Social Networking and its Implications on your Data Security
|
|
- Mitchell Franklin
- 8 years ago
- Views:
Transcription
1 Social Networking and its Implications on your Data Security Canadian Chamber of Commerce of the Philippines June 8, 2011 Warren R Bituin Partner -SGV & Co.
2 About the Speaker Warren R. Bituin SGV & Co./Ernst & Young Partner, IT Risk and Assurance Landline: warren.r.bituin@ph.ey.com Professional qualifications Information security management Application risks and controls review IT infrastructure risk and controls assessment Service organization controls reporting Financial audit IT integration Experience in the government, financial services, media, utilities, power, telecommunication, manufacturing, retail and mining industries Background Certified Public Accountant (CPA) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information System Security Professional (CISSP) Certified in Risk and Information System Controls (CRISC) ISO Lead Auditor Candidate Management Development Program, Asian Institute of Management Bachelor of Science in Business Administration and Accountancy (BSBAA), University of the Philippines Former President, ISACA Manila Chapter Page 2
3 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 3
4 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 4
5 According to ISACA: Studies show a direct correlation between top financial performance and deep social media engagement in enterprises. Of the Fortune Global 100 Companies: 65% - have active Twitter accounts 54% - have Facebook Fan pages 50% - YouTube video channels 33% - corporate blogs Page 5
6 What is Social Media Social media technology involves: the creation and dissemination of content through social networks using the Internet social media tools allow consumers to comment, discuss and even distribute content published. Page 6
7 Business Benefits of Social Media Increase in brand recognition, sales and revenue, search engine optimization, web traffic and customer satisfaction Rapid feedback and insight from customers Information to improve products, customer service and perception Able to monitor market, competition and customers Able to search for and communicate with potential employees Page 7
8 Borderless security New technology means new risk 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. Given current trends towards the use of such things as social networking, cloud computing and personal devices in the enterprise, have you seen or perceived a change in the risk environment facing your organization? 37% Yes, increasing level of risk No, decreasing level of risk 60% Relatively constant level of risk 3% Shown: percentage of participants Source: 2010 EY Global Information Security Survey Page 8
9 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 9
10 Some considerations Business Use Business tool Employee access on corporate network Employee access through companyissued mobile devices Personal Use From home and personal computing devices Page 10
11 1% 1% 1% Social media Few companies have thoroughly examined the social media issue and developed an approach that will balance the business opportunity with the risk exposure Only 10% of respondents indicated that examining new and emerging IT trends was a very important activity for the information security function to perform. How important is information security in supporting the following activities in your organization? Achieving compliance with regulations Protecting reputation and brand Managing privacy and protecting personal information Achieving compliance with corporate policies 45% 42% 56% 53% 33% 36% 26% 29% 18% 12% 13% 15% 4% 2% 4% 3% 5% 2% Managing operational and (or) enterprise risk 34% 43% 18% 4% Protecting intellectual property 31% 30% 25% 10% 4% Improving stakeholder and investor confidence 25% 34% 25% 11% 5% Improving IT and operational efficiencies 21% 40% 27% 10% 2% Managing external vendors 16% 37% 31% 12% 4% Enhancing new service or product launches 14% 30% 34% 15% 7% Facilitating mergers, acquisitions and divestitures 12% 20% 26% 20% 22% Examining new and emerging IT trends 10% 33% 38% 15% 4% Very important Not important Source: 2010 EY Global Information Security Survey Shown: percentage of participants Page 11
12 Risks, Security and Privacy Concerns Corporate Social Media Presence Introduction of malware to the corporate network Brand or corporate hijacking Lack of control over content Unrealistic customer expectations Non-compliance with record management regulations Employee Personal Use of Social Media Communicate work-related information Linking the employee to the company Excessive employee use in the workplace Employee access via company-supplied devices Page 12
13 Corporate Social Media Presence Risks, Security and Privacy Concerns Introduction of viruses and malware to the corporate network Data leak/theft Owned systems (zombies) System downtime Resources required to clean systems Page 13
