Social Networking and its Implications on your Data Security

Size: px
Start display at page:

Download "Social Networking and its Implications on your Data Security"

Transcription

1 Social Networking and its Implications on your Data Security Canadian Chamber of Commerce of the Philippines June 8, 2011 Warren R Bituin Partner -SGV & Co.

2 About the Speaker Warren R. Bituin SGV & Co./Ernst & Young Partner, IT Risk and Assurance Landline: Professional qualifications Information security management Application risks and controls review IT infrastructure risk and controls assessment Service organization controls reporting Financial audit IT integration Experience in the government, financial services, media, utilities, power, telecommunication, manufacturing, retail and mining industries Background Certified Public Accountant (CPA) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information System Security Professional (CISSP) Certified in Risk and Information System Controls (CRISC) ISO Lead Auditor Candidate Management Development Program, Asian Institute of Management Bachelor of Science in Business Administration and Accountancy (BSBAA), University of the Philippines Former President, ISACA Manila Chapter Page 2

3 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 3

4 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 4

5 According to ISACA: Studies show a direct correlation between top financial performance and deep social media engagement in enterprises. Of the Fortune Global 100 Companies: 65% - have active Twitter accounts 54% - have Facebook Fan pages 50% - YouTube video channels 33% - corporate blogs Page 5

6 What is Social Media Social media technology involves: the creation and dissemination of content through social networks using the Internet social media tools allow consumers to comment, discuss and even distribute content published. Page 6

7 Business Benefits of Social Media Increase in brand recognition, sales and revenue, search engine optimization, web traffic and customer satisfaction Rapid feedback and insight from customers Information to improve products, customer service and perception Able to monitor market, competition and customers Able to search for and communicate with potential employees Page 7

8 Borderless security New technology means new risk 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. Given current trends towards the use of such things as social networking, cloud computing and personal devices in the enterprise, have you seen or perceived a change in the risk environment facing your organization? 37% Yes, increasing level of risk No, decreasing level of risk 60% Relatively constant level of risk 3% Shown: percentage of participants Source: 2010 EY Global Information Security Survey Page 8

9 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 9

10 Some considerations Business Use Business tool Employee access on corporate network Employee access through companyissued mobile devices Personal Use From home and personal computing devices Page 10

11 1% 1% 1% Social media Few companies have thoroughly examined the social media issue and developed an approach that will balance the business opportunity with the risk exposure Only 10% of respondents indicated that examining new and emerging IT trends was a very important activity for the information security function to perform. How important is information security in supporting the following activities in your organization? Achieving compliance with regulations Protecting reputation and brand Managing privacy and protecting personal information Achieving compliance with corporate policies 45% 42% 56% 53% 33% 36% 26% 29% 18% 12% 13% 15% 4% 2% 4% 3% 5% 2% Managing operational and (or) enterprise risk 34% 43% 18% 4% Protecting intellectual property 31% 30% 25% 10% 4% Improving stakeholder and investor confidence 25% 34% 25% 11% 5% Improving IT and operational efficiencies 21% 40% 27% 10% 2% Managing external vendors 16% 37% 31% 12% 4% Enhancing new service or product launches 14% 30% 34% 15% 7% Facilitating mergers, acquisitions and divestitures 12% 20% 26% 20% 22% Examining new and emerging IT trends 10% 33% 38% 15% 4% Very important Not important Source: 2010 EY Global Information Security Survey Shown: percentage of participants Page 11

12 Risks, Security and Privacy Concerns Corporate Social Media Presence Introduction of malware to the corporate network Brand or corporate hijacking Lack of control over content Unrealistic customer expectations Non-compliance with record management regulations Employee Personal Use of Social Media Communicate work-related information Linking the employee to the company Excessive employee use in the workplace Employee access via company-supplied devices Page 12

13 Corporate Social Media Presence Risks, Security and Privacy Concerns Introduction of viruses and malware to the corporate network Data leak/theft Owned systems (zombies) System downtime Resources required to clean systems Page 13

