SlideShare une entreprise Scribd logo

Rothke rsa 2012 what happens in vegas goes on youtube using social networks securely

Télécharger en tant que PPTX, PDF
Ben Rothke
Ben Rothke

WHAT HAPPENS IN VEGAS GOES ON YOUTUBE: USING SOCIAL NETWORKS SECURELY RSA Conference 2012

TechnologieBusiness
1  sur  40
Session ID: Session Classification: Ben Rothke, CISSP CISM Wyndham Worldwide Corp. WHAT HAPPENS IN VEGAS GOES ON YOUTUBE: USING SOCIAL NETWORKS SECURELY STAR-107 Intermediate
About me…  Ben Rothke, CISSP, CISM, CISA  Manager - Information Security - Wyndham Worldwide Corp.  All content in this presentation reflect my views exclusively and not that of Wyndham Worldwide  Author - Computer Security: 20 Things Every Employee Should Know (McGraw-Hill)  Write the Security Reading Room blog  https://365.rsaconference.com/blogs/securityreading 2
Agenda  Overview of social networks  Scary security risks associated with social networks  Social network security strategies  Conclusion / Recommendations / Q&A 3
Overview of social networks and the associated security and privacy 4
Social media explained 5 I need to eat I ate This is where I ate Why am I eating? Look at me eat! I’m good at eating Let’s all eat together
Social media is a infosec nightmare 6
Social media landscape 7
Social networking security reality  People will share huge amounts of highly confidential personal & business information with people they perceive to be legitimate  Numerous legitimate security risks with allowing uncontrolled access to social sites  But…these risks can be mitigated via a comprehensive security strategy 8
Blocking is futile  Not only is resistance futile – it’s a negative business decision  Prepare a social networking strategy  Have a realistic understanding of the risks and benefits of social software  Understand unique challenges and factor them into on when and how to proceed  Business and information security goal is the secure use and enablement of social media 9
Does blocking increase risk of breaches?  TELUS/Rotman Management School study:  negative correlation between organizations blocking access to social networking for security reasons and number of breaches experienced  when blocked, user may feel encouraged to use alternate method (smartphone/tablet) to access site  policy is actually forcing users to access non-trusted sites, using a technology that is not monitored or controlled by the enterprise security program http://business.telus.com/en_CA/content/pdf/whyTELUS/Security_Thought_Leadership/TELUS_Rotman_2011_Results.pdf 10
Security game-changer  Organizations and management are struggling  to understand and deal with the numerous security and privacy risks associated with social networks  Traditional information security  firewalls and access control protected the perimeter. Social networks open up that perimeter  Focus shift  from infrastructure protection to data protection 11
Social media security and privacy risks 12 Risk Description Security? Type? Malware Infection of desktops, propagation of malware through staff or corporate profiles on social-media services. Yes Technology Chain of providers Mashups of applications within a social-media service enable the untraceable movement of data. Yes Technology Interface weaknesses Public application interfaces are not sufficiently secured, exposing users to cross-site scripting and other exploits. Yes Technology Reputation damage Degradation of personal and corporate reputations through posting of inappropriate content. No Content Exposure of confidential information Loose lips sink ships, breach of IP or other trade secrets, breach of copyright, public posting or downloading of private or sensitive personal information. Yes Content Legal exposure Legal liabilities resulting from posted content and online conversations or failure to meet a regulatory requirement to record and archive particular conversations. Yes Content Revenue loss For organizations in the information business, making content freely available may undercut fee-based information services Yes Content Staff productivity Workers failing to perform due to the distraction of social media No Behavior Hierarchy subversion Informal social networks erode authority of formal corporate hierarchy and defined work processes No Behavior Social engineering Phishing attacks, misrepresentation of identity and/or authority to obtain information illicitly or to stimulate damaging behaviors by staff. Yes Behavior Identity fraud Profiles and postings that are erroneously attributed to a staff member or corporate office. Yes Behavior Source: Gartner – Report G00173953 - February 2010
