Understand the kinds o inormation that may be shared, and whom it may be shared with.
This includes personal inormation about individuals. Be cautious divulging their private inormation. Appreciate the risks and understand the methods o social engineering. Realize the legal issues involved in social engineering. Attend training programs at regular intervals.
By IT sta
Conduct training sessions at regular intervals and perorm spot-checks to ensure compliance withsocial engineering rules.
Ensure that systems are in place to help users guard against social engineering attacks.
MITIGATING THE RISK OF IDENTITY THEFT
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
16/36
14
PHISHING
Understanding the Risk
When social engineering is done via e-mail or social media website, it is reerred to as phishing. Themessages could be sent indiscriminately, or target an individual or a specifc group. In the latter case,the practice is reerred to as spear phishing. When the individual or group is a powerul one, the termwhaling is used.
Phishing using social media messages raises additional security implications as these messages arenot subjected to the checks perormed by e-mail systems. Many web browsers do, however, have aphishing flter in them. The flter helps detect suspicious websites by comparing a website against a
list o known rogue websites, and by checking to see whether a website fts the profle o a phishingwebsite.
Why Social Media are Vulnerable
A message is more likely to be taken seriously i it contains inormation about the receiver. This inor-mation could be publicly available, as on a social media website, or it could be stolen.
The more the message is tailored to the receiver, the easier it is to pass through systems that flter outspam and messages with virus links or attachments, as the messages do not ft the pattern o typical
rogue communication. There are also many scams, such as an e-mail asking or money because thepresumed sender (a trusted person whose e-mail has been hacked) is stranded somewhere.
It is also conceivable that phishers could try to use a government agency as a cover or their scam,orging a .gov domain or their e-mail. Thus, in addition to guarding against internal employees all-ing prey to a phishing attack, government managers should be vigilant against raudulent use o theiragency domain.
MITIGATING THE RISK OF IDENTITY THEFT
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
17/36
15
Risk Mitigation Activities
Phishing can be countered both through technological and behavioral approaches.
By users Social Media Websites
Join only those social media websites with explicit and strong privacy policies. Not all socialmedia websites privacy policies ully protect users personally identifable inormation. Severalsocial networking websites allow non-registered individuals to view a profle, and others shareusers e-mail addresses and preerence inormation with third parties.
Account Settings
Frequently check the available privacy options to ensure that personal inormation is private.
Use the How others see you tool on the ReclaimPrivacy.org website to check that the privacysettings are unctioning as expected. (ReclaimPrivacy.org provides a tool that can be used toinspect a users Facebook privacy settings, and give warnings about settings which make theusers inormation public.)
When available, confgure privacy settings so that only trusted individuals have access to postedinormation. Restrict the number o people who can post inormation on a personal page.
Have a setting that will limit access to account data to protect it rom an undesirable audience,as well as limiting access to your profle to amily members, riends, teammates, or personalacquaintances.
Personal Inormation Publish only the inormation necessary to maintain communication with other social media users. Ask what personal inormation about me do I wish to be available online? (Once inormation
is online, it is no longer private. Individually, personal acts can seem to not pose a securityrisk; collectively, these personal acts constitute an individual profle.)
Consider the type o inormation to be posted. For example, do not publish credit card numbers,fnancial account numbers, or confdential workplace inormation. Even birthdate inormation,coupled with a zip code, is oten enough to identiy someone.
MITIGATING THE RISK OF IDENTITY THEFT
http://www.reclaimprivacy.org/http://www.reclaimprivacy.org/http://www.reclaimprivacy.org/http://www.reclaimprivacy.org/ -
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
18/36
16
MITIGATING THE RISK OF IDENTITY THEFT
Remember the importance o personal privacy, either while creating profle inormation or post-ing inormation on a social networking website.
Use only private messages (i available) to send personal or sensitive data to responsible per-
sons. Sending sensitive data through social networking websites is not advisable, however, as itis not possible to be sure o the security protection on these websites.
Post only general inormation that you are comortable sharing with any social networkingwebsite member.
Do not divulge certain inormation pertaining to plans, hopes, and goals. This inormation isoten used by social engineering schemes.