14 Corporate Social Media Presence Risks, Security and Privacy Concerns Brand or corporate hijacking (~cybersquatting) Customer backlash/adverse legal actions Exposure of customer information Reputational damage Targeted phishing attacks on customers or employees Page 14

15 Corporate Social Media Presence Risks, Security and Privacy Concerns Lack of control over content posted to social media sites Company s loss of control or legal rights to information posted Page 15

16 Corporate Social Media Presence Risks, Security and Privacy Concerns Unrealistic customer expectations of Internet-speed service Customer dissatisfaction due to lack of responsiveness Reputational damage Customer retention issues Page 16

17 Corporate Social Media Presence Risks, Security and Privacy Concerns Non-compliance with record management regulations Regulatory sanctions/fines Adverse legal actions Page 17

18 Employee Personal Use of Social Media Risk, Security and Privacy Concerns Use of personal accounts to communicate workrelated information Privacy violations Reputational damage Loss of competitive advantage Page 18

19 Employee Personal Use of Social Media Risk, Security and Privacy Concerns Employee posting pictures or information that link them to the company Brand damage Reputational damage Page 19

20 Employee Personal Use of Social Media Risk, Security and Privacy Concerns Excessive employee use of social media in the workplace Network utilization issues Productivity loss Increased exposure to viruses and malware due to longer duration of sessions Page 20

21 Employee Personal Use of Social Media Risk, Security and Privacy Concerns Employee access to social media via company-supplied mobile devices (smartphones, PDAs) Infection of mobile devices Data theft from mobile devices lost Circumvention of enterprise controls Data leakage Page 21

22 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 22

23 Social media Restricting the use of social media tools in the work environment is an approach that will likely have limited success and may drive additional unwanted behaviors 45% of respondents indicated that they restrict or prohibit the use of instant messaging or e- mail for sensitive data. Which of the following actions has your organization taken to control data leakage of sensitive information? Defined a specific policy for classification and handling of sensitive information 73% Implemented additional security mechanisms for protecting information 65% Utilized internal auditing for testing of controls Implemented content monitoring/filtering tools Defined specific requirements for telecommuting Locked down/restricted use of certain hardware components Restricted or prohibited use of instant messaging or for sensitive data Implemented log review tools Prohibited use of camera devices within sensitive or restricted areas Restricted access to sensitive information to specific time periods 54% 51% 48% 45% 45% 44% Note: multiple 29% responses permitted 18% Shown: percentage of participants Source: 2010 EY Global Information Security Survey Page 23

24 Who will benefit from the use of Social Media tools? Industries Media Telecommunication Retail Consumer Manufacturing Hospitality others? Business Units Marketing Sales Human Resource Customer Service others? Page 24

25 Addressing the concerns Develop Documented Strategy on Use of Social Media Develop Policies on Use of Social Media Conduct Training and Awareness Programs for Employees and Customers Implement Technical Controls Implement Appropriate Business processes Page 25

26 Strategy on use of social media Strategic benefits Benefits > Risks How Risks will be Addressed Technical, process and organizational resources to support initiative Involvement of key stakeholders Page 26

27 Policies on use of social media Business Use Whether it is allowed Process to gain approval for use Scope of topics or information permitted to flow through this channel Disallowed activities (installation of applications, playing games, etc) Escalation process for customer issues Personal Workplace Whether it is allowed Nondisclosure/posting of businessrelated content Discussion of workplace-related topics Inappropriate sites, content or conversations Outside of the workplace Nondisclosure/posting of businessrelated content Standard disclaimers if identifying the employer Dangers of posting too much personal information Page 27

28 Training and awareness programs Employees Conducted on a regular basis Benefits, opportunities, dangers Emphasize specific dangers and methods of social engineering, common exploits and threats to privacy Rules governing acceptable use and behavior while on social media sites. Customers Periodic informational updates to maintain awareness of potential fraud and to establish clear guidelines regarding information to be posted as part of enterprise social media presence Page 28