Social media security and privacy risks  cross site scripting, cross site request forgery  Twitter trending topic malware / spam  LikeJacking  phishing / spear phishing  corporate espionage / business intelligence  geolocation  Content-based Image Retrieval (CBIR) – emerging technology that matches features, such as identifying aspects of a room (e.g. a painting) in very large databases, increasing the possibilities for locating users 13 http://www.flickr.com/photos/narcissistic-indulgence/4472901190/
Aggregation  Aggregation  process of collecting content from multiple social network services  consolidates multiple social networking profiles into one profile  Long-term anonymity is nearly impossible  users leave traces, IP addresses, embedded links, IDs in files, photos, etc.  no matter how anonymous one tries to be, eventually, with enough traces, aggregation will catch up 14
Strategies and action items for enterprises to deal with the security and privacy risks of social networks 15
Social media waits for no one…  Especially information security  Be proactive  dedicated team to deal with social networks  ability to identify all issues around social networks  get involved and be engaged  Be flexible  social networking is moving fast  too a rigid framework may be myopic  social media in 2013 will be quite different than 2012 16
Secure use of social media 1. Governance  corporate social media strategy  risk assessments  realistic policies 2. Enablement  awareness, education 3. Management  monitoring 17
Governance – social media strategy  Create a social media strategy based on your social media security goals  Identify those who’ll be online public face  Draconian policies preventing the use of social media will most often not be effective  Use a balanced approach  allow access  manage risk via technical controls, policies and employee training 18
Governance – risk assessment  for each social network community  vulnerabilities associated with each community  each social community has its own set of unique security and privacy concerns  output will be used to create the social media policy and strategy  customized to your specific risk matrix  balance risks vs. benefits  US Marines – some areas totally prohibited  Starbucks – totally embraced 19
Governance - data leakage  Social media physics - law of conservation of data  once confidential data is made public, it can never be made confidential again  once data is posted in a Web 2.0 world, it exists forever, somewhere  difficulty of complete account deletion  users wishing to delete accounts from social networks may find that it’s almost impossible to remove secondary information linked to their profile, such as public comments 20
Governance – social media policy  Social networking policy is a must  even if it prohibits everything, you still need a policy  Employees will do stupid things  Rational, sensible use of social media services  include photography and video  don’t reference clients, customers, or partners without obtaining their express permission  Social Media Policy Database  http://socialmediagovernance.com/policies.php 21
Governance - reputation management  Goal is to build and protect a positive Internet- based reputation  Risks to reputation are significant and growing with the increased use of social networks  Create reputation management group with input from IT, legal, risk management, PR and marketing  Coordinated approach  proactive / responsive 22
23
Governance - reputation management  Traditional PR and legal responses to an Internet-based negative reputation event can cause more damage than doing nothing  establish, follow and update protocols can make social-media chaos less risky to enterprises  Infosec coordinate activities with PR teams  expand monitoring and supplement monitoring with investigations and evidence collection processes 24
Enablement – awareness and education  Social media is driven by social interactions  Most significant risks are tied to the behavior of staff when they are using social software  Don't shun social media for fear of bad end-user behavior  Anticipate it and formulate a multilevel approach to policies for effective governance  3 C’s: clear, comprehensive, continuous 25