14 Corporate Social Media Presence Risks, Security and Privacy Concerns Brand or corporate hijacking (~cybersquatting) Customer backlash/adverse legal actions Exposure of customer information Reputational damage Targeted phishing attacks on customers or employees Page 14
15 Corporate Social Media Presence Risks, Security and Privacy Concerns Lack of control over content posted to social media sites Company s loss of control or legal rights to information posted Page 15
16 Corporate Social Media Presence Risks, Security and Privacy Concerns Unrealistic customer expectations of Internet-speed service Customer dissatisfaction due to lack of responsiveness Reputational damage Customer retention issues Page 16
17 Corporate Social Media Presence Risks, Security and Privacy Concerns Non-compliance with record management regulations Regulatory sanctions/fines Adverse legal actions Page 17
18 Employee Personal Use of Social Media Risk, Security and Privacy Concerns Use of personal accounts to communicate workrelated information Privacy violations Reputational damage Loss of competitive advantage Page 18
19 Employee Personal Use of Social Media Risk, Security and Privacy Concerns Employee posting pictures or information that link them to the company Brand damage Reputational damage Page 19
20 Employee Personal Use of Social Media Risk, Security and Privacy Concerns Excessive employee use of social media in the workplace Network utilization issues Productivity loss Increased exposure to viruses and malware due to longer duration of sessions Page 20
21 Employee Personal Use of Social Media Risk, Security and Privacy Concerns Employee access to social media via company-supplied mobile devices (smartphones, PDAs) Infection of mobile devices Data theft from mobile devices lost Circumvention of enterprise controls Data leakage Page 21
22 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 22
23 Social media Restricting the use of social media tools in the work environment is an approach that will likely have limited success and may drive additional unwanted behaviors 45% of respondents indicated that they restrict or prohibit the use of instant messaging or e- mail for sensitive data. Which of the following actions has your organization taken to control data leakage of sensitive information? Defined a specific policy for classification and handling of sensitive information 73% Implemented additional security mechanisms for protecting information 65% Utilized internal auditing for testing of controls Implemented content monitoring/filtering tools Defined specific requirements for telecommuting Locked down/restricted use of certain hardware components Restricted or prohibited use of instant messaging or for sensitive data Implemented log review tools Prohibited use of camera devices within sensitive or restricted areas Restricted access to sensitive information to specific time periods 54% 51% 48% 45% 45% 44% Note: multiple 29% responses permitted 18% Shown: percentage of participants Source: 2010 EY Global Information Security Survey Page 23
24 Who will benefit from the use of Social Media tools? Industries Media Telecommunication Retail Consumer Manufacturing Hospitality others? Business Units Marketing Sales Human Resource Customer Service others? Page 24
25 Addressing the concerns Develop Documented Strategy on Use of Social Media Develop Policies on Use of Social Media Conduct Training and Awareness Programs for Employees and Customers Implement Technical Controls Implement Appropriate Business processes Page 25
26 Strategy on use of social media Strategic benefits Benefits > Risks How Risks will be Addressed Technical, process and organizational resources to support initiative Involvement of key stakeholders Page 26
27 Policies on use of social media Business Use Whether it is allowed Process to gain approval for use Scope of topics or information permitted to flow through this channel Disallowed activities (installation of applications, playing games, etc) Escalation process for customer issues Personal Workplace Whether it is allowed Nondisclosure/posting of businessrelated content Discussion of workplace-related topics Inappropriate sites, content or conversations Outside of the workplace Nondisclosure/posting of businessrelated content Standard disclaimers if identifying the employer Dangers of posting too much personal information Page 27
28 Training and awareness programs Employees Conducted on a regular basis Benefits, opportunities, dangers Emphasize specific dangers and methods of social engineering, common exploits and threats to privacy Rules governing acceptable use and behavior while on social media sites. Customers Periodic informational updates to maintain awareness of potential fraud and to establish clear guidelines regarding information to be posted as part of enterprise social media presence Page 28