29 Implement technical controls Policy and standard enforcement Content monitoring and filtering technology to restrict/ limit access or network throughput to social media sites Security controls on mobile devices (e.g., smartphones). If possible, route enterprise smartphones through corporate network filtering technology to restrict/limit access to social media sites. Protection against malware downloads End-user system anti-malware, antivirus Data leak prevention products Operating system security Tracking and archiving of communications via social media Page 29

30 Implement appropriate business processes Processes and staffing to handle traffic that could be created from social media presence Processes and change controls that are aligned with social media policies. Monitoring and follow-up processes for brand protection Page 30

31 Sample Social Media Networking Guidelines Be aware that certain firm policies and procedures, apply to your behavior both off-line and online. Use caution before mentioning team members' or colleagues names in your online postings. Postings online should not disclose a client s identity, the nature of work being performed, or any other confidential client information. Each of us has a responsibility to protect confidential Company data, personal information of Company personnel and our clients, and client and competitor information from disclosure. Do not post anything online that might be considered threatening, unlawful, harassing, hateful, vulgar or otherwise offensive by the recipient, or invasive of another person's privacy. Page 31

32 Sample Social Media Networking Guidelines Different cultures may perceive slang terms differently, sometimes objectionably, therefore, be mindful of using them in your online posting. Protect yourself by being selective of the personal information you post, as it could be used by others for various crimes such as robbery or identity theft. Do not represent yourself as someone with a certain level of authority that you do not have, or provide information you cannot confirm. Use your professional judgment when using social networking sites at the office and at client sites. Respect copyright laws. Be aware that what you publish online does not always have an expiration date; it can last forever. Page 32

33 Sample Social Media Networking Guidelines Make sure you read, understand and comply with the terms and conditions on social networking sites carefully as they may claim ownership of the content you post. Familiarize yourself with how each site s privacy settings work. Default settings may allow a broader group of people than you intended to have access to your information. Use caution before opening up attachments, even from social networking "friends." Page 33

34 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 34

35 Conclusion Social Media offers great opportunities to interact with customers and business partners in new and exciting ways. However, there are significant risks to those who adopt this technology without a clear strategy that addresses both the benefits and the risks. Provide the online communities and social collaboration tools that the new workforce expects, but do so with a view that aligns enterprise requirements with personal responsibility to protect sensitive business information. Raise security awareness and personal responsibility to levels that have not been achieved before. Inform every member of the organization on the risks and issues related to social media. Page 35

36 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 36

37 OPEN FORUM Page 37

38 Thank you! Sources: This presentation pack does not necessarily cover everything regarding Social Media risks, security and privacy management. It represents the speaker s personal views and not SGV & Co. or Ernst & Young. If you have any specific questions, please contact the speaker. Page 38

Social Media: Business Benefits and Security, Governance and Assurance Perspectives

Social Media: Business Benefits and Security, Governance and Assurance Perspectives An ISACA Emerging Technology White Paper Social Media: Business Benefits and Security, Governance and Assurance Perspectives Abstract Initiated as a consumer-oriented technology, social media is increasingly

More information

Rick Taylor, CISA. An Independent Member of Baker Tilly International 1

Rick Taylor, CISA. An Independent Member of Baker Tilly International 1 Rick Taylor, CISA 1 An Independent Member of Baker Tilly International 1 http://expandedramblings.com/index.php/resource howmany people use the top social media/ Facebook: 1.06 billion monthly active users,

More information

SECURITY CONSIDERATIONS FOR LAW FIRMS

SECURITY CONSIDERATIONS FOR LAW FIRMS SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,

More information

6.9 Social Media Policy

6.9 Social Media Policy Policy Statement It is the policy of the to encourage clear and effective communication with all Nova Scotians using a variety of accepted tools, including social media. Social media is helping government

More information

1. Computer and Technology Use, Cell Phones. 1.1. Information Technology Policy

1. Computer and Technology Use, Cell Phones. 1.1. Information Technology Policy 1. Computer and Technology Use, Cell Phones 1.1. Information Technology Policy Employees are provided with Internet access and electronic communications services (which may include, but are not limited

More information

[Example] Social Media Acceptable Use Policy

[Example] Social Media Acceptable Use Policy [Example] Social Media Acceptable Use Policy Overview The [agency] recognises that there are legitimate business and personal reasons for using social media at work or using corporate computing resources.