Awareness - How to get fired in 3 tweets  Link social networking training to other related training  business ethics, standards of conduct, industry- specific regulations  Let employees know they can lose their job  policy violation  managers and executives - special responsibility when blogging by virtue of their position  too much time on social network sites  perception that they are promoting themselves at the expense of the company 26
Awareness - curb your enthusiasm  Awareness of addictive nature of social media  especially those with OCD/addictive personalities  what is fun today is embarrassing tomorrow  don’t post comment that you don’t want the entire world to see  consider carefully which images, videos and information you publish  set daily time limits on how much time they will spend 27
Awareness - regulatory  Regulatory compliance must be considered  social networks present numerous scenarios which weren’t foreseen when current legislation and data protection laws were created  regulatory framework governing social networks should be reviewed and, where necessary, revised  what specific laws/regulations/standards apply?  all breach notice laws are relevant  if customer or employee PII is posted, breach response plans would likely need to be followed and notices would need to be sent 28
Awareness – corporate guidelines  Without guidelines, breaches are inevitable  Excellent sources:  Intel Social Media Guidelines  IBM Social Computing Guidelines  United States Air Force – New media guidelines 29
Management - monitoring  Maintain control over content company owns  monitor employee social networking participation  significant risk of loss of IP protection if not monitored  inappropriate use of enterprise content occurred?  notify employee - explain how their actions violated policy  control where and how corporate content is shared externally 30
Management - monitoring  Monitor social media content for  inbound malware  potentially libelous comments that are sent externally, as well as trade secrets that might be referenced in social media posts, potential regulatory violations, breaches of ethical walls, etc.  sexually harassing, racist or other inappropriate content that might be sent internally.  employee posts on every social media site that might be used 31
Management - monitoring  Gatorade’s Social Media Command Center  http://mashable.com/2010/06/15/gatorade-social-media-mission-control/ 32
EU and social networks  EU Directive on Data Protection 95/46/EC  Data Protection Working Party Opinion 5/2009  EU countries take personal privacy very seriously  tagging of images with personal data without the consent of the subject of the image violates the user’s right to informational self determination  blanket monitoring and logging is unacceptable in EU  many more privacy details need to be considered 33
Human resources must be involved  Social networks open up a huge can of HR worms  What are disciplinary actions for non- compliance?  Can candidate’s social network presence be a factor in hiring process? 34
HR, FCRA and the EEOC  via Facebook, you can know way too much about a candidate:  race, orientation, religion, politics, health, etc.  such information can be used to show bias  EEOC and expensive litigation 35
Social media hardware/software tools 36  Archiving & compliance  ActianceWorks, Arkovi, Socialware, Smarsh  Content management  Syncapse, Vitrue, Shoutlet, Hearsay Social, Context Optional  Monitoring & analytics  Radian6 (Salesforce), Sysomos, PostRank (Google), Alterian, Lithium Technologies, Collective Intellect, Crimson Hexagon
References  New Media and the Air Force  Parents’ Guide to Facebook  ENISA position papers  Security Issues and Recommendations for Online Social Networks  Online as Soon as it Happens  ISACA  Social Media: Business Benefits and Security, Governance and Assurance Perspectives  Securing the Clicks Network Security in the Age of Social Media 37
Apply 38
Apply  understand how and why social media is used  understand the risks you will face from not managing social media security properly  implement security and privacy policies focused on the appropriate use of social media  recognize social media security and privacy risks and take a formal approach to mitigate them 39
Ben Rothke, CISSP CISA Manager – Information Security Wyndham Worldwide Corporation www.linkedin.com/in/benrothke www.twitter.com/benrothke www.slideshare.net/benrothke 40