29 Implement technical controls Policy and standard enforcement Content monitoring and filtering technology to restrict/ limit access or network throughput to social media sites Security controls on mobile devices (e.g., smartphones). If possible, route enterprise smartphones through corporate network filtering technology to restrict/limit access to social media sites. Protection against malware downloads End-user system anti-malware, antivirus Data leak prevention products Operating system security Tracking and archiving of communications via social media Page 29
30 Implement appropriate business processes Processes and staffing to handle traffic that could be created from social media presence Processes and change controls that are aligned with social media policies. Monitoring and follow-up processes for brand protection Page 30
31 Sample Social Media Networking Guidelines Be aware that certain firm policies and procedures, apply to your behavior both off-line and online. Use caution before mentioning team members' or colleagues names in your online postings. Postings online should not disclose a client s identity, the nature of work being performed, or any other confidential client information. Each of us has a responsibility to protect confidential Company data, personal information of Company personnel and our clients, and client and competitor information from disclosure. Do not post anything online that might be considered threatening, unlawful, harassing, hateful, vulgar or otherwise offensive by the recipient, or invasive of another person's privacy. Page 31
32 Sample Social Media Networking Guidelines Different cultures may perceive slang terms differently, sometimes objectionably, therefore, be mindful of using them in your online posting. Protect yourself by being selective of the personal information you post, as it could be used by others for various crimes such as robbery or identity theft. Do not represent yourself as someone with a certain level of authority that you do not have, or provide information you cannot confirm. Use your professional judgment when using social networking sites at the office and at client sites. Respect copyright laws. Be aware that what you publish online does not always have an expiration date; it can last forever. Page 32
33 Sample Social Media Networking Guidelines Make sure you read, understand and comply with the terms and conditions on social networking sites carefully as they may claim ownership of the content you post. Familiarize yourself with how each site s privacy settings work. Default settings may allow a broader group of people than you intended to have access to your information. Use caution before opening up attachments, even from social networking "friends." Page 33
34 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 34
35 Conclusion Social Media offers great opportunities to interact with customers and business partners in new and exciting ways. However, there are significant risks to those who adopt this technology without a clear strategy that addresses both the benefits and the risks. Provide the online communities and social collaboration tools that the new workforce expects, but do so with a view that aligns enterprise requirements with personal responsibility to protect sensitive business information. Raise security awareness and personal responsibility to levels that have not been achieved before. Inform every member of the organization on the risks and issues related to social media. Page 35
36 Presentation Outline Introduction Risks, Security and Privacy Concerns Addressing the Concerns Conclusion Open Forum Page 36
37 OPEN FORUM Page 37
38 Thank you! Sources: This presentation pack does not necessarily cover everything regarding Social Media risks, security and privacy management. It represents the speaker s personal views and not SGV & Co. or Ernst & Young. If you have any specific questions, please contact the speaker. Page 38
Social Media: Business Benefits and Security, Governance and Assurance Perspectives
An ISACA Emerging Technology White Paper Social Media: Business Benefits and Security, Governance and Assurance Perspectives Abstract Initiated as a consumer-oriented technology, social media is increasingly
More information6.9 Social Media Policy
Policy Statement It is the policy of the to encourage clear and effective communication with all Nova Scotians using a variety of accepted tools, including social media. Social media is helping government
More information[Example] Social Media Acceptable Use Policy
[Example] Social Media Acceptable Use Policy Overview The [agency] recognises that there are legitimate business and personal reasons for using social media at work or using corporate computing resources.
More informationAcceptable Use of ICT Policy For Staff
Policy Document Acceptable Use of ICT Policy For Staff Acceptable Use of ICT Policy For Staff Policy Implementation Date Review Date and Frequency January 2012 Every two Years Rev 1: 26 January 2014 Policy
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationStudent use of the Internet Systems is governed by this Policy, OCS regulations, policies and guidelines, and applicable law.