More information

Acceptable Use of ICT Policy For Staff

Acceptable Use of ICT Policy For Staff Policy Document Acceptable Use of ICT Policy For Staff Acceptable Use of ICT Policy For Staff Policy Implementation Date Review Date and Frequency January 2012 Every two Years Rev 1: 26 January 2014 Policy

More information

Student use of the Internet Systems is governed by this Policy, OCS regulations, policies and guidelines, and applicable law.

Student use of the Internet Systems is governed by this Policy, OCS regulations, policies and guidelines, and applicable law. OCS Internet Acceptable Use and Safety Policy for Students The Opportunity Charter School ( OCS or the School ) provides access to OCS s Internet Systems for its students for educational purposes, in conformance

More information

Data Protection. Understanding the Effectiveness of a Data Protection Program. IIA: Almost Free Seminar. 21 June 2011

Data Protection. Understanding the Effectiveness of a Data Protection Program. IIA: Almost Free Seminar. 21 June 2011 Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness

More information

Human Resources Policy and Procedure Manual

Human Resources Policy and Procedure Manual Procedure: maintains a computer network and either purchases software for use in the network or develops proprietary software systems for Company use. Company employees are generally authorized to use

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS CISM ITEM DEVELOPMENT GUIDE Content Page Purpose of the CISM Item Development Guide 2 CISM Exam Structure 2 Item Writing Campaigns 2 Why Participate as a CISM

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Information Security Governance:

Information Security Governance: Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens

More information

Guidance on the Use of Social Networking

Guidance on the Use of Social Networking Guidance on the Use of Social Networking Version 1 - January 2012 Reviewed: September 2013 Version 2 Approved by SM: November 2013 Version 2 modified and approved by the PCC Board: April 2014 Overview

More information

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 Purpose and Intent The City of Boston recognizes the importance

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

Borderless security. Ernst & Young s 2010 Global Information Security Survey

Borderless security. Ernst & Young s 2010 Global Information Security Survey Borderless security Ernst & Young s 2010 Global Information Security Survey Foreword... 1 Borderless security... 2 Data on the move... 4 Processing in the clouds... 8 Web connections... 12 Summary... 16

More information

Social Media -Benefits and Risk. Western Carolinas IIA Chapter Meeting October 25, 2012

Social Media -Benefits and Risk. Western Carolinas IIA Chapter Meeting October 25, 2012 Social Media -Benefits and Risk Western Carolinas IIA Chapter Meeting October 25, 2012 Matt Thompson Managing Director, Advisory Services Grant Thornton LLP Introductions Matt Thompson Managing Director

More information

Web Protection for Your Business, Customers and Data

Web Protection for Your Business, Customers and Data WHITE PAPER: WEB PROTECTION FOR YOUR BUSINESS, CUSTOMERS............ AND.... DATA........................ Web Protection for Your Business, Customers and Data Who should read this paper For security decision

More information

Why Email Encryption is Essential to the Safety of Your Business

Why Email Encryption is Essential to the Safety of Your Business Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations

More information

Outbound Email and Data Loss Prevention in Today s Enterprise, 2010

Outbound Email and Data Loss Prevention in Today s Enterprise, 2010 Outbound Email and Data Loss Prevention in Today s Enterprise, 2010 Results from Proofpoint s seventh annual survey on outbound messaging and content security issues, fielded by Osterman Research during

More information

NYC Department of Education Social Media Guidelines

NYC Department of Education Social Media Guidelines Spring 2012 NYC Department of Education Social Media Guidelines A. Introduction/Purpose 1. Social media technology can serve as a powerful tool to enhance education, communication, and learning. This technology

More information

This agreement applies to all users of Historica Canada websites and other social media tools ( social media tools or social media channels ).