When uploading a photo, remember to take advantage o security measures that prevent othersrom copying and making use o the photo. (Beore downloading a picture, a user should have
concern or the owner o the picture and seek permission to download it, where necessary.) Do not publish private inormation about other people or the workplace. Divide riends into dierent lists, such as Family, Friends Outside o Work, Colleagues,
etc. (A dierent level o access can be given to each list.) Building up a Relationship
Exercise caution when adding a previously unknown riend or joining a new group or page.Beore admitting a new person behind a privacy wall, whether a riend-o-a-riend or someonesuggested by the social media website, attempt to confrm details about this new person. Findout their relationship to another trusted riend, perorm a web search or the person, or use
some other way o fnding out more about the person. Be conscious o behavior while on a social networking website. Remember to go through the
above steps in order to avoid any unpleasantness. (Getting to know people in a virtual environ-ment has many hazards. Although it can be rewarding, such interaction also carries signifcantrisk. The above steps only suggest ways o countering some threats and do not necessarilyprevent threats rom materializing.)
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
19/36
17
MITIGATING THE RISK OF IDENTITY THEFT
Screen Names
Choose a screen name (identiying online pseudonym) that does not reveal too much personalinormation.
By management
Prepare a guideline and training sessions or end users and technology sta on the dangers ophishing and how to handle suspicious e-mails.
Develop a section o the agencys websitewith a single point o contactto help citizens veriythat an e-mail purportedly sent by your agency is not the product o a phisher.
Send inormation to the general public at regular intervals, reminding them o the existence oindividuals who are trying to raudulently acquire inormation, and the guidelines on what inorma-tion should and should not be posted using social media.
By IT sta
Use tools to monitor user behavior so that a check can be made on whether policy is beingadhered to.
Request the social media website owner to remove certain felds rom a government users page sothat the user cannot give out personal inormation, such as a resume, through the page.
Make users aware o the risks involved and give them examples o the types o attack. Make users aware o the acceptable use policy (AUP). Train users in the sae usage o social media websites. Make users aware o what inormation can be shared and with whom. This includes personal
inormation about individuals. Caution users about divulging private inormation. Inorm users about social engineering. Make users aware o the legal issues. Repeat awareness development and training at regular intervals.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
20/36
18
MITIGATING THE RISK OF IDENTITY THEFT
SPOOFING
Understanding the Risk
The term spoofng reers to the practice o developing a website that mirrors a trusted website, butcan be used either or identity thettypically by asking users to send login inormation or theduplicated websiteor to install malware onto the user s computer. Spoofng can be accomplished intwo ways: frst, by sending a link in an e-mail or social media message; second, by hacking a trustedwebsite, changing its behavior in a way that most users would not notice.
E-mail spoofng. Clicking a link in a message could cause a malicious webpage that installs malwareto be displayed. The webpage sends malicious script to the user s browser. When this happens it is
reerred to as a drive-by download. It is possible to get a rough idea o where the link is taking a userby looking at the URL. Note that the link that you see does not necessary take you to that address.To see where the link is taking you, you have to position the mouse cursor over the link. Furthermore,there are services which will take a URL and rename it. This is particularly useul in Twitter postswhere the number o characters is limited. TinyURL and bit.ly are examples o URL shortening ser-vices. Developed to replace long URLs with short ones, they can also be used by malicious individu-als to obscure the actual URL.
Website spoofng, including social media websites. Even i the website is a legitimate one, it may
have been compromised with malicious scripts that will be downloaded to the users browser whenthe webpage is displayed.
Two examples are cross-site scripting (XSS) and cross-site request orgery. Cross-site request orgeryis similar in operation to XSS, but allows a hacker to send unauthorized messages to the genuinewebsite accessed by the victim.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
21/36
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
22/36
20
MITIGATING THE RISK OF MALWARE
E-MAIL ATTACHMENTS
Understanding the Risks
Files can be attached to an e-mail message. Similarly, fles can be attached to social media mes-sages, such as in Facebook. Attached fles could be malware. Once again, the receiver is more likelyto open the fle i the flename is relevant to the receiver. For example, i an employee o the IBMCenter or The Business o Government receives a message with an attachment that looks as thoughit has come rom a co-worker, then the employee is more likely to open it.
Why Social Media are Vulnerable
A social media message can have a fle attached to it and this could be inected.
Risk Mitigation Activities
Because many ofces use e-mail to send fles, it may not be easible simply to ban the practice.Short o that ail-sae method to counter this threat, there are measures that end users, managers,and IT sta can take to mitigate this risk.