OCS Internet Acceptable Use and Safety Policy for Students The Opportunity Charter School ( OCS or the School ) provides access to OCS s Internet Systems for its students for educational purposes, in conformance
More information1. Computer and Technology Use, Cell Phones. 1.1. Information Technology Policy
1. Computer and Technology Use, Cell Phones 1.1. Information Technology Policy Employees are provided with Internet access and electronic communications services (which may include, but are not limited
More informationGuidance on the Use of Social Networking
Guidance on the Use of Social Networking Version 1 - January 2012 Reviewed: September 2013 Version 2 Approved by SM: November 2013 Version 2 modified and approved by the PCC Board: April 2014 Overview
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationNYC Department of Education Social Media Guidelines
Spring 2012 NYC Department of Education Social Media Guidelines A. Introduction/Purpose 1. Social media technology can serve as a powerful tool to enhance education, communication, and learning. This technology
More informationINTERNET, EMAIL AND COMPUTER USE POLICY.
INTERNET, EMAIL AND COMPUTER USE POLICY. CONSIDERATIONS Code of Conduct Discipline and termination policy Privacy Policy Sexual Harassment policy Workplace Health & Safety Policy LEGISLATION Copyright
More informationThis agreement applies to all users of Historica Canada websites and other social media tools ( social media tools or social media channels ).
Social Media Terms of Use Social media is an integral part of Historica Canada s communications efforts, offering an additional model to engage with participants, colleagues, other stakeholders and the
More informationCity of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011
City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 Purpose and Intent The City of Boston recognizes the importance
More informationThe Risk of Being Innovative in Government
The Risk of Being Innovative in Government MISA/ASIM Canada Municipal CIO Council Summit Rob Meikle Chief Information Officer City of Brampton rob.meikle@brampton.ca May 31, 2012 Municipal CIO Operational
More informationsection 15 Computers, Email, Internet, and Communications
section 15 Computers, Email, Internet, and Communications 15.1 Electronic Communications Email is Not Private Email messages, including attachments, sent and received on YWCA Tulsa equipment are the property
More informationHow To Protect Your Data From Theft
Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationSocial Media -Benefits and Risk. Western Carolinas IIA Chapter Meeting October 25, 2012
Social Media -Benefits and Risk Western Carolinas IIA Chapter Meeting October 25, 2012 Matt Thompson Managing Director, Advisory Services Grant Thornton LLP Introductions Matt Thompson Managing Director
More informationWhy Email Encryption is Essential to the Safety of Your Business
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
More informationSocial Media Guidelines
Northern Virginia Community College Social Media Guidelines social networks, social media, blogs, wikis and virtual worlds April 2013 (revised) 04.11.13 Page 1 Table of Contents Introduction 3 Connect
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationWeb Protection for Your Business, Customers and Data
WHITE PAPER: WEB PROTECTION FOR YOUR BUSINESS, CUSTOMERS............ AND.... DATA........................ Web Protection for Your Business, Customers and Data Who should read this paper For security decision
More informationSocial Media s Effects on Internal Auditors
Social Media s Effects on Internal Auditors for IIA Nashville Chapter April 6, 2011 Chase Whitaker, CPA, CIA Session Objectives Introduce / review social media tools Discuss social media applications for
More informationHuman Resources Policy and Procedure Manual
Procedure: maintains a computer network and either purchases software for use in the network or develops proprietary software systems for Company use. Company employees are generally authorized to use
More informationOutbound Email and Data Loss Prevention in Today s Enterprise, 2010
Outbound Email and Data Loss Prevention in Today s Enterprise, 2010 Results from Proofpoint s seventh annual survey on outbound messaging and content security issues, fielded by Osterman Research during
More informationModel Policy for a Law Enforcement Agency s use of Social Networking
Model Policy for a Law Enforcement Agency s use of Social Networking Disclaimer: This is a model policy was designed to provide a guide to writing a policy related to social networking use. This model
More informationBorderless security. Ernst & Young s 2010 Global Information Security Survey
Borderless security Ernst & Young s 2010 Global Information Security Survey Foreword... 1 Borderless security... 2 Data on the move... 4 Processing in the clouds... 8 Web connections... 12 Summary... 16
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More informationInformation Security Governance:
Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationACCEPTABLE USE POLICY
ACCEPTABLE USE POLICY F. Paul Greene Harter Secrest & Emery LLP 1600 Bausch & Lomb Place Rochester, NY 14604 585-231-1435 fgreene@hselaw.com 2016 HARTER SECREST & EMERY LLP THE FOLLOWING TEMPLATE WAS DESIGNED
More informationAcceptable Use of Information Systems Standard. Guidance for all staff
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
More informationSocial Media Resources
