Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Cyber Security Awareness Tip #30 - Blogging and Social Networking - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Tip #30 - Blogging and Social Networking

Yesterday we talked about the "insider threat". Blogging and Social Networking can be seen as a variation of this issue. But unlike the clandestine (and intentional) activities performed by a malicious insider, the threatening actions from blogging and social networking are usually unintentional and frequently well intended.

So how do you (or your organization) deal with this threat? Do you review your employees blogs for proprietary information? This may be an area where user education will actually work. However, it is also a area where the lines between a person's professional and personal life blur. What about the reputation of a company? Would it be affected by a well known employee of the company voicing radical political views in his personal blog?

The threat from social networking is similar. By mixing personal and professional contacts in your social network, you allow for "data leaks". Another issue is that with social networking, terminated employees retain access to customer and collaborator contact information.

As always: contact us with your tips on how to mitigate this threat.

----------
Johannes B. Ullrich, Ph.D. SANS Institute.
Interested in web application security? We still got seats in my next class: SEC519 Web Application Security, Virginia Beach, November  14-15th.

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3605 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!