By users
Watch out or messages which require guesswork by user to determine subject and sender othe e-mail.
Exercise caution in opening fles attached to e-mails and social media messages.
By management
Make a plan documenting security controls and review this plan at regular intervals. Decide on the process or handling security issues raised by the general public.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
23/36
21
By IT sta
Continue with the controls that the government organization already has in place to combatmalicious e-mail.
Connect to the Internet via a Trusted Internet Connection. The U.S. ederal government has aTrusted Internet Connection program. These connections oer increased levels o security.
Take measures to protect the actual PCs used by users. Use tools to monitor user behavior so that a check can be made on whether policy is being
observed. Install the latest web browsers on PCs; they are likely to have better security controls than older
browsers. Consider storing all communication, i it is technically easible.
Make users aware o the risks involved and give them examples o the types o attack. Make users aware o the organizations AUP. Make users aware o the legal issues. Repeat awareness development and training at regular intervals.
MITIGATING THE RISK OF MALWARE
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
24/36
22
SOCIAL MEDIA WEBSITES
Understanding the Risk
With the advent o interactive websites, hackers gained a way to install malware on a users com-puter through seemingly innocuous meanssometimes without the user even being aware that theirmachine was being inected at all. Using any one o a number o technologiesAJAX, Java, andDirectX are examplesand in combination with spoofng or social engineering, hackers can bypasssecurity sotware and introduce malware.
Why Social Media are Vulnerable
Visitors to social media websites do not always know how vulnerable the website is to security
breaches. Although a security standard has recently been developed or web application developersto adhere to, it is difcult to know i a particular website is adhering to it or not. The standard is theApplication Security Verifcation Standard, developed by the Open Web Application Security Project.It specifes our levels o security control provision.
Risk Mitigation Activities
Threats rom websites are emerging all the time, and it can be difcult or end users to keep abreasto all the dangerous websites. Even well-known websites can all victim to hackersin act, the most
popular websites are also the most tempting targets due to their large audience. Still, end users,managers, and IT sta all can play a part in reducing this risk.
By users
Use a password that is at least 10 characters long and has a mixture o letters, numbers, andsymbols. Use a dierent password or each website, so that i a cybercriminal discovers onepassword, the users identity at only one website is compromised.
MITIGATING THE RISK OF MALWARE
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
25/36
23
Beore creating a password, ask what personal inormation is available about me online? (Thenew password should not contain any o this inormation. When setting up a password, a websiteoten asks the user to speciy security questions and the answers to them. Do not select questions
or answers containing personal inormation available online.) Exercise caution when using third-party applications within social media websites.
By management
Make a plan that documents the security controls and review this plan at regular intervals. Decide on the process or handling security issues raised by the general public. Perorm a risk assessment. Making use o social media may expose a government organization to
new security risks. A risk assessment can analyze these new risks. Consider asking an indepen-dent party to give a risk assessment.
Put all social media products in one o our categories: can be used at work or at home; can onlybe used at work, i.e., rom behind the ofce frewall; can only be used only on certain ofce PCs,either those that have better security or those that are isolated rom the bulk o the ofce network;or cannot be used anyplace.
Consider only social media websites that have a responsible attitude toward security. Consider thepurpose given or using social media and look into the specifcs o the particular website(s) thathave been recommended.
Make a plan to review the security controls implemented by the social media provider.
Develop an AUP speciying the rules o behavior when using social media. Among other things,this should inorm employees and the general public o what inormation can and cannot beposted on the social media website.
The Security Operations Center (SOC) o the government organization needs to interact with thesecurity experts o the social media provider. Make the roles and responsibilities o both partiesclear. The SOC should ensure that the social media provider is adhering to government policy.
Ask the social media website provider to make the government organization aware o proposedconfguration changes.
MITIGATING THE RISK OF MALWARE
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
26/36
24
By IT sta
Continue with the online usage controls that the government organization already has in place tocombat rogue websites.
Connect to the Internet via a Trusted Internet Connection. The U.S. ederal government has aTrusted Internet Connection program. These connections oer increased levels o security.
Take measures to protect the actual user PCs. Use tools to monitor user behavior so that a check can be made on whether policy is being
adhered to. Install the latest web browsers on PCs; they are likely to have better security controls than older
browsers. Consider storing all communication, i it is technically easible.