This agreement applies to all users of Historica Canada websites and other social media tools ( social media tools or social media channels ). Social Media Terms of Use Social media is an integral part of Historica Canada s communications efforts, offering an additional model to engage with participants, colleagues, other stakeholders and the

More information

The Risk of Being Innovative in Government

The Risk of Being Innovative in Government The Risk of Being Innovative in Government MISA/ASIM Canada Municipal CIO Council Summit Rob Meikle Chief Information Officer City of Brampton rob.meikle@brampton.ca May 31, 2012 Municipal CIO Operational

More information

Social Media s Effects on Internal Auditors

Social Media s Effects on Internal Auditors Social Media s Effects on Internal Auditors for IIA Nashville Chapter April 6, 2011 Chase Whitaker, CPA, CIA Session Objectives Introduce / review social media tools Discuss social media applications for

More information

Social Media Guidelines

Social Media Guidelines Northern Virginia Community College Social Media Guidelines social networks, social media, blogs, wikis and virtual worlds April 2013 (revised) 04.11.13 Page 1 Table of Contents Introduction 3 Connect

More information

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank

More information

GUIDE Compliance Guide. Ensure Social Media Compliance Across Your Organization

GUIDE Compliance Guide. Ensure Social Media Compliance Across Your Organization GUIDE Compliance Guide Ensure Social Media Compliance Across Your Organization Compliance Guide Ensure Social Media Compliance Across Your Organization Introduction The business rewards of participating

More information

Model Policy for a Law Enforcement Agency s use of Social Networking

Model Policy for a Law Enforcement Agency s use of Social Networking Model Policy for a Law Enforcement Agency s use of Social Networking Disclaimer: This is a model policy was designed to provide a guide to writing a policy related to social networking use. This model

More information

Vendor Management Best Practices

Vendor Management Best Practices 23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion

More information

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document

More information

Security Practices for Online Collaboration and Social Media

Security Practices for Online Collaboration and Social Media Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.

More information

section 15 Computers, Email, Internet, and Communications

section 15 Computers, Email, Internet, and Communications section 15 Computers, Email, Internet, and Communications 15.1 Electronic Communications Email is Not Private Email messages, including attachments, sent and received on YWCA Tulsa equipment are the property

More information

Facing Information Security Challenges

Facing Information Security Challenges AKTINA Event Information Security & Cloud Challenges March 17, 2016 Facing Information Security Challenges ISACA Cyprus Chapter Paschalis Pissarides CRISC, CISM, CISA Immediate Past President (2010-2014)

More information

COMPUTER, INTERNET USE AND SOCIAL MEDIA POLICY

COMPUTER, INTERNET USE AND SOCIAL MEDIA POLICY COMPUTER, INTERNET USE AND SOCIAL MEDIA POLICY Rationale Employees have access to e-mail and internet accounts in order to meet the First Nation Land Management Resource Centre s ( Resource Centre ) business

More information

Social Media Guidelines

Social Media Guidelines MARKETING AND MEDIA RELATIONS Social Media Guidelines Emporia State University Last Updated: July 09, 2011 Introduction What is Social Media? Social media consists of web-based tools used to interact with

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

Social Media Resources

Social Media Resources Social Media Resources Policy Option 1 This policy applies to the social networking activity of all employees, contractors, business partners or other parties with a material interest in [COMPANY], and

More information

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy

More information

INTERNET, EMAIL AND COMPUTER USE POLICY.

INTERNET, EMAIL AND COMPUTER USE POLICY. INTERNET, EMAIL AND COMPUTER USE POLICY. CONSIDERATIONS Code of Conduct Discipline and termination policy Privacy Policy Sexual Harassment policy Workplace Health & Safety Policy LEGISLATION Copyright

More information

ACCEPTABLE USE POLICY

ACCEPTABLE USE POLICY ACCEPTABLE USE POLICY F. Paul Greene Harter Secrest & Emery LLP 1600 Bausch & Lomb Place Rochester, NY 14604 585-231-1435 fgreene@hselaw.com 2016 HARTER SECREST & EMERY LLP THE FOLLOWING TEMPLATE WAS DESIGNED

