We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byPerry Elms
Modified about 1 year ago
Social Networking: What You Don’t Know Can Hurt You Jim Hilsenrod
Agenda Intro About Actiance Social Media on the Rise Benefits of Social Media Understanding the Risks Applicable Regulations Anecdotes Applying Appropriate Controls Wrap-up Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 1
About Actiance Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 2 Enable the New Internet – 4,500+ Web 2.0 apps, Unified Communications, Social Networks Global operations – USA, EMEA, India, Asia/Pacific Market Leader – 9 of the top 10 US banks – Top 5 Canadian banks – 3 of the top 5 energy companies Broadest Partner Ecosystem – Technology alliances
Social Is Booming Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 3 Social Networking Social Collaboration Social Publishing Social Feedback
Upside of Social Media Generate buzz and increase visibility Strengthen customer relations Build an additional revenue source Extend your brand Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 4
Risks of Using Social Media and Web 2.0 Data Leakage Personal Information Intellectual Property Credit Card, SSN Client Records Incoming Threats Malware, Spyware Viruses, Trojans Inappropriate Content Compliance & eDiscovery SEC, FINRA HIPAA, FISMA SOX, PCI, FSA FRCP- eDiscovery FERC, NERC User Behavior Employee Productivity Bandwidth Explosion Every employee is the face of business Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Web 2.0 & Social Networks Regulation & Compliance SEC and FINRA Obliged to store records and make accessible. Public correspondence requires approval, review and retention. Extended to social media. Gramm-Leach-Bliley Act (GLBA) Protect information, monitor for sensitive content, and ensure not sent over public channels (e.g., Twitter) PCI Ensuring cardholder data is not sent over unsecured channels AND PROVING IT Red Flag Rules Prevent identity theft. Protect IM and Web 2.0 from malware and phishing when users are more likely to drop their guard. FRCP (eDiscovery) and IM are ESI. Posts to social media sites must be preserved if reasonably determined to be discoverable. Sarbanes-Oxley (SOX) Businesses must preserve information relevant to the company reporting. RegulationSocial Network and Web 2.0 Impact Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Real-Life Anecdotes Citibank Deloitte Financial Northshore Bank Online Banking Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 7
So who’s using Social Media? And Why? Sales & Marketing Promotions Advertising Branding HR Background checks Recruiting Scientists & Researchers Information exchange Collaboration IT Investigation of security breaches Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Social Networking: Balancing Benefit & Risk Risks & Challenges Employee productivity – Control who can access what, when, and for how long Content security – Introduction of malware Brand and reputation protection – Allow “approved corporate posters” to self-moderate – Moderate posts from unapproved corporate posters IP/Information Leak Prevention/NDA compliance – Sensitive, confidential term dictionary matching – Stop contract staff accidentally leaking your secrets – Quarantine posts for moderation by a reviewer – Quick deployment, no desktop touch Compliance with regulation (e.g., FINRA, PCI) – Archive content – Stop credit card number patterns – Control specific content Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Appropriate Controls: The Basics Who needs controls applied? Users within your organization - HR, Marketing, Sales, IT? How do I apply these controls? Are there tools available? Where do I get started? Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 10
Appropriate Controls: The Specifics Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 11 Identity managementEnsure that all the different logins of an individual link back to corporate identity Activity controlPosting of content allowed for marketing but read-only for everyone else Granular application controlEmployees can access Facebook, but not Facebook Chat or Facebook Games Anti-malwareProtect network against hidden phishing or Trojan attacks Data leak preventionProtect organization from employees disclosing sensitive information ModerationMessages posted only upon approval by designated officer Logging and archivingLog all content posted to social networks Export of dataExport stored data to any archive or WORM storage IssueControl Requirements
USG: Enable the ‘New Internet’ URL Filtering Anti-Malware Anti-Virus Unified Policy Management AD Integration, Company/Group/User, Time of Day, Bandwidth Application Control & Security Application Enablement Application Control Engine Reporting Public IM Web 2.0 & Application Control Socialite Web 2.0 Enablement Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
USG: Visibility & Control of More Than 4,500 Applications Social Networking914 Instant Messaging255 IPTV76 Remote Admin Tools41 P2P166 VoIP96 Web Conferencing55 Commercial Monitoring Software215 Anonymizer32 Webmail CategoryNumber Example Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
SaaS Infrastructure Fully Redundant Architecture End-to-End Failover Fully Redundant and Mirrored Database Extensive Network and Application Monitoring and Alerting Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.
Questions Jim Hilsenrod
IP-guard IP-guard Contents Brief Introduction 1 14 Modules of IP-guard 2 Solutions 3 Components and Basic System Architecture 4.
© 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE. Enterprise Information Protection When DLP is Not Enough? Graham.
Infinigate Security Day September 9 th 2011 Marcel Kooring Business Development Manager.
Bring Your Own Device: Challenges faced by the Consumerization of IT Therese P. Miller, Esq., CIPP Shook, Hardy & Bacon LLP April 18, 2013.
1 Unified Communications and Collaboration Campaign MM TI-BDM Deck User Guidance Purpose of this deck: –Show how Microsoft ® Unified Communications and.
Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Identity-based Unified Threat Management One Identity – One Security.
1 © Copyright 2009 EMC Corporation. All rights reserved. Electronic Discovery & Compliance: Meeting the Challenges - Avoiding a Trial by Fire…. Timothy.
Company LOGO Data Protection Fundamentals Sensitisation MQA By : Mrs. Pravina DODAH Mr. Hemrajsingh BHUGOWON Date : 09 Nov 2012.
Mount Auburn Hospital Information Security Awareness Training How to protect electronic information at work and at home.
Fortinet Confidential Fortinet and Hawaiian Telcom Mike Wysocki - Sales Daryl Jung - SE
Copyright © 2011 Pearson Education, Inc. publishing as Prentice Hall 14-1 MANAGING INFORMATION TECHNOLOGY 7 th EDITION CHAPTER 14 INFORMATION SECURITY.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
SECURITY AWARENESS. The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and.
Beth J. Leahy Esq. Walton Lantaff Schroeder & Carson LLP.
Presented to OUHSC Policies and Procedures Workshop IT Information Security Services.
Sophos Security and Data Protection Overview by: Mun Foong, Che – Channel Manager.
Tunis, Tunisia, June 2012 Privacy in Cloud Computing Vijay Mauree, Programme Coordinator, TSB, ITU ITU Workshop on Cloud Computing.
1 Gramm-Leach-Bliley Act (GLBA) Implementation of the Safeguards Rule Information Security Program University of Minnesota (Adapted from the Federal Trade.
Personal Privacy Identity protection in this wired world.
Learning Objectives 13.1 Explain how businesses benefit from the use of information technology (IT) Describe the components that enable IT– networks,
Insert your company logo here (on slide master). Insert your company logo here (on slide master) Developed by the Department of Communications, Information.
Trends in Endpoint Security by Richard Lau Trends in Endpoint Security by Richard Lau 29 September 2005.
Privacy and Information Security Training ( ) Privacy and Information Security Training Vanderbilt University Medical Center Information.
1 27-Dec-13 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Intellinx Ltd. Intellinx The Enterprise Fraud and Monitoring Solution.
Microsoft ® Exchange Online Overview. Notes (hidden) The default view of this deck is a short (6-slide) presentation, targeted to mid-sized customers.
GlobalCerts & SurfControl Only a layered approach can provide total risk management.
SharePoint Governance Questions January 2014 ©2014 SUSAN HANLEY LLC.
© 2016 SlidePlayer.com Inc. All rights reserved.