Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Cyber Security Awareness Tip #30 - Blogging and Social Networking SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Tip #30 - Blogging and Social Networking

Yesterday we talked about the "insider threat". Blogging and Social Networking can be seen as a variation of this issue. But unlike the clandestine (and intentional) activities performed by a malicious insider, the threatening actions from blogging and social networking are usually unintentional and frequently well intended.

So how do you (or your organization) deal with this threat? Do you review your employees blogs for proprietary information? This may be an area where user education will actually work. However, it is also a area where the lines between a person's professional and personal life blur. What about the reputation of a company? Would it be affected by a well known employee of the company voicing radical political views in his personal blog?

The threat from social networking is similar. By mixing personal and professional contacts in your social network, you allow for "data leaks". Another issue is that with social networking, terminated employees retain access to customer and collaborator contact information.

As always: contact us with your tips on how to mitigate this threat.

Johannes B. Ullrich, Ph.D. SANS Institute.
Interested in web application security? We still got seats in my next class: SEC519 Web Application Security, Virginia Beach, November  14-15th.

I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Defense Initiative 2021


4306 Posts
ISC Handler
Oct 30th 2007

Sign Up for Free or Log In to start participating in the conversation!