Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide Heading Social Media: Awareness, Audit and Assurance Tom Snyder Trivera Interactive November 16 th 2011.

Published byRoderick Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "Slide Heading Social Media: Awareness, Audit and Assurance Tom Snyder Trivera Interactive November 16 th 2011."— Presentation transcript:

1 Slide Heading Social Media: Awareness, Audit and Assurance Tom Snyder Trivera Interactive November 16 th 2011

2 Introductions Tom Snyder –Founded Trivera in 1996 –Working with businesses and organizations to find the acceptable level of balance between visionary possibilities and technological and organizational realities. Trivera Interactive –Web site development, Email Marketing, SEO and Social Media –Social Media Strategies and Policies.

3 Introductions

4 Social Media Usage Top 100 most valuable brands in the world are experiencing a direct correlation between top financial performance and deep social media engagement ~ ENGAGEMENTdb, The World’s Most Valuable Brands Fortune Global 100 companies  65% have active Twitter accounts  54% have Facebook fan pages  50% have YouTube video channels  33% have corporate blogs ~Burson-Marsteller, The Global Social Media Check-up Insights

5 Social Media Usage 95% of social media users now use it for business reasons 61% use public social media sites like LinkedIn, Twitter, Facebook, and YouTube every day (up from 51% in 2008). 15% use these sites "constantly throughout the day. 56% work for companies that have no policies that cover use at work and outside work

6 Social Media Usage

7 76% of companies now use Social Media for business purposes 43% have experienced employee misuse 31% have disciplined employees for misuse 29% block employee access 27% monitor employee use 25% ban use for non-business purposes

8 The Old Paradigm

9 The New Paradigm

10 Risks for Business Internal/Infrastructure Viruses/malware Non-compliance with record management regulations (PCI-DSS, HIPAA) Employee Inefficiency Employee Headhunting

11 Malware and Chain Exploitation Malicious profile generation Exploitation of “Social Human Touch” Worm Generation – Chain Infection and Reaction Drive-by-Download Browser Attacks Exploitation of Custom Code and APIs Exploitation of URL Shorteners or Hidden Links QR Codes

12 Risks for Business External/Customer Facing Lack of control over publicly-generated content Lack of control over internally-generated content Customer expectations Brand hijacking

13 Addressing Risk Tactics without strategy is the noise before defeat Strategy without tactics is the slowest route to victory -Sun Tzu

14 Addressing Risk Social Media Strategy Set your Goals Identify your Target Choose your Tools Craft your Voice Define your Roles Commit to Consistency Measure and Improve

15 Addressing Risk Social Media Policy “Official” Voices Associated Voices Everyone Else Work and Non-Work Usage Process Technology

16 Mitigating Risk Threats and Vulnerabilities RisksRisk Mitigation Techniques Introduction of viruses and malware to the organizational network Data leakage/theft “Owned” systems (zombies) System downtime Resources required to clean systems Ensure that antivirus and antimalware controls are installed on all systems and updated daily. Consider use of content filtering technology to restrict or limit access to social media sites. Ensure that appropriate controls are also installed on mobile devices such as smartphones. Establish or update policies and standards. Develop and conduct awareness training and campaigns to inform employees of the risks involved with using social media sites. Exposure to customers and the enterprise through a fraudulent or hijacked corporate presence Customer backlash and/or adverse legal actions Exposure of customer information Reputational damage Targeted phishing attacks on customers or employees Engage a brand protection firm that can scan the Internet and search out misuse of the enterprise brand. Give periodic informational updates to customers to maintain awareness of potential fraud and to establish clear guidelines regarding what information should be posted as part of the enterprise social media presence. Source: Social Media: Business Benefits and Security, Governance and Assurance Perspectives, ISACA Emerging Technology Whitepaper, May 2010

17 Mitigating Risk Threats and Vulnerabilities RisksRisk Mitigation Techniques Unclear or undefined content rights to information posted to social media sites Enterprise’s loss of control/ and/or legal rights of information posted to the