Recommandé

Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeBen Rothke
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 

Recommandé

Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeBen Rothke
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security AwarenessThe Network Support Company
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - GuidelinesPedro Espinosa
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of CompromiseSecurityMetrics
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
Social Media & Enterprise Security Whitepaper
Social Media & Enterprise Security WhitepaperSocial Media & Enterprise Security Whitepaper
Social Media & Enterprise Security WhitepaperSchleighS
 
Risky business of social media
Risky business of social mediaRisky business of social media
Risky business of social mediaTrivera Interactive
 

Contenu connexe

Tendances

Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - GuidelinesPedro Espinosa
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 

Tendances (20)

It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
IT Security - Guidelines
IT Security - GuidelinesIT Security - Guidelines
IT Security - Guidelines
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
 

Similaire à Rothke rsa 2012 what happens in vegas goes on youtube using social networks securely

Social Media & Enterprise Security Whitepaper
Social Media & Enterprise Security WhitepaperSocial Media & Enterprise Security Whitepaper
Social Media & Enterprise Security WhitepaperSchleighS
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Balancing Security & Authencity Final
Balancing Security & Authencity FinalBalancing Security & Authencity Final
Balancing Security & Authencity FinalCindy Kim
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
InfoSec's Guide to Social Media [WHITEPAPER]
InfoSec's Guide to Social Media [WHITEPAPER]InfoSec's Guide to Social Media [WHITEPAPER]
InfoSec's Guide to Social Media [WHITEPAPER]Josh Stein
 
Building A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentBuilding A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentMichael Smith
 
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...IRJET Journal
 
FORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFERMA
 
Risk & Opportunities of Web 2.0
Risk & Opportunities of Web 2.0Risk & Opportunities of Web 2.0
Risk & Opportunities of Web 2.0Dave Briggs
 
Pbl ppt on cybersecurity.pdf
Pbl ppt on cybersecurity.pdfPbl ppt on cybersecurity.pdf
Pbl ppt on cybersecurity.pdfPanchalBhavin2
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the WorkplaceJohn Macasio
 
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdfSafeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdfCIOWomenMagazine
 
Cybersecurity Challenges in the Modern Digital Landscape.docx
Cybersecurity Challenges in the Modern Digital Landscape.docxCybersecurity Challenges in the Modern Digital Landscape.docx
Cybersecurity Challenges in the Modern Digital Landscape.docxPelorusTechnologies
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
Security in social network araceli&arlethe
Security in social network araceli&arletheSecurity in social network araceli&arlethe
Security in social network araceli&arlethetecnologico de tuxtepec
 
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxFahimMuntasir21
 

Similaire à Rothke rsa 2012 what happens in vegas goes on youtube using social networks securely (20)

Social Media & Enterprise Security Whitepaper
Social Media & Enterprise Security WhitepaperSocial Media & Enterprise Security Whitepaper
Social Media & Enterprise Security Whitepaper
 
Risky business of social media
Risky business of social mediaRisky business of social media
Risky business of social media
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Social media security
Social media securitySocial media security
Social media security
 
Balancing Security & Authencity Final
Balancing Security & Authencity FinalBalancing Security & Authencity Final
Balancing Security & Authencity Final
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Social media risks guide
Social media risks guideSocial media risks guide
Social media risks guide
 
InfoSec's Guide to Social Media [WHITEPAPER]
InfoSec's Guide to Social Media [WHITEPAPER]InfoSec's Guide to Social Media [WHITEPAPER]
InfoSec's Guide to Social Media [WHITEPAPER]
 
Building A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and GovernmentBuilding A Modern Security Policy For Social Media and Government
Building A Modern Security Policy For Social Media and Government
 
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...
 
FORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challenge
 
Risk & Opportunities of Web 2.0
Risk & Opportunities of Web 2.0Risk & Opportunities of Web 2.0
Risk & Opportunities of Web 2.0
 
Managing Social Media Risks
Managing Social Media RisksManaging Social Media Risks
Managing Social Media Risks
 
Pbl ppt on cybersecurity.pdf
Pbl ppt on cybersecurity.pdfPbl ppt on cybersecurity.pdf
Pbl ppt on cybersecurity.pdf
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the Workplace
 
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdfSafeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
 
Cybersecurity Challenges in the Modern Digital Landscape.docx
Cybersecurity Challenges in the Modern Digital Landscape.docxCybersecurity Challenges in the Modern Digital Landscape.docx
Cybersecurity Challenges in the Modern Digital Landscape.docx
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 
Security in social network araceli&arlethe
Security in social network araceli&arletheSecurity in social network araceli&arlethe
Security in social network araceli&arlethe
 