Social Media Resources Policy Option 1 This policy applies to the social networking activity of all employees, contractors, business partners or other parties with a material interest in [COMPANY], and
More informationReview Responsibility Human Resources
Subject Regions Hospital Social Media Use and Behavior Attachments Yes No Key words Social Networking, Facebook, YouTube, Internet e-mail, blog, online manners, netiquette, Twitter, web mail Number RH-HR-HR
More informationYU General Guidelines for Use of Social Media
INTRODUCTION AND SCOPE General Guidelines for Use of Social Media Social media can be a valuable and powerful means of communication. Yeshiva University and its constituent schools (collectively, the University
More informationCISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS CISM ITEM DEVELOPMENT GUIDE Content Page Purpose of the CISM Item Development Guide 2 CISM Exam Structure 2 Item Writing Campaigns 2 Why Participate as a CISM
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationGUIDE Compliance Guide. Ensure Social Media Compliance Across Your Organization
GUIDE Compliance Guide Ensure Social Media Compliance Across Your Organization Compliance Guide Ensure Social Media Compliance Across Your Organization Introduction The business rewards of participating
More informationAs with most things, insurance should be
Insurance Buyers News Property & Liability 300 Montgomery Street Suite 450 San Francisco, CA 94104 415-820-2200 www.pennbrookinsurance.com Insurance Buyers News March/April 2012 Volume 23 Number 2 Data
More informationJPMorgan Chase Supplier Code of Conduct
PMorgan Chase Supplier Code of Conduct Purpose This Code sets out the minimum principles that we expect You to follow in Your provision of products and services to PMorgan Chase Bank & Co. and any of our
More informationAuburn University at Montgomery Policies and Procedures
Auburn University at Montgomery Policies and Procedures Title: Responsible Office: Social Media Policy University Relations I. PURPOSE This policy outlines the procedures governing social media pages created
More informationHuman Resources Policies and Procedures
SUBJECT: Social Media and Internet Policy PURPOSE The AppleOne Group of Companies ( AppleOne ) recognizes the fast-changing landscape of the Internet which has increased the popularity of social media
More information205.06 Social Media Policy
205.06 Social Media Policy A. POLICY/PURPOSE City of Arlington departments may utilize social media and social network sites to further enhance communications with various stakeholder organizations in
More informationSocial Media Guidelines
MARKETING AND MEDIA RELATIONS Social Media Guidelines Emporia State University Last Updated: July 09, 2011 Introduction What is Social Media? Social media consists of web-based tools used to interact with
More informationPOLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY
POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY STATEMENT: Many of our employees have access to the internet as well as email capabilities. The County recognizes that these
More informationINFORMATION SERVICES SOCIAL MEDIA GUIDE FOR STAFF
INFORMATION SERVICES SOCIAL MEDIA GUIDE FOR STAFF go.qub.ac.uk/socialmedia WHY ARE SOCIAL MEDIA TOOLS IMPORTANT TO QUEEN S UNIVERSITY? The term social media is used to describe a range of communication
More informationThe Risks and Rewards of Social Media and Mobile Devices
The Risks and Rewards of Social Media and Mobile Devices October 29-30, 2012 Tony Brooks, CISA Principal & Director of IT Assurance Tony and Brooks, Risk Services CISA, CRISC Partner HORNE - IT LLP Assurance
More informationCSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007
CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of
More informationMedford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee
Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationInternet Acceptable Use Policy
1. Overview Quincy College provides Internet access to students, faculty, staff, and administration as part of its educational mission. When the Internet is used appropriately, it can provide a wealth
More informationSOCIAL MEDIA & DIGITAL MARKETING POLICIES AND PROCEDURES
SOCIAL MEDIA & DIGITAL MARKETING POLICIES AND PROCEDURES The purpose of the Social Media and Digital Marketing Policy is to ensure the proper use of county social sites, web based marketing and technologies
More informationInformation Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza
Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationParla, Secure Cloud Email
Parla, Secure Cloud Email Secure Email, Instant Messaging, Calendar, Contacts, Tasks, File sharing and Notes across all devices The 1 st Secure Email and Instant Messaging from and European Security Vendor
More informationSutter Health and Affiliates Administrative Policies and Procedures SOCIAL MEDIA POLICY
Sutter Health and Affiliates Administrative Policies and Procedures SOCIAL MEDIA POLICY Communications & Marketing Policy 12-745 Approved by: System Management Team Origination Date: 08/2009 Revised Date:
More informationSocial Media Policy. Policies and Procedures. Social Media Policy
Policies and Procedures Social Media Policy 1 1. Introduction...3 2. Privacy settings and personal information.....3 3. Use of Social Media at Work.....4 4. Account Administrators and Login Details......4
More informationDirector, IT Security District Office Kern Community College District JOB DESCRIPTION
Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,
More informationCloud Computing Thunder and Lightning on Your Horizon?