Decide which websites, or content, users are prohibited rom viewing and flter websites accord-ingly. Many flters on the market have advanced eatures that can grant dierent levels o permis-sions or dierent users, based on their roles and social media needs.
Consider using a sandbox, a digital virtual environment, to test new social media websites andapplications.
Consider separating the network used or social media access rom the one used or general ofceuse, so as to isolate any security breaches should they occur.
Consider reaching out to the administrators o social media websites requented by users in yourofce, and coordinate with them to encourage strong authentication mechanisms.
I the government has negotiated a security contract with the social media website owners, thenthe government organizations SOC should monitor adherence o the website owners to the con-tract. This includes logging incidents and the speed with which they are addressed.
Make users aware o the risks involved and give them examples o the types o attack. Make users aware o the organizations AUP. Make users aware o the legal issues. Train users in the sae usage o social media websites. Repeat awareness development and training at regular intervals.
MITIGATING THE RISK OF MALWARE
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
27/36
25
UNSECURED DATA STORAGE DEVICES
Understanding the Risk
Even computers and networks that are not connected to the Internet are in danger o being inectedby malware through the unwitting use o portable data storage devices, such as the ubiquitous thumbdrives. In the most high-profle case, a worm called Stuxtnet was transmitted into a closed computernetwork when someone used an inected thumb drive on an otherwise secure computer. The resultwas a severely compromised network.
Why Social Media are Vulnerable
The availability o small portable data storage devices, such as thumb drives, allows data intended or
uploading to social media to be introduced behind the government departments frewall. Further, thedrives themselves are oten used by more than one person, increasing the likelihood o malware inec-tion and exposing all users to the risks engendered by the least careul.
Risk Mitigation Activities
Because o the straightorward nature o the attack, this is as easy to prevent as it is to occur.Through end user behavior or technical activity, data storage devices should simply not be used oncomputers connected to secured networks.
By users Adhere to the AUP.
By management
Make a plan documenting security controls and review this plan at regular intervals. Decide on the process or handling security issues raised by the general public. Decide on the mobile devices that will be allowed access to PCs.
MITIGATING THE RISK OF MALWARE
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
28/36
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
29/36
27
Abdul Waheed, S. & Elis, S. (2011, February 13). PM: No parallels between Egypt and Malaysia,New Sunday Times, Malaysia.
Bertot, J.C, Jaeger, P.T., Munson, S., Glaisyer, T. (2010, August 12). Engaging the Public in OpenGovernment: Social Media Technology and Policy or Government Transparency. Retrieved romwww.tmsp.umd.edu/TMSPreports_fles/6.IEEE-Computer-TMSP-Government-Bertot-100817pd.pd
Catholic Education Ofce, Sydney. (2011, February 21). Sta Use o Social Media in Sydney CatholicSchools. Retrieved rom www.ceosyd.catholic.edu.au/Parents/Curriculum/Documents/pol-socialmedia-sta.pd
Chie Inormation Ofce. (2009, September). Guidelines or Secure Use o Social Media by FederalDepartments and Agencies, Version 1.0.
City o Chandler, Arizona. (2009, August).Administrative Regulation: Social Media/SocialNetworking. Retrieved rom http://icma.org/en/icma/knowledge_network/documents/kn/Document/300737/Social_Media_Policy__City_o_Chandler_AZ
Coleman, C. (2009, August 25). Web 2.0 Tools Encourage Public Debate, Remarks at the CRMEvolution 2009, New York. Retrieved rom www.gsa.gov/portal/content/103720
Computers, Freedom, and Privacy Conerence. (2008). Technology Policy 08. Retrieved romwww.cp2008.org/wiki/index.php/Main_Page
comScore, Inc. (2011, February). U.S. Digital Year in Review 2010: A Recap o the Year in DigitalMedia.
De Jong, J., and Rizvi, G. (eds.) (2009). The State o Access: Success and Failure o Democraciesto Create Equal Opportunities (Innovative Governance in the 21st Century). Brookings InstitutionPress.
