Contents. Assessing Social Media Security. Chapter! The Social Media Security Process 3



Similar documents
Security Information and

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan

Management. Oracle Fusion Middleware. 11 g Architecture and. Oracle Press ORACLE. Stephen Lee Gangadhar Konduri. Mc Grauu Hill.

Master Data Management and Data Governance Second Edition

for Hundreds of Ready-to-Use Phrases to Set the Stage for Productive Conversations, Meetings, and Events Meryl Runion with Diane Windingland

Compensating the Sales Force

Manager's Guide to Crisis Management

WebLogic Server 11g Administration Handbook

Development Effort & Duration

ux BEST PRACTICES How To Achieve More Impact With User Experience Helmut Degen and XiaoweiYuan With support of Nan Guo Graw

Tuning Tips & Techniques

WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk. A Hootsuite & Nexgate White Paper

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Building and Managing

Public Relations in Schools

VISUALIZING DATA POWER VIEW. with MICROSOFT. Brian Larson. Mark Davis Dan English Paui Purington. Mc Grauu. Sydney Toronto

CONTEMPORARY DIRECT & INTERACTIVE MARKETING

Risk Analysis and the Security Survey

Applications. Oracle WebCenter 11 g Handbook: Build Rich, Customizable Enterprise 2.0. Oracle Press ORACLE. Philipp Weckerle.

Lean Supply Chain and Logistics Management

Programming Flaws and How to Fix Them

Manager's Guide to Performance Management

Web Application Security

Social Media Marketing

Implementation & Administration

Cloud Computing: A Practical Approach

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS

Managing the Unmanageable

Direct Marketing AN INTEGRATED APPROACH

Study Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill

Macroeconomics. Manfred Gartner. Prentice Hall THIRD EDITION. University of St Gallen, Switzerland. An imprint of Pearson Education

Understanding the Pros and Cons of Combination Networks 7. Acknowledgments Introduction. Establishing the Numbers of Clients and Servers 4

David Jobber University of Bradford

Introduction. Chapter 1 Why Understanding Your Web Traffic Is Important to Your Business 3

THE PROFESSIONAL RISK MANAGERS' GUIDE TO THE ENERGY MARKET

Protecting against cyber threats and security breaches

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

Cisco. A Beginner's Guide Fifth Edition ANTHONY T. VELTE TOBY J. VELTE. City Milan New Delhi Singapore Sydney Toronto. Mc Graw Hill Education

Ninth Edition. David W. Cravens. Nigel F. Piercy. McGraw-frSiBI irwin. M.j. Neeley School of Business Texas Christian University

Data Warehouse Design

The Process. Improvement. Handbook. A Blueprint for Managing Change and. Increasing Organizational Performance. Tristan Boutros.

Web Protection for Your Business, Customers and Data

Purchasing and Supply Chain Management

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

How to Implement Lean Manufacturing

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG

Module 1: Introduction to Designing Security

Software Security. Building Security In. Gary McGraw. A Addison-Wesley

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Integration in Practice

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Oracle Big Data Handbook

The webinar will begin shortly

Financial Times Prentice Hall is an imprint of

Relationship marketing

Fundamentals of Mobile and Pervasive Computing

Top Digital Experts Share the. Formula for Tangible Returns. ort Vour Marketing Investment ERIC GREENBERG AND ALEXANDER KATES. Mc Graw Hill Education

PMP Project Management Professional Study Guide, Third Edition

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

James Dicks. 6 Ways to Trade the Dollar. McGraw-Hill

NEW ZEALAND FINANCIAL ACCOUNTING

INCIDENT RESPONSE CHECKLIST

Social Media. A brief overview of the Social Media module

Customer Relationship. Management. Ed Peelen and Rob Beltman

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title

How To Protect Your Network From Attack From A Network Security Threat

CAST Center for Advanced Security Training

The PNC Financial Services Group, Inc. Business Continuity Program

Strengthen security with intelligent identity and access management

SOCIAL MEDIA ANALYTICS AND TOOLS 101

Measuring Data Quality for Ongoing Improvement

C ONTENTS. Acknowledgments

Goodbye Spokesperson, Hello Steward

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

MIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco

ENTERPRISE RESOURCE PLANNING

The PNC Financial Services Group, Inc. Business Continuity Program

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection

Forget the hype Ways to actually use Social Media to benefit your business

Manufacturing Planning and Control for Supply Chain Management

Electric Power Distribution

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Business resilience: The best defense is a good offense

CAREER DEVELOPMENT INTERVENTIONS IN THE 21 ST CENTURY

Comprehensive real-time protection against Advanced Threats and data theft

RFID in the Supply Chain

An Introduction. Global Edition. "University of North Carolina. Northwestern University