Cloud Computing Thunder and Lightning on Your Horizon? Overview As organizations automate more and more of their manual processes, the Internet is increasingly becoming an important tool in the delivery
More informationCISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationWhite Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses
White Paper How to Effectively Provide Safe and Productive Web Environment for Today's Businesses Table of Content The Importance of Safe and Productive Web Environment... 1 The dangers of unrestricted
More informationSOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY
SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy
More informationDundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1
Dundalk Institute of Technology Acceptable Usage Policy Version 1.0.1 1 Document Location..\DkIT_Policy_Documents\Policies Revision History Date of this revision: Date of next review: Version Revision
More informationGateway Technical College Social Networking Policy
Gateway Technical College Social Networking Policy Social media sites like Facebook, Twitter, YouTube and Flickr have become increasingly important communication channels for supporting Gateway Technical
More informationWestwood Baptist Church Computer use Policy
Westwood Baptist Church Computer use Policy I. Policy Statement The use of Westwood Baptist Church automation systems, including computers, fax machines, and all forms of Internet/Intranet access, is for
More informationVirginia Commonwealth University Police Department
Virginia Commonwealth University Police Department NUMBER SECTION CHIEF OF POLICE EFFECTIVE REVIEW DATE 2 9 1/2013 2/2013 SUBJECT SOCIAL MEDIA GENERAL The department endorses the secure use of social media
More informationInformation Management Advice 57 Sample Social Media Acceptable Use Policy
Information Management Advice 57 Sample Social Media Acceptable Use Policy Overview The [agency] recognises that there are legitimate business and personal reasons for using social media at work or using
More informationSecurity Risk Management Strategy in a Mobile and Consumerised World
Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key
More informationTHE DALLAS IIA SOCIAL MEDIA POLICY
3/6/2014 THE DALLAS CHAPTER OF THE INSTITUTE OF INTERNAL AUDITORS THE DALLAS IIA SOCIAL MEDIA POLICY Final Approved on 3/6/2014 Communications Committee Contents Authors... 2 Communications Chair... 2
More information11 THINGS YOUR FIREWALL SHOULD DO. a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER
11 THINGS YOUR FIREWALL SHOULD DO a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER 2 THE GUIDE OF BY DALE SHULMISTRA Dale Shulmistra is a Technology Strategist at Invenio IT, responsible for
More informationAcceptable Use Policy
1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established culture of openness,
More informationWhatever your experience relating successfully with traditional media. Crisis Communication Plan in Action: Social Media
7 Crisis Communication Plan in Action: Social Media Keywords: legacy media, social media, digital media, blogs, YouTube, Flickr, Twitter, Facebook, citizen journalist, micro-communities, social media monitoring,
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationAgent Social Media Policy
Agent Social Media Policy Addendum to the Agent Advertising Guidelines November 2013 For agent use only. not to be used for consumer solicitation purposes. Addendum to Agent Advertising Guidelines Agent/Producer
More informationHow do members of the MSU community engage online? What it means to engage online is no different than what it means to engage offline.