REFERENCES
http://www.ceosyd.catholic.edu.au/Parents/Curriculum/Documents/pol-socialmedia-staff.pdfhttp://www.ceosyd.catholic.edu.au/Parents/Curriculum/Documents/pol-socialmedia-staff.pdfhttp://icma.org/en/icma/knowledge_network/documents/kn/Document/300737/Social_Media_Policy__City_of_Chandler_AZhttp://icma.org/en/icma/knowledge_network/documents/kn/Document/300737/Social_Media_Policy__City_of_Chandler_AZhttp://www.gsa.gov/portal/content/103720http://www.cfp2008.org/wiki/index.php/Main_Pagehttp://www.cfp2008.org/wiki/index.php/Main_Pagehttp://www.gsa.gov/portal/content/103720http://icma.org/en/icma/knowledge_network/documents/kn/Document/300737/Social_Media_Policy__City_of_Chandler_AZhttp://icma.org/en/icma/knowledge_network/documents/kn/Document/300737/Social_Media_Policy__City_of_Chandler_AZhttp://www.ceosyd.catholic.edu.au/Parents/Curriculum/Documents/pol-socialmedia-staff.pdfhttp://www.ceosyd.catholic.edu.au/Parents/Curriculum/Documents/pol-socialmedia-staff.pdf -
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
30/36
28
REFERENCES
Drapeau, M. & Wells II, L. (2009, April). Social Sotware and National Security: An Initial NetAssessment, Center or Technology and National Security Policy, National Deense University.Retrieved rom www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA497525
Edelman, B. (2011, JanuaryFebruary).Adverse selection in online trust certifcations and searchresults. Electronic Commerce Research and Applications, Volume 10, Issue 1, Pages 1725.
European Union, Ministers or eGovernment Policy. (2009, November 18). Ministerial Declarationon eGovernment. Retrieved rom www.egov2009.se/wp-content/uploads/Ministerial-Declaration-on-eGovernment.pd
Governor, J., Hinchclie, D., Nickull, D. (2009). Web 2.0 Architectures, OReilly.
Hrdinova, J., Helbig, N., and Peters, C.S. (2010, May). Designing Social Media Policy orGovernment: Eight Essential Elements, Center or Technology in Government, University o Albany,New York. Retrieved rom www.ctg.albany.edu/publications/guides/social_media_policy/social_media_policy.pd
Kundra, V. (2009, May 19). The State o Federal Inormation Security. Retrieved rom www.cio.gov/pages.cm/page/Vivek-Kundra-Testimony-on-the-state-o-Federal-inormation-security
Lavasot AB. (2010, June). 9 Ways to Control Your Privacy on Social Network Sites. Retrieved romwww.lavasot.com/company/newsletter/2010/06/article_9_ways_to_control_your_privacy_on_social_
networking_sites.php
Lazer, D., Neblo, M., Esterling, K., Goldschmidt, K. (2009) Online Town Hall Meeting: ExploratoryDemocracy in the 21st Century, 2009 Congressional Management Foundation, Washington, D.C.Retrieved rom www.cmweb.org/storage/cmweb/documents/CMF_Pubs/online-town-hall-meetings.pd
Lim, P. (2011, April 29). Singapores top satirist thrives in election season, AFP News. Retrievedrom http://sg.news.yahoo.com/singapores-top-satirist-thrives-election-season-025109933.html
http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA497525http://www.egov2009.se/wp-content/uploads/Ministerial-Declaration-on-eGovernment.pdfhttp://www.egov2009.se/wp-content/uploads/Ministerial-Declaration-on-eGovernment.pdfhttp://www.ctg.albany.edu/publications/guides/social_media_policy/social_media_policy.pdfhttp://www.ctg.albany.edu/publications/guides/social_media_policy/social_media_policy.pdfhttp://www.cio.gov/pages.cfm/page/Vivek-Kundra-Testimony-on-the-state-of-Federal-information-securityhttp://www.cio.gov/pages.cfm/page/Vivek-Kundra-Testimony-on-the-state-of-Federal-information-securityhttp://www.lavasoft.com/company/newsletter/2010/06/article_9_ways_to_control_your_privacy_on_social_networking_sites.phphttp://www.lavasoft.com/company/newsletter/2010/06/article_9_ways_to_control_your_privacy_on_social_networking_sites.phphttp://www.cmfweb.org/storage/cmfweb/documents/CMF_Pubs/online-town-hall-meetings.pdfhttp://sg.news.yahoo.com/singapores-top-satirist-thrives-election-season-025109933.htmlhttp://sg.news.yahoo.com/singapores-top-satirist-thrives-election-season-025109933.htmlhttp://www.cmfweb.org/storage/cmfweb/documents/CMF_Pubs/online-town-hall-meetings.pdfhttp://www.lavasoft.com/company/newsletter/2010/06/article_9_ways_to_control_your_privacy_on_social_networking_sites.phphttp