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptx
 

Plus de Ben Rothke

Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionBen Rothke
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systemsBen Rothke
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comLessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comBen Rothke
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligattBen Rothke
 
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperInfosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperBen Rothke
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010Ben Rothke
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceWebinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceBen Rothke
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftLa nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftBen Rothke
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Ben Rothke
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Ben Rothke
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalBen Rothke
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke
 
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke
 
Virtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci DssVirtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci DssBen Rothke
 

Plus de Ben Rothke (20)

Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systems
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comLessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity com
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligatt
 
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperInfosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. Hooper
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
 
Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceWebinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS Compliance
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftLa nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswift
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction Practices
 
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
 
Virtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci DssVirtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci Dss
 

Dernier

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 

Dernier (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 

Rothke rsa 2012 what happens in vegas goes on youtube using social networks securely

  • 1. Session ID: Session Classification: Ben Rothke, CISSP CISM Wyndham Worldwide Corp. WHAT HAPPENS IN VEGAS GOES ON YOUTUBE: USING SOCIAL NETWORKS SECURELY STAR-107 Intermediate
  • 2. About me…  Ben Rothke, CISSP, CISM, CISA  Manager - Information Security - Wyndham Worldwide Corp.  All content in this presentation reflect my views exclusively and not that of Wyndham Worldwide  Author - Computer Security: 20 Things Every Employee Should Know (McGraw-Hill)  Write the Security Reading Room blog  https://365.rsaconference.com/blogs/securityreading 2
  • 3. Agenda  Overview of social networks  Scary security risks associated with social networks  Social network security strategies  Conclusion / Recommendations / Q&A 3
  • 4. Overview of social networks and the associated security and privacy 4
  • 5. Social media explained 5 I need to eat I ate This is where I ate Why am I eating? Look at me eat! I’m good at eating Let’s all eat together
  • 6. Social media is a infosec nightmare 6
  • 8. Social networking security reality  People will share huge amounts of highly confidential personal & business information with people they perceive to be legitimate  Numerous legitimate security risks with allowing uncontrolled access to social sites  But…these risks can be mitigated via a comprehensive security strategy 8
  • 9. Blocking is futile  Not only is resistance futile – it’s a negative business decision  Prepare a social networking strategy  Have a realistic understanding of the risks and benefits of social software  Understand unique challenges and factor them into on when and how to proceed  Business and information security goal is the secure use and enablement of social media 9
  • 10. Does blocking increase risk of breaches?  TELUS/Rotman Management School study:  negative correlation between organizations blocking access to social networking for security reasons and number of breaches experienced  when blocked, user may feel encouraged to use alternate method (smartphone/tablet) to access site  policy is actually forcing users to access non-trusted sites, using a technology that is not monitored or controlled by the enterprise security program http://business.telus.com/en_CA/content/pdf/whyTELUS/Security_Thought_Leadership/TELUS_Rotman_2011_Results.pdf 10
  • 11. Security game-changer  Organizations and management are struggling  to understand and deal with the numerous security and privacy risks associated with social networks  Traditional information security  firewalls and access control protected the perimeter. Social networks open up that perimeter  Focus shift  from infrastructure protection to data protection 11