More information

Review Responsibility Human Resources

Review Responsibility Human Resources Subject Regions Hospital Social Media Use and Behavior Attachments Yes No Key words Social Networking, Facebook, YouTube, Internet e-mail, blog, online manners, netiquette, Twitter, web mail Number RH-HR-HR

More information

SOCIAL MEDIA & DIGITAL MARKETING POLICIES AND PROCEDURES

SOCIAL MEDIA & DIGITAL MARKETING POLICIES AND PROCEDURES SOCIAL MEDIA & DIGITAL MARKETING POLICIES AND PROCEDURES The purpose of the Social Media and Digital Marketing Policy is to ensure the proper use of county social sites, web based marketing and technologies

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Director, IT Security District Office Kern Community College District JOB DESCRIPTION Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,

More information

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted

More information

Human Resources Policies and Procedures

Human Resources Policies and Procedures SUBJECT: Social Media and Internet Policy PURPOSE The AppleOne Group of Companies ( AppleOne ) recognizes the fast-changing landscape of the Internet which has increased the popularity of social media

More information

Auburn University at Montgomery Policies and Procedures

Auburn University at Montgomery Policies and Procedures Auburn University at Montgomery Policies and Procedures Title: Responsible Office: Social Media Policy University Relations I. PURPOSE This policy outlines the procedures governing social media pages created

More information

INFORMATION SERVICES SOCIAL MEDIA GUIDE FOR STAFF

INFORMATION SERVICES SOCIAL MEDIA GUIDE FOR STAFF INFORMATION SERVICES SOCIAL MEDIA GUIDE FOR STAFF go.qub.ac.uk/socialmedia WHY ARE SOCIAL MEDIA TOOLS IMPORTANT TO QUEEN S UNIVERSITY? The term social media is used to describe a range of communication

More information

The Social Media Policy for Employees is intended to provide direction and guidance as to the appropriate use of social media and networking tools.

The Social Media Policy for Employees is intended to provide direction and guidance as to the appropriate use of social media and networking tools. May 23, 2013 ITEM 3 TO: FROM: RE: Committee III Senior Management Team Draft Policy and Regulations: Acceptable Use of Technology Social Media Policy for Employees Attached are two draft documents: 1.

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps

More information

Security Risk Management Strategy in a Mobile and Consumerised World

Security Risk Management Strategy in a Mobile and Consumerised World Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key

More information

205.06 Social Media Policy

205.06 Social Media Policy 205.06 Social Media Policy A. POLICY/PURPOSE City of Arlington departments may utilize social media and social network sites to further enhance communications with various stakeholder organizations in

More information

IT Compliance Volume II

IT Compliance Volume II The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Security Products Must Be Secure by Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI April 2007 Software Vulnerabilities in the

More information

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of

More information

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP 2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,

More information

They Did What?!? How Your End Users Are Putting You At Risk

They Did What?!? How Your End Users Are Putting You At Risk They Did What?!? How Your End Users Are Putting You At Risk SESSION ID: HT-F02 Mike Seifert CISSP, CISA, CIPP, CISM, CGEIT Vice President Enterprise Risk & Resilience Fiserv New/future jobs Cloud Services

More information

Internet Acceptable Use Policy

Internet Acceptable Use Policy 1. Overview Quincy College provides Internet access to students, faculty, staff, and administration as part of its educational mission. When the Internet is used appropriately, it can provide a wealth

More information

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses White Paper How to Effectively Provide Safe and Productive Web Environment for Today's Businesses Table of Content The Importance of Safe and Productive Web Environment... 1 The dangers of unrestricted

More information

Westwood Baptist Church Computer use Policy

Westwood Baptist Church Computer use Policy Westwood Baptist Church Computer use Policy I. Policy Statement The use of Westwood Baptist Church automation systems, including computers, fax machines, and all forms of Internet/Intranet access, is for

