social sec infosec -pptx
DESCRIPTION
Yes, I’ve got life outside Facebook!(…But I forgot the password)Security Policy in the social media domain-Presented at InfoSec 2011TRANSCRIPT
Shahar Geiger Maor, Senior Analyst
www.shaharmaor.blogspot.com http://www.facebook.com/shahar.maor http://twitter.com/shaharmaor
Yes, I’ve got life outside Facebook!
(…But I forgot the password)
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 2
So, What’s new in the Social Media These Days?
http://www.facebook.com/pages/Planking-Australia/147452668649160#!/pages/Planking-Australia/147452668649160?closeTheater=1
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 3
So, What’s new in the Social Media These Days?
http://www.bbc.co.uk/news/world-middle-east-13417930
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 4
So, What’s new in the Social Media These Days?
http://bits.blogs.nytimes.com/2011/05/17/a-social-network-for-making-future-plans/
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 5
Decisions will be based on:
Friends recommendations
Relevance
Analytics
Future Rewards
Coupons
miles
privileges
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 6
You can’t afford to ignore the “social elephant” in your room
For more info: 2011-presentation-mobile-and-media-://www.slideshare.net/Galit/socialhttp
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 7
2010 –The REAL Beginning of Enterprise Social Media
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 8
Many Channels, One Strategy
20%
57%
23%
Wait to see how these new markets willevolve
Dealing with new channels now &integration later
Full multichannel integration strategy
Source: STKI Survey 2011
What kind of new channels strategy do you have for 2011?
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 9
“Social Security”
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 10
Malicious Websites by Search Term
http://www.symantec.com/business/threatreport/build.jsp
31% Is social network related
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 11
What’s going on Abroad?
Source: Nemertes
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 12
Internet Policy –Allowing Facebook?
Yes 38%
No 35%
Limited 27%
Israel: Cross-Sector, March 2011
Source: STKI
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 13
Internet Policy –Allowing Facebook?
Yes 12%
No 25%
Limited 63%
Finance
Yes 15%
No 62%
Limited 23%
Government
Yes 33%
No 67%
Healthcare
Yes 83%
No 17%
High-Tech
Yes 37%
No 25%
Limited 38%
Industry
Yes 72%
No 14%
Limited 14%
Services
Source: STKI
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 14
Internet Policy –Allowing Skype?
Yes 18%
No 78%
Limited 4%
Israel: Cross-Sector, March 2011
Source: STKI
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 15
Internet Policy –Allowing YouTube?
Yes 38%
No 38%
Limited 24%
Israel: Cross-Sector, March 2011
Source: STKI
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 16
Internet Policy –Allowing YouTube?
Yes 25%
No 12% Limited
63%
Finance
Yes 31%
No 54%
Limited 15%
Government
Yes 33%
No 67%
Healthcare
Yes 50%
No 33%
Limited 17%
High-Tech
Yes 37%
No 38%
Limited 25%
Industry
Yes 57%
No 29%
Limited 14%
Services
Source: STKI
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 17
Internet Policy –Allowing Streaming (in general)?
Yes 25%
No 51%
Limited 24%
Israel: Cross-Sector, March 2011
Source: STKI
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 18
Internet Policy –Allowing Gmail?
Yes 58%
No 24%
Limited 18%
Israel: Cross-Sector, March 2011
Source: STKI
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 19
Internet Policy –Allowing P2P?
No 96%
Limited 4%
Israel: Cross-Sector, March 2011
Source: STKI
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 20
10 Steps to Social-Computing Compliance
Step 1 – Take ownership
Step 2 –Establish policy
Step 3 – Formal education program
Step 4– Strong password
management
Step 5 – Content monitoring and
logging
Step 6 – Selective blocking of
content
Step 7– Routine audits and review
of logs
Step 8 – Regular policy review
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 21
“Social Security” –Key Takeaways
• Social media is all around us
• Corporate network is opening up?
• Most employees use social media for leisure time
• From Perimeter security to data security
• Recommendations:
– CIO’s: Find the balance between business necessity, productivity, network considerations and security
– CISO: Get involved!
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 22
Thank you!