PAGE 1 OF 7 Introduction The Michigan State University (MSU) Guidelines for Social Media apply to Michigan State University faculty, staff, and student employees and interns who create or contribute to
More informationService NSW Code of Conduct
Service NSW Code of Conduct Contents CEO Message 2 Our DNA 3 We ensure our personal and professional conduct complies with this Code of Conduct 4 We manage conflict of interest responsibly 6 We respect
More informationWith the increasing popularity of social media you need a Social Media Policy to protect your company.
Dear Reader, With the increasing popularity of social media you need a Social Media Policy to protect your company. It can become your biggest nightmare when employees distribute information that s not
More informationHUMAN RESOURCES POLICIES & PROCEDURES
HUMAN RESOURCES POLICIES & PROCEDURES Policy title Application IT systems and social networking policy All employees and students CONTENTS PAGE Introduction and scope 2 General points 2 Authorisation to
More informationWHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk. A Hootsuite & Nexgate White Paper
WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk A Hootsuite & Nexgate White Paper Mapping Organizational Roles & Responsibilities for Social Media Risk Executive Summary
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationClear Creek ISD 084910 CQ (REGULATION) Business and Support Services: Electronic Communications
Clear Creek ISD 084910 CQ (REGULATION) SCOPE CONSENT REQUIREMENTS CHIEF TECHNOLOGY OFFICER RESPONSIBILITIES The Superintendent or designee will oversee the District s electronic communications system.
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More information8 Securities Limited ( 8Sec ) reserves the right to update and change the TOS from time to time without notice or acceptance by you.
1. Acceptance of Terms Welcome to s Social Trading (the Social Trading Features ). Social Trading Features provide an integrated solution of equity trading and exploration of interactions among investors
More informationOLYMPIC COLLEGE POLICY
TITLE: Acceptable Use Policy POLICY NUMBER: OCP 200-17 REFERENCE: RCW 42.52.160, RCW 42.52.180, RCW 42.17, WAC 292-110-010, http://isb.wa.gov/policies/security.aspx, http://www.governor.wa.gov/execorders/archive.asp,
More informationAcceptable Use Policy
Acceptable Use Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationVentura Charter School of Arts & Global Education Board Policy for Acceptable Use and Internet Safety
Ventura Charter School of Arts & Global Education Board Policy for Acceptable Use and Internet Safety Student Policy--SP004 Ventura Charter School of Arts and Global Education ("School") recognizes the
More informationAPPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES
APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS (INCLUDING INTERNET & E-MAIL) EMC CORPORATE POLICY COPYRIGHT 2007 EMC CORPORATION. ALL RIGHTS RESERVED. NO PORTION OF THIS MATERIAL MAY BE REPRODUCED,
More informationIT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Security Products Must Be Secure by Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI April 2007 Software Vulnerabilities in the
More informationRevised 05/22/14 P a g e 1
Corporate Office 107 W. Franklin Street P.O. Box 638 Elkhart, IN 46515-0638 Phone (574) 294-7511 Fax (574) 522-5213 INTRODUCTION PATRICK INDUSTRIES, INC. CODE OF ETHICS AND BUSINESS CONDUCT As a leader
More informationCOMPUTER /ONLINE SERVICES (Acceptable Use and Internet Safety)
COMPUTER /ONLINE SERVICES (Acceptable Use and Internet Safety) The Middletown City School District provides an electronic communications network that allows District-authorized individuals internal access
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationEMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY
EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY This is a statement of The New York Institute for Special Education s (NYISE s) policy related to employees Computer Network and Internet
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationCanada s New Anti-Spam Legislation: Overview and Implications for Businesses
dentons.com Focus on Communications Canada s New Anti-Spam Legislation: Overview and Implications for Businesses January, 2011 Contact Margot Patterson Dentons Canada LLP Counsel, Ottawa margot.patterson@dentons.com
More informationIowa County Government Social Media Use Policy
Iowa County Government Social Media Use Policy This policy outlines appropriate use of social media, as it relates to Iowa County, by employees and departments for official and personal use. This policy
More information