More information

OLYMPIC COLLEGE POLICY

OLYMPIC COLLEGE POLICY TITLE: Acceptable Use Policy POLICY NUMBER: OCP 200-17 REFERENCE: RCW 42.52.160, RCW 42.52.180, RCW 42.17, WAC 292-110-010, http://isb.wa.gov/policies/security.aspx, http://www.governor.wa.gov/execorders/archive.asp,

More information

WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk. A Hootsuite & Nexgate White Paper

WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk. A Hootsuite & Nexgate White Paper WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk A Hootsuite & Nexgate White Paper Mapping Organizational Roles & Responsibilities for Social Media Risk Executive Summary

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

KEY TRENDS AND DRIVERS OF SECURITY

KEY TRENDS AND DRIVERS OF SECURITY CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures

More information

Social Media Policy April 2013 DRAFT Social Media Policy

Social Media Policy April 2013 DRAFT Social Media Policy Social Media Policy April 2013 DRAFT Social Media Policy Page 1 of P a g e Policy Title Policy Reference Number Social Media Policy Corp13/002 Implementation Date April 2013 Review Date April 2015 Responsible

More information

11 THINGS YOUR FIREWALL SHOULD DO. a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER

11 THINGS YOUR FIREWALL SHOULD DO. a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER 11 THINGS YOUR FIREWALL SHOULD DO a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER 2 THE GUIDE OF BY DALE SHULMISTRA Dale Shulmistra is a Technology Strategist at Invenio IT, responsible for

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

As with most things, insurance should be

As with most things, insurance should be Insurance Buyers News Property & Liability 300 Montgomery Street Suite 450 San Francisco, CA 94104 415-820-2200 www.pennbrookinsurance.com Insurance Buyers News March/April 2012 Volume 23 Number 2 Data

More information

YU General Guidelines for Use of Social Media

YU General Guidelines for Use of Social Media INTRODUCTION AND SCOPE General Guidelines for Use of Social Media Social media can be a valuable and powerful means of communication. Yeshiva University and its constituent schools (collectively, the University

More information

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls

More information

POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY

POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY STATEMENT: Many of our employees have access to the internet as well as email capabilities. The County recognizes that these

More information

Seychelles Revenue Commission Practice Statement PS CM 2009/02

Seychelles Revenue Commission Practice Statement PS CM 2009/02 Seychelles Revenue Commission Practice Statement This Corporate Management Practice Statement is issued under the authority of the Revenue Commissioner (Commissioner) of the Seychelles Revenue Commission

More information

Student Acceptable ICT Use. Policy Implementation Date: Review Date and Frequency: 28 January 2017 Three Years. Responsible for Review: Executive

Student Acceptable ICT Use. Policy Implementation Date: Review Date and Frequency: 28 January 2017 Three Years. Responsible for Review: Executive Student Acceptable ICT Use Title: Student Acceptable ICT Use Policy Policy Implementation Date: Review Date and Frequency: 28 January 2015 28 January 2017 Three Years Policy Reference No: S005 Responsible

More information

JPMorgan Chase Supplier Code of Conduct

JPMorgan Chase Supplier Code of Conduct PMorgan Chase Supplier Code of Conduct Purpose This Code sets out the minimum principles that we expect You to follow in Your provision of products and services to PMorgan Chase Bank & Co. and any of our

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

Cloud Computing Thunder and Lightning on Your Horizon?

Cloud Computing Thunder and Lightning on Your Horizon? Cloud Computing Thunder and Lightning on Your Horizon? Overview As organizations automate more and more of their manual processes, the Internet is increasingly becoming an important tool in the delivery

More information

Social Media Risk and. 2012 ISACA. All Rights Reserved.

Social Media Risk and. 2012 ISACA. All Rights Reserved. Social Media Risk and Mitigation Guidance SPEAKER BIOGRAPHIES Rumy Jaleel Khan, CISA, CRISC, is a senior manager in the Houston AERS practice with 10 years of experience in performing internal controls

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

City of Grand Rapids ADMINISTRATIVE POLICY

City of Grand Rapids ADMINISTRATIVE POLICY City of Grand Rapids ADMINISTRATIVE POLICY NUMBER: 84-02 DATE: 7/23/84 REVISIONS: 6/17/88; 11/7/00 (replaces old #84-02, #95-07, & #95-08); 6/13/08; 11/26/13 ISSUED BY: City Manager SIGNED: SUBJECT: ELECTRONIC

More information

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

CYBERSECURITY: ISSUES AND ISACA S RESPONSE CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services

More information

This story appeared on Information Management Journal at http://www.entrepreneur.com/tradejournals/article/print/189486076.