VALUATION The Art and Science of Corporate Investment Decisions

Marketin. Global Edition 14

Transcription:

Securing the Clicks: Network Security in the Age of Social Media Gary Bahadur Jason I nasi Alex de Carvalho Mc ssr New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto

Contents Foreword Introduction xix xxi Part I Assessing Social Media Security Chapter! The Social Media Security Process 3 Case Study: Reputation Damage from an Unprepared Social Media Strategy 4 What Went Wrong? 5 How Security Has Changed in the Recent Past 6 The Assessment Process 7 Why Follow the Assessment Process? 8 Organizational Analysis: Your Industry Online, the Good and the Bad 9 Analyzing Your Social Media Initiatives 10 Analyzing Your Existing Internal Processes 11 Securing Customer Data 11 Securing Channels of Communication 12 Identifying the Current Gaps in How Your Company Utilizes Social Media Securely 12... Competitive Analysis 13 Wrap Up 15 Chapter 2 Security Strategy Analysis: Foundation of Your Security Policy 17 Case Study: Hacking Is an Equal Opportunity Sport 18 The H.U.M.O.R. Matrix 19 Human Resources 21 Assessing the Current Environment 21 Measuring the Current State: H.U.M.O.R. Matrix 26 Utilization of Resources and Assets 27 Assessing the Current Environment 28 Measuring the Current State: H.U.M.O.R. Matrix 32

xii Securing the Clicks: Network Security in the Age of Social Media Monetary Considerations 34 Assessing the Current Environment 34 Measuring the Current State: H.U.M.O.R. Matrix 35 Operations Management 36 Assessing the Current Environment 37 Measuring the Current State: H.U.M.O.R. Matrix 40 Reputation Management 41 Assessing the Current Environment 41 Measuring the Current State: H.U.M.O.R. Matrix 44 Wrap Up 45 Chapter 3 Monitoring in the Social Media Landscape 47 Case Study: A Dangerous Public 48 What Could Have Been Done? 49 What Are Your Customers and the General Public Saying? 50 What to Monitor 51 When to Dedicate Resources to Combating Negative Mentions 53 Processes to Track the Conversations Leading Up to an Attack 55 What Are Your Employees Saying? 58 What to Monitor 58 The "What If" Scenario 61 Wrap Up 62 Part II Assessing Social Media Threats Chapter 4 Threat Assessment 67 Case Study: Political Hacking 68 What Went Wrong? 69 The Changing Threat Landscape 70 Identifying the Threats 70 The Attackers 72 Threat Vectors 73 Threat Assessment and the Threat Management Lifecycle 76 Identify and Assess 77 Analyze 77 Execute 77 Threat Management in Action 79

Contents xiii H.U.M.O.R. Threat Assessment 80 Human Resources Threats 80 Utilization Threats 81 Monetary Threats 81 Operational Threats 82 Reputation Threats 83 Assessing Damage 85 Developing a Response 86 Wrap Up 90 Chapter 5 Whot Can Go Wrong 91 Case Study: Firesheep, A Real-World Example ofsocial Media Hacking 92 Dangers Specific to Social Networks 94 IT Security Restrictions to Protect Your Networks 95 Cyberstalking 96 Corporate Cyberstalking 97 Validating the End User 99 Determining Accountability 100 Data Scraping 100 Wrap Up 102 Part III Operations, Policies, & Processes Chapter 6 Social Media Security Policy Best Practices 105 Case Study: Growth of Social Media Policy Usage 107 What Is an Effective Social Media Security Policy? 108 Regulatory and legal Requirements 109 Managing In-house (Self-hosted) Applications 110 Managing Externally Hosted Applications 113 Enterprise-wide Coordination 116 Codes of Conduct and Acceptable Use 117 Roles and Responsibilities: The Community Manager 118 Education and Training 121 Policy Management 123 H.U.M.O.R. Guidelines 123

xiv Securing the Clicks: Network Security in the Age of Social Media Developing Your Social Media Security Policy 125 The Policy Team 125 Determining Policy Response 125 A Sample Social Media Security Policy 127 Wrap Up 135 Chapter 7 Human Resources: Strategy & Collaboration 137 Case Study: "Expensive Paperweight" Gets Fired 139 Identifying Business Processes, Regulations, and Legal Requirements 141 The Community Manager: Defining and Implementing 144 Small Companies'Human Resource Challenges 146 Medium-Sized Companies'Human Resource Challenges 148 Large Companies' Human Resource Challenges 149 Training 153 Training Community Managers 154 Training Employees 155 Wrap Up 159 Chapter 8 Utilization of Resources: Strategy & Collaboration 161 Case Study: Inappropriate Tweets 162 How Are Security Processes Handled? 163 Collaborating Securely 164 Utilizing Technology 165 Preventing Data Loss 170 Educating Employees 173 Wrap Up 175 Chapter 9 Monetary Considerations: Strategy & Collaboration 177 Case Study: Calculating the Cost of Data Loss 180 Costs of Implementing Controls 182 Costs of Threats and Countermeasures 184 Wrap Up 186 Chapter 10 Operations Management: Strategy & Collaboration 187 Case Study: Military Cyberprofiles 188 Operations Management Strategy 189 Roles and Responsibilities 189 Asset Management 190

