8/2/2019 Asaf Ahmad
1/23
Asaf Ahmad
Fire and Rescue NSW
Disclaimer: The views expressed are my own and not of FRNSW.
1
8/2/2019 Asaf Ahmad
2/23
?BBS Bulletin Board System
?Internet Forums
?Web 2
2
8/2/2019 Asaf Ahmad
3/23
3
8/2/2019 Asaf Ahmad
4/23
Social media technology and network creation of content, and dissemination of content using the Internet
Allowing consumers to share the content, comment,
discuss and even distribute the news
4
8/2/2019 Asaf Ahmad
5/23
BLOGS - WordPress and TypePad,
MICROBLOGS - Twitter and Tumblr,
INSTANT MESSAGING AOL AIM, MS Live Messenger
Online communication systems - (e.g., Skype)
Image and video SHARING sites - Flickr and YouTube,
SOCIAL NETWORKING sites - Facebook and MySpace,
PROFESSIONAL NETWORKING sites - LinkedIn
Sources of Data
5
8/2/2019 Asaf Ahmad
6/23
Social media use is no longer an exception,
but rather a rule!?As a tool to simulate innovation,
?Create brand recognition,
?Provide Information
?Feedback, Views and Trends?Hire and retain employees,
?Generate revenue, and
?Improve customer satisfaction.
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance PerspectivesENGAGEMENTdb, The Worlds Most Valuable Brands. Whos Most Engaged? Ranking the Top 100 Global Brands,www.engagementdb.com/downloads/ENGAGEMENTdb_Report_2009.pdf 6
8/2/2019 Asaf Ahmad
7/23
A 2010 Burson-Marsteller study of Fortune 500companies:
?65% have active Twitter accounts
?54% have Facebook fan pages
?50% have Youtube video channels, and
?33% have corporate blogs
2 Burson-Marsteller, The Global Social Media Check-up Insights: From the Burson-Marsteller Evidence-based Communications Group, www.burson-marsteller.com/Innovation_and_insights/blogs_and_podcasts/BM_Blog/Documents/Burson-Marsteller%202010%20Global%20Social%20Media%20Check-up%20white%20paper.pdf
According to the 2010 Social Media Marketing Report , 67% of marketers plan toincrease their use of social media channels including blogs, Twitter, andFacebook.
7
8/2/2019 Asaf Ahmad
8/23
Souece: #qldfloods and @QPSMedia: Crisis Communication on Twitter in the 2011 South East Queensland FloodsMedia Ecologies Project, ARC Centre of Excellence for Creative Industries & Innovation (CCI), http://cci.edu.au/Axel Bruns and Jean Burgess Creative Industries Faculty, Queensland University of TechnologyKate Crawford and Frances Shaw Journalism and Media Research Centre, University of New South Wales
Distribution of tweets
by/to @QPSMediaand in #qldfloods forthe week of 10 Jan.2011
Breakdown oftweets in theInformationcategory
Crowd-sourcing crisis-relevant
information and trends can beachieved from Twitter Data
8
8/2/2019 Asaf Ahmad
9/23
?A police officer happily tweets about the recovery of amissing teenager. Only he forgets to tell her mom first
1
?Drug Companies Wait for FDA Guidelines on Social MediaMarketing - drug makers faced potential legal issues withthe reporting of adverse events, negative information and
libelous information?Liability for libel Privacy violations and damage to brand
recognition
?Information security risks
1 - http://www.techrepublic.com/blog/career/another-case-of-social-media-eating-the-brain-of-a-user/4136?tag=nl.e101
9
8/2/2019 Asaf Ahmad
10/23
Social MediaData sourcesEvent based
ConversationConstituents
Noise
Business Intelligence DefineAccessAggregateAnalyse Report
Structured Data- Format- Context
Semi-Structured Data- Meta data
Un-Structured Data-No Format
-Open context
10
8/2/2019 Asaf Ahmad
11/23
Presumed lack of credibility or reliability, or anunder estimation of its value
?Informal
?Data Quality
?Limited on membership
?Constraint due to technology
?Language and constituents dependency
11
8/2/2019 Asaf Ahmad
12/23
Business Intelligence
Metadata
Access andInformationConsumers
AnalyticsTechniques &Subject Area
Data SourcesData
Repository &Storage
DataIntegration
Action Knowledge Information Context Data
Security, Privacy, and Regulatory ComplianceProject Management, Change Control, Information Management
IT Infrastructure and Networks
Social Media
Social Media Policy Social Media Risk ManagementDiscovery-Target audience-Objectives-Social capability-Governance
Strategy-Listening-Social tools-Content strategy-Blog strategy
Management-Data Analytics-Goals & Benefits-Review
12
8/2/2019 Asaf Ahmad
13/23
?Can be started without proper governance?Without IT involvement
?Without proper project management
?Without Roles and Responsibilities?Without awareness and training
?Opportunity cost?Risk of communicating with customers or constituents?Risk to corporate network?Risks from mobile devices?Risks of social engineering
?Risks of violation of privacy and corporate policies?Risk of employee personal use of social media from
home and personal computing devices.