://www.lavasoft.com/company/newsletter/2010/06/article_9_ways_to_control_your_privacy_on_social_networking_sites.phphttp://www.cio.gov/pages.cfm/page/Vivek-Kundra-Testimony-on-the-state-of-Federal-information-securityhttp://www.cio.gov/pages.cfm/page/Vivek-Kundra-Testimony-on-the-state-of-Federal-information-securityhttp://www.ctg.albany.edu/publications/guides/social_media_policy/social_media_policy.pdfhttp://www.ctg.albany.edu/publications/guides/social_media_policy/social_media_policy.pdfhttp://www.egov2009.se/wp-content/uploads/Ministerial-Declaration-on-eGovernment.pdfhttp://www.egov2009.se/wp-content/uploads/Ministerial-Declaration-on-eGovernment.pdfhttp://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA497525 -
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
31/36
29
REFERENCES
OReilly, T. (2005, September 30). What is Web 2.0 Design Patterns and Business Models or theNext Generation o Sotware. Retrieved rom http://oreilly.com/web2/archive/what-is-web-20.html
Obama, B. (2009, January). Memo on Transparency and Open Government. Retrieved romhttp://edocket.access.gpo.gov/2009/pd/E9-1777.pd
Pelgrin, W.F. (2010, March). Security and Privacy on Social Networking Sites, Monthly SecurityTips Newsletter, Vol. 5, Issue 3, MS-ISAC. Retrieved rom http://msisac.cisecurity.org/newsletters/documents/2010-03.pd
Province o British Columbia, Ofce o the Chie Inormation Ofcer. (2010). Use o Social Media inthe B.C. Public Service, Version 3. Retrieved rom www.cio.gov.bc.ca/local/cio/inormationsecurity/policy/summaries/33_social_media.pd
Rico, S., Bradley, B., Kieer, M. (2010). USA Social Media: Business Benefts and Security,Governance and Assurance Perspectives, ISACA, Rolling Meadows, IL 60008, USA.
Scherer, M. (2011, May 30). Can They Win, One Tweet at a Time?, Time.
State o Caliornia, Ofce o the State Chie Inormation Ofcer. (2010, February). Social MediaStandard SIMM 66B. Retrieved rom www.cio.ca.gov/Government/IT_Policy/pd/simm_66b.pd
Thomas, K., Grier, C., Nicol, D.M. (2010). unFriendly: Multi-party Privacy Risks in Social Networks,
in Privacy Enhancing Technologies, eds. Atallah, M.J., Hopper, N.J., Lecture Notes in ComputerScience, Springer Berlin / Heidelberg.
Viet Nam News. (2011, April 29). Retrieved rom http://vietnamnews.vnagency.com.vn/Social-Isssues/210853/Anti-govt-propagandist-arrested.html
http://oreilly.com/web2/archive/what-is-web-20.htmlhttp://edocket.access.gpo.gov/2009/pdf/E9-1777.pdfhttp://msisac.cisecurity.org/newsletters/documents/2010-03.pdfhttp://msisac.cisecurity.org/newsletters/documents/2010-03.pdfhttp://www.cio.gov.bc.ca/local/cio/informationsecurity/policy/summaries/33_social_media.pdfhttp://www.cio.gov.bc.ca/local/cio/informationsecurity/policy/summaries/33_social_media.pdfhttp://www.cio.ca.gov/Government/IT_Policy/pdf/simm_66b.pdfhttp://vietnamnews.vnagency.com.vn/Social-Isssues/210853/Anti-govt-propagandist-arrested.htmlhttp://vietnamnews.vnagency.com.vn/Social-Isssues/210853/Anti-govt-propagandist-arrested.htmlhttp://vietnamnews.vnagency.com.vn/Social-Isssues/210853/Anti-govt-propagandist-arrested.htmlhttp://vietnamnews.vnagency.com.vn/Social-Isssues/210853/Anti-govt-propagandist-arrested.htmlhttp://www.cio.ca.gov/Government/IT_Policy/pdf/simm_66b.pdfhttp://www.cio.gov.bc.ca/local/cio/informationsecurity/policy/summaries/33_social_media.pdfhttp://www.cio.gov.bc.ca/local/cio/informationsecurity/policy/summaries/33_social_media.pdfhttp://msisac.cisecurity.org/newsletters/documents/2010-03.pdfhttp://msisac.cisecurity.org/newsletters/documents/2010-03.pdfhttp://edocket.access.gpo.gov/2009/pdf/E9-1777.pdfhttp://oreilly.com/web2/archive/what-is-web-20.html -
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
32/36
30
ABOUT THE AUTHOR
Dr. Alan Oxley is a Proessor in the Computer and Inormation Sciences Department (CIS) atUniversiti Teknologi PETRONAS. CIS has several sta and graduate students undertaking research ine-government. At the university, Dr. Oxley supervises a number o graduate students, two o whom
are conducting research on Web 2.0one on mash-ups and one on social networking. Oxley is achartered member o the British Computer Society. He has been an active member, writing a numbero articles or the societys publications.