  • 12. Social media security and privacy risks 12 Risk Description Security? Type? Malware Infection of desktops, propagation of malware through staff or corporate profiles on social-media services. Yes Technology Chain of providers Mashups of applications within a social-media service enable the untraceable movement of data. Yes Technology Interface weaknesses Public application interfaces are not sufficiently secured, exposing users to cross-site scripting and other exploits. Yes Technology Reputation damage Degradation of personal and corporate reputations through posting of inappropriate content. No Content Exposure of confidential information Loose lips sink ships, breach of IP or other trade secrets, breach of copyright, public posting or downloading of private or sensitive personal information. Yes Content Legal exposure Legal liabilities resulting from posted content and online conversations or failure to meet a regulatory requirement to record and archive particular conversations. Yes Content Revenue loss For organizations in the information business, making content freely available may undercut fee-based information services Yes Content Staff productivity Workers failing to perform due to the distraction of social media No Behavior Hierarchy subversion Informal social networks erode authority of formal corporate hierarchy and defined work processes No Behavior Social engineering Phishing attacks, misrepresentation of identity and/or authority to obtain information illicitly or to stimulate damaging behaviors by staff. Yes Behavior Identity fraud Profiles and postings that are erroneously attributed to a staff member or corporate office. Yes Behavior Source: Gartner – Report G00173953 - February 2010
  • 13. Social media security and privacy risks  cross site scripting, cross site request forgery  Twitter trending topic malware / spam  LikeJacking  phishing / spear phishing  corporate espionage / business intelligence  geolocation  Content-based Image Retrieval (CBIR) – emerging technology that matches features, such as identifying aspects of a room (e.g. a painting) in very large databases, increasing the possibilities for locating users 13 http://www.flickr.com/photos/narcissistic-indulgence/4472901190/
  • 14. Aggregation  Aggregation  process of collecting content from multiple social network services  consolidates multiple social networking profiles into one profile  Long-term anonymity is nearly impossible  users leave traces, IP addresses, embedded links, IDs in files, photos, etc.  no matter how anonymous one tries to be, eventually, with enough traces, aggregation will catch up 14
  • 15. Strategies and action items for enterprises to deal with the security and privacy risks of social networks 15
  • 16. Social media waits for no one…  Especially information security  Be proactive  dedicated team to deal with social networks  ability to identify all issues around social networks  get involved and be engaged  Be flexible  social networking is moving fast  too a rigid framework may be myopic  social media in 2013 will be quite different than 2012 16
  • 17. Secure use of social media 1. Governance  corporate social media strategy  risk assessments  realistic policies 2. Enablement  awareness, education 3. Management  monitoring 17
  • 18. Governance – social media strategy  Create a social media strategy based on your social media security goals  Identify those who’ll be online public face  Draconian policies preventing the use of social media will most often not be effective  Use a balanced approach  allow access  manage risk via technical controls, policies and employee training 18
  • 19. Governance – risk assessment  for each social network community  vulnerabilities associated with each community  each social community has its own set of unique security and privacy concerns  output will be used to create the social media policy and strategy  customized to your specific risk matrix  balance risks vs. benefits  US Marines – some areas totally prohibited  Starbucks – totally embraced 19
  • 20. Governance - data leakage  Social media physics - law of conservation of data  once confidential data is made public, it can never be made confidential again  once data is posted in a Web 2.0 world, it exists forever, somewhere  difficulty of complete account deletion  users wishing to delete accounts from social networks may find that it’s almost impossible to remove secondary information linked to their profile, such as public comments 20
  • 21. Governance – social media policy  Social networking policy is a must  even if it prohibits everything, you still need a policy  Employees will do stupid things  Rational, sensible use of social media services  include photography and video  don’t reference clients, customers, or partners without obtaining their express permission  Social Media Policy Database  http://socialmediagovernance.com/policies.php 21
  • 22. Governance - reputation management  Goal is to build and protect a positive Internet- based reputation  Risks to reputation are significant and growing with the increased use of social networks  Create reputation management group with input from IT, legal, risk management, PR and marketing  Coordinated approach  proactive / responsive 22
  • 23. 23