Social media does have inherent risks that could negatively
impact enterprise security
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives13
8/2/2019 Asaf Ahmad
14/23
Create a social media strategy Have a plan to address the risks that
accompany the technology
1 - ISACA = Information System Audit and Control AssociationITGI = IT Governance Institute
Require good governance and managementof information and technology (IT) assets
14
8/2/2019 Asaf Ahmad
15/23
1 - ISACA = Information System Audit and Control Associationwww.isaca.orgITGI = IT Governance Institute
COBIT1 -A Business Framework for the Governance and
Management of Enterprise IT
Information is a key resource for all enterprises.
Information is created, used, retained,
disclosed and destroyed. Technology plays a key role in these actions. Technology is becoming pervasive in all aspectsof business and personal life.
What benefits does information andtechnology bring to enterprises?
15
8/2/2019 Asaf Ahmad
16/23
When creating a social media strategy - some questionsto consider are: Strategic benefit? Involvement of stakeholders? Risks
Benefits Vs costs? Legal, Privacy and Regulatory issues and requirements? Ensure positive brand recognition? Awareness training? Handling of customers?
Resources to support such an initiative?
ISACA develops and maintain the CobiT and Risk IT frameworks
16
8/2/2019 Asaf Ahmad
17/23
1. Strategy and Governance
Establish a policy that addresses social media use Policies to address all aspects of social media use in the workplace? Risk assessment
2. People Effective training for all users
3. Processes Review business process using social media Aligned with policies and standards of the enterprise?
4. Technology IT strategy and supporting capabilities to manage technical risks Technical controls and processes support social media policies and
standards Established process to address the risk introduced by Social media
and negatively impact on the enterprise?Source: ISACAs Business Model for Information Security (BMIS) : The Business Model for Information Security, providesan in-depth explanation to a holistic business model which examines security issues from a systems perspective. 17
8/2/2019 Asaf Ahmad
18/23
?Personal use?
Whether it is allowed? The nondisclosure/posting of business-related content
? The discussion of workplace-related topics
? In-appropriate sites, content or conversations
? Standard disclaimers if identifying the employer
? The dangers of posting too much personal information
?Business use?Whether it is allowed
? The process to gain approval for use
? The scope of topics or information permitted to flow through this channel
?Disallowed installation of applications, playing games
? The escalation process for customer issues
18
8/2/2019 Asaf Ahmad
19/23
RISK IMPACT
Use of personal account to communicatework-related information
Privacy violationCorporate reputation damageLoss of competitive advantage
Posting of photographs of informationthat links users to their employees
Brand damageCorporate reputation damage
Excessive use of social media in theworkplace
Network utilisation issueLoss of productivityIncreased risk of exposure to virusand malware
Use of company-supplied mobile devicesto access social networking sires
Infection of mobile devicesData theft from mobile devices
Data leakageBypassed enterprise controls
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives19
8/2/2019 Asaf Ahmad
20/23
Threats &
Vulnerability
Risks Risk Mitigation Technique
Virus Data leakage Zombies Downtime Cost
Antivirus Content filtering Policies and Standards Awareness training
Hijacked corporatepresence
Customer backlash Exposure of customer information Reputational damage Targeted phishing attacks
Brand protection firms Periodic updates to customers
Unclear and undefinedcontents rights
Enterprise loss of control/legalrights
Legal to review contract Establish clear policies on posting Establish log capturing
Increase in customerservice expectation
Customer dissatisfaction Reputational damage Customer retention issue
Ensure adequate staffing for handling social mediatraffic. Create notices that provide clear windows forcustomer response.
Mismanagement ofelectroniccommunications that maybe impacted by retentionregulations or e-discovery
Regulatory sanctions and fines Adverse legal actions
Establish appropriate policies, processes andtechnologies to ensure that communications via socialmedia that may be impacted by litigation or regulationsare tracked and archived appropriately. Note that, depending on the social media site,maintaining an archive may not be a recommendedapproach.
20
8/2/2019 Asaf Ahmad
21/23
Threats &Vulnerability
Risks Risk Mitigation Technique
Use of personal accountfor work-relatedinformation
Privacy violation Reputational damage Loss of competitive advantage
HR to establish policies that ensure HR to develop awareness training
Posting of enterpriselinked picture
Brand damage Reputational damage
HR to develop a policy on appropriate use of enterpriseimages, assets, and intellectual property in their onlinepresence.
Excessive employee use ofsocial media in the
workplace
Network utilization issues Productivity loss Increased risk of exposure to
viruses and malware
Manage accessibility to social media sites
Employee access to socialmedia via enterprise-suppliedmobile devices
Infection of mobile devices Data theft from mobile devices Circumvention of enterprisecontrols Data leakage
Route enterprise mobile devices through corporatenetwork filtering technology Ensure that appropriate updated controls are installed onmobile devices. Establish or update policies and standards regarding the
use of mobile devices to access social media. Develop and conduct awareness training for risksinvolved with using social media sites.
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives21
8/2/2019 Asaf Ahmad
22/23
?
Consumer-oriented technology,?An enterprises tool to drive business objectives
?Affords enterprises many potential benefits
?Inherent risks such as data leakage, malwarepropagation and privacy infringement.
?Adopt a cross-functional, strategic approach thataddresses risks, along with appropriate governanceand assurance measures.
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives
22
8/2/2019 Asaf Ahmad
23/23
23
Top Related