Contents XV Security Awareness Training 192 Physical Security 193 Communications 193 Network Management 194 Access Control 195 Application Development and Testing 197 Compliance 199 Controls Auditing 200 Auditing Steps for Internal Security Tools and Social Media Sites 200 Auditing Steps for External Social Media Sites 201 Wrap Up 202 Chapter 11 Reputation Management: Strategy & Collaboration 203 Case Study: Domino's Reputation Attack 204 What Went Wrong? 205 What Did They Do Right? 205 Attempts to Ruin Brand Equity: From Logos to Brands 206 Actively Managing Your Reputation 207 Contacting Post Authors and Domain Owners 208 Requesting Content Removal 208 Resorting to Legal Recourse 210 Utilizing Search Engine Optimization 211 Zen and the Art of Social Media Strategy 212 When Marketing Campaigns Go Wrong 212 Creating Your Own Social Network 213 Who Do You Call in a Crisis? 216 Reducing Reputation Risks with Incident Management 216 Wrap Up 217 Part IV Monitoring & Reporting Chapter 12 Human Resources Monitoring & Reporting 221 Case Study: Facebook Posting Leads to Firing 223 Monitoring by Human Resources 223 Compliance 225 Focus of Monitoring 227 Can HR Ban Activity? 227 How to Monitor Employee Usage 228

xvi Securing the Clicks: Network Security in the Age of Social Media How to Use Social Media to Monitor Prospective Employees 230 Baseline Monitoring and Reporting Requirements 232 Policy Management 235 Wrap Up 235 Chapter 13 Utilization Monitoring & Reporting 237 Case Study: How Not to Respond 238 Who, What, Where, When, and How? 239 Technology 241 URL Filtering 242 Searching and Analyzing Data 243 Intellectual Property 246 Copyright 248 Incident Management 249 Reporting Metrics 251 Wrap Up 252 Chapter 14 Monetary Monitoring & Reporting 253 Case Study: The Budgetary Challenge 254 Social Media Security on a Limited Budget 256 Google Alerts 256 Google Trends 257 Google Blog Search 258 Google Insights for Search 259 Social Media Security on a Big Budget 260 Radian6 261 Lithium (formerly Seoul Labs) 262 Reputation.com 262 Training Costs 263 Wrap Up 264 Chapter 15 Operations Management Monitoring & Reporting 265 Case Study: Social Media Success 266 Types of Monitoring to Ensure Security Practices Are Followed 268 Data Loss Management: Tools and Practices 270 Alerting Systems 271 Usage Trend Tracking 271 Log File Archives 272

Contents XVli Monitoring and Management Tools 273 Monitoring Mentions 274 Monitoring Employees 276 Tracking Employee Usage 279 Benefits of Tracking Employee Usage 279 Dissemination of Policy Changes 280 Following the Social Media News 280 Wrap Up 281 Chapter 16 Reputation Management Monitoring & Reporting 283 Case Study: Uncontrolled Reputation Damage 284 Online Reputation Management 286 Brand Equity 287 Reputation Management and Employees 288 Setting Up a Monitoring System 289 Establishing a Baseline and Comparing Historical Periods 291 How to Make Good Use of Reputation Information 293 Wrap Up 294 PartV Social Media 3.0 Chapter 17 Assessing Your Social Media Strategy 297 How JAG's Doing 298 The Challenges Ahead 303 Determine the Implementation Processes 303 Security Is a Moving Target 304 Continuous Changes in Management and Policy 304 Check Your Sources 305 Authentication Systems Are Changing 306 Brand Attacks Are Hard to Track 306 Active Reputation Management 307 Respond 308 Report 308 Remediate 308 Wrap Up 309

xviii Securing the Clicks: Network Security in the Age of Social Media Chapter 18 The Future of Social Media Security 311 The Internet ofthings 312 Evolving Threats to the "Global Brain" 314 Loss of Control 315 Product and Data Threats 315 Erosion of Privacy 316 Geolocation Targeting 316 Attack of the Appliances 317 Attack of the Brands 317 "You R Owned!" 317 Inconsistent Regulations 318 The Best Defense Is a Good Offense 319 Jumping into the Deep End 320 Wrap Up 320 Appendix Resource Guide 321 index 327