Dr. Oxley received his Ph.D. in Engineering (thesis title: Computer Assisted Learning o StructuralAnalysis) rom Lancaster University, United Kingdom. He teaches courses on sotware agents andsotware architecture and patterns. He recently revamped the sotware architecture course to makeit more relevant to Web 2.0. Dr. Oxley produced the acceptable use policy or the previous universityat which he was employed; see the article published in Educause Quarterly 2005, Formulating a
Policy on IT Provision. He has obtained grant unds or computer science research.
Dr. Oxley has a number o research interests, a key one o which is IT service management. He haswritten articles and conducted presentations on a variety o topics. Dr. Oxley is currently at work pre-paring or his role in a 2012 conerence.
Acknowledgment
The author wishes to thank Rabiu Ibrahim, a graduate research assistant rom the Computer andInormation Sciences Department at Universiti Teknologi PETRONAS, or his contributions to thisreport.
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
33/36
31
To contact the author:
Dr. Alan Oxley, MBCS, CITP, CEng
ProessorComputer and Inormation Sciences DepartmentUniversiti Teknologi PETRONAS (UTP)Bandar Seri Iskandar31750 TronohPerak Darul RidzuanMalaysia605-368 7517
e-mail: alanoxley @ petronas.com.myUTP website: www.utp.edu.my/Oxleys website: www.utp.edu.my/sta/ex.php?mod=ex&sn=132723
KEY CONTACT INFORMATION
http://www.utp.edu.my/http://www.utp.edu.my/staff/ex.php?mod=ex&sn=132723http://www.utp.edu.my/staff/ex.php?mod=ex&sn=132723http://www.utp.edu.my/ -
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
34/36
32
Assessing the Recovery Act
Managing Recovery: An Insiders View by G. Edward DeSeveVirginias Implementation of the American Recovery and Reinvestment Act: Forging a New Intergovernmental Partnership by
Anne Khademian and Sang Choi
Collaborating Across Boundaries
Environmental Collaboration: Lessons Learned About Cross-Boundary Collaborations by Kathryn Bryk Friedman and Kathryn A.FosterManaging Innovation Prizes in Governmentby Luciano Kay
Conserving Energy and the Environment
Implementing Sustainability in Federal Agencies: An Early Assessment of President Obamas Executive Order 13514 by Daniel J.Fiorino
Breaking New Ground: Promoting Environmental and Energy Programs in Local Governmentby James H. Svara, Anna Read, andEvelina Moulder
Fostering Transparency and Democracy
Assessing Public Participation in an Open Government Era: A Review of Federal Agency Plans by Carolyn J. Lukensmeyer, JoeGoldman, and David Stern
Using Geographic Information Systems to Increase Citizen Engagementby Sukumar Ganapati
REPORTSfrom
The IBM Center forThe Business of Government
http://www.businessofgovernment.org/report/virginia-implementation-american-recovery-and-reinvestment-acthttp://www.businessofgovernment.org/report/virginia-implementation-american-recovery-and-reinvestment-acthttp://www.businessofgovernment.org/report/virginia-implementation-american-recovery-and-reinvestment-acthttp://www.businessofgovernment.org/report/environmental-collaboration-lessons-learned-about-cross-boundary-collaborationshttp://www.businessofgovernment.org/report/environmental-collaboration-lessons-learned-about-cross-boundary-collaborationshttp://www.businessofgovernment.org/report/environmental-collaboration-lessons-learned-about-cross-boundary-collaborationshttp://www.businessofgovernment.org/report/managing-innovation-prizes-governmenthttp://www.businessofgovernment.org/report/managing-innovation-prizes-governmenthttp://bit.ly/sWzvm3http://bit.ly/sWzvm3http://bit.ly/sWzvm3http://www.businessofgovernment.org/report/breaking-new-ground-promoting-environmental-and-energy-programs-local-governmenthttp://www.businessofgovernment.org/report/breaking-new-ground-promoting-environmental-and-energy-programs-local-governmenthttp://www.businessofgovernment.org/report/breaking-new-ground-promoting-environmental-and-energy-programs-local-governmenthttp://www.businessofgovernment.org/report/assessing-public-participation-open-government-erahttp://www.businessofgovernment.org/report/assessing-public-participation-open-government-erahttp://www.businessofgovernment.org/report/assessing-public-participation-open-government-erahttp://www.businessofgovernment.org/report/using-geographic-information-systems-increase-citizen-engagementhttp://www.businessofgovernment.org/report/using-geographic-information-systems-increase-citizen-engagementhttp://www.businessofgovernment.org/report/using-geographic-information-systems-increase-citizen-engagementhttp://www.businessofgovernment.org/report/assessing-public-participation-open-government-erahttp://www.businessofgovernment.org/report/assessing-public-participation-open-government-erahttp://www.businessofgovernment.org/report/breaking-new-ground-promoting-environmental-and-energy-programs-local-governmenthttp://www.businessofgovernment.org/report/breaking-new-ground-promoting-environmental-and-energy-programs-local-governmenthttp://bit.ly/sWzvm3http://bit.ly/sWzvm3http://www.businessofgovernment.org/report/managing-innovation-prizes-governmenthttp://www.businessofgovernment.org/report/environmental-collaboration-lessons-learned-about-cross-boundary-collaborationshttp://www.businessofgovernment.org/report/environmental-collaboration-lessons-learned-about-cross-boundary-collaborationshttp://www.businessofgovernment.org/report/virginia-implementation-american-recovery-and-reinvestment-acthttp://www.businessofgovernment.org/report/virginia-implementation-american-recovery-and-reinvestment-act -
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
35/36
-
8/3/2019 A Best Practices Guide for Mitigating Risk in the Use of Social Media
36/36
About the IBM Center or The Business o GovernmentThrough research stipends and events, the IBM Center or The Business o Government stimulates research and acilitatesdiscussion o new approaches to improving the eectiveness o government at the ederal, state, local, and international levels.
About IBM Global Business ServicesWith consultants and proessional sta in more than 160 countries globally, IBM Global Business Services is the worldslargest consulting services organization. IBM Global Business Services provides clients with business process and industryexpertise, a deep understanding o technology solutions that address specifc industry issues, and the ability to design, build,and run those solutions in a way that delivers bottom-line value. To learn more visit: ibm.com
For more inormation:Jonathan D. Breul
Executive DirectorIBM Center or The Business o Government600 14th Street NWSecond FloorWashington, DC 20005
202-551-9342website: www.businessogovernment.org
e-mail: businessogovernment@us.ibm.com
Stay connected with the IBM Center on:
or send us your name and e-mail to receive our newsletters
http://www.ibm.com/http://www.businessofgovernment.org/mailto:businessofgovernment%40us.ibm.com?subject=mailto:businessofgovernment%40us.ibm.com?subject=Newslettershttp://www.govloop.com/profile/TheIBMCenterforTheBusinessofGovernmenthttp://www.linkedin.com/groups?gid=1802258&mostPopular=&trk=tyahhttp://www.youtube.com/user/businessofgovernmenthttp://www.facebook.com/#!/pages/The-Center-for-The-Business-of-Government/48089474833http://twitter.com/#!/busofgovernmentmailto:businessofgovernment%40us.ibm.com?subject=Newslettersmailto:businessofgovernment%40us.ibm.com?subject=http://www.businessofgovernment.org/http://www.ibm.com/
top related