  • 24. Governance - reputation management  Traditional PR and legal responses to an Internet-based negative reputation event can cause more damage than doing nothing  establish, follow and update protocols can make social-media chaos less risky to enterprises  Infosec coordinate activities with PR teams  expand monitoring and supplement monitoring with investigations and evidence collection processes 24
  • 25. Enablement – awareness and education  Social media is driven by social interactions  Most significant risks are tied to the behavior of staff when they are using social software  Don't shun social media for fear of bad end-user behavior  Anticipate it and formulate a multilevel approach to policies for effective governance  3 C’s: clear, comprehensive, continuous 25
  • 26. Awareness - How to get fired in 3 tweets  Link social networking training to other related training  business ethics, standards of conduct, industry- specific regulations  Let employees know they can lose their job  policy violation  managers and executives - special responsibility when blogging by virtue of their position  too much time on social network sites  perception that they are promoting themselves at the expense of the company 26
  • 27. Awareness - curb your enthusiasm  Awareness of addictive nature of social media  especially those with OCD/addictive personalities  what is fun today is embarrassing tomorrow  don’t post comment that you don’t want the entire world to see  consider carefully which images, videos and information you publish  set daily time limits on how much time they will spend 27
  • 28. Awareness - regulatory  Regulatory compliance must be considered  social networks present numerous scenarios which weren’t foreseen when current legislation and data protection laws were created  regulatory framework governing social networks should be reviewed and, where necessary, revised  what specific laws/regulations/standards apply?  all breach notice laws are relevant  if customer or employee PII is posted, breach response plans would likely need to be followed and notices would need to be sent 28
  • 29. Awareness – corporate guidelines  Without guidelines, breaches are inevitable  Excellent sources:  Intel Social Media Guidelines  IBM Social Computing Guidelines  United States Air Force – New media guidelines 29
  • 30. Management - monitoring  Maintain control over content company owns  monitor employee social networking participation  significant risk of loss of IP protection if not monitored  inappropriate use of enterprise content occurred?  notify employee - explain how their actions violated policy  control where and how corporate content is shared externally 30
  • 31. Management - monitoring  Monitor social media content for  inbound malware  potentially libelous comments that are sent externally, as well as trade secrets that might be referenced in social media posts, potential regulatory violations, breaches of ethical walls, etc.  sexually harassing, racist or other inappropriate content that might be sent internally.  employee posts on every social media site that might be used 31
  • 32. Management - monitoring  Gatorade’s Social Media Command Center  http://mashable.com/2010/06/15/gatorade-social-media-mission-control/ 32
  • 33. EU and social networks  EU Directive on Data Protection 95/46/EC  Data Protection Working Party Opinion 5/2009  EU countries take personal privacy very seriously  tagging of images with personal data without the consent of the subject of the image violates the user’s right to informational self determination  blanket monitoring and logging is unacceptable in EU  many more privacy details need to be considered 33
  • 34. Human resources must be involved  Social networks open up a huge can of HR worms  What are disciplinary actions for non- compliance?  Can candidate’s social network presence be a factor in hiring process? 34
  • 35. HR, FCRA and the EEOC  via Facebook, you can know way too much about a candidate:  race, orientation, religion, politics, health, etc.  such information can be used to show bias  EEOC and expensive litigation 35
  • 36. Social media hardware/software tools 36  Archiving & compliance  ActianceWorks, Arkovi, Socialware, Smarsh  Content management  Syncapse, Vitrue, Shoutlet, Hearsay Social, Context Optional  Monitoring & analytics  Radian6 (Salesforce), Sysomos, PostRank (Google), Alterian, Lithium Technologies, Collective Intellect, Crimson Hexagon
  • 37. References  New Media and the Air Force  Parents’ Guide to Facebook  ENISA position papers  Security Issues and Recommendations for Online Social Networks  Online as Soon as it Happens  ISACA  Social Media: Business Benefits and Security, Governance and Assurance Perspectives  Securing the Clicks Network Security in the Age of Social Media 37
  • 39. Apply  understand how and why social media is used  understand the risks you will face from not managing social media security properly  implement security and privacy policies focused on the appropriate use of social media  recognize social media security and privacy risks and take a formal approach to mitigate them 39
  • 40. Ben Rothke, CISSP CISA Manager – Information Security Wyndham Worldwide Corporation www.linkedin.com/in/benrothke www.twitter.com/benrothke www.slideshare.net/benrothke 40