This story appeared on Information Management Journal at http://www.entrepreneur.com/tradejournals/article/print/189486076. This story appeared on Information Management Journal at http://www.entrepreneur.com/tradejournals/article/print/189486076.html Nov-Dec, 2008 How to create a security culture in your organization: a recent

More information

Parla, Secure Cloud Email

Parla, Secure Cloud Email Parla, Secure Cloud Email Secure Email, Instant Messaging, Calendar, Contacts, Tasks, File sharing and Notes across all devices The 1 st Secure Email and Instant Messaging from and European Security Vendor

More information

Information Management Advice 57 Sample Social Media Acceptable Use Policy

Information Management Advice 57 Sample Social Media Acceptable Use Policy Information Management Advice 57 Sample Social Media Acceptable Use Policy Overview The [agency] recognises that there are legitimate business and personal reasons for using social media at work or using

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY This is a statement of The New York Institute for Special Education s (NYISE s) policy related to employees Computer Network and Internet

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

Sutter Health and Affiliates Administrative Policies and Procedures SOCIAL MEDIA POLICY

Sutter Health and Affiliates Administrative Policies and Procedures SOCIAL MEDIA POLICY Sutter Health and Affiliates Administrative Policies and Procedures SOCIAL MEDIA POLICY Communications & Marketing Policy 12-745 Approved by: System Management Team Origination Date: 08/2009 Revised Date:

More information

THE DALLAS IIA SOCIAL MEDIA POLICY

THE DALLAS IIA SOCIAL MEDIA POLICY 3/6/2014 THE DALLAS CHAPTER OF THE INSTITUTE OF INTERNAL AUDITORS THE DALLAS IIA SOCIAL MEDIA POLICY Final Approved on 3/6/2014 Communications Committee Contents Authors... 2 Communications Chair... 2

More information

Ventura Charter School of Arts & Global Education Board Policy for Acceptable Use and Internet Safety

Ventura Charter School of Arts & Global Education Board Policy for Acceptable Use and Internet Safety Ventura Charter School of Arts & Global Education Board Policy for Acceptable Use and Internet Safety Student Policy--SP004 Ventura Charter School of Arts and Global Education ("School") recognizes the

More information

Gateway Technical College Social Networking Policy

Gateway Technical College Social Networking Policy Gateway Technical College Social Networking Policy Social media sites like Facebook, Twitter, YouTube and Flickr have become increasingly important communication channels for supporting Gateway Technical

More information

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both

More information

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1 Dundalk Institute of Technology Acceptable Usage Policy Version 1.0.1 1 Document Location..\DkIT_Policy_Documents\Policies Revision History Date of this revision: Date of next review: Version Revision

More information

Social Media Policy. Policies and Procedures. Social Media Policy

Social Media Policy. Policies and Procedures. Social Media Policy Policies and Procedures Social Media Policy 1 1. Introduction...3 2. Privacy settings and personal information.....3 3. Use of Social Media at Work.....4 4. Account Administrators and Login Details......4

More information

Social Media Policy Last Updated January 2014

Social Media Policy Last Updated January 2014 Social Media Policy Last Updated January 2014 Purpose Social media offers the opportunity for people to gather in online communities of shared interest and create, share or consume content. As a member-based

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Seven Requirements for Successfully Implementing Information Security Policies and Standards

Seven Requirements for Successfully Implementing Information Security Policies and Standards Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information

More information

Security survey in the United States

Security survey in the United States Security survey in the United States This document contains the results of a survey on network security in 455 small and medium sized businesses, conducted in the United States in October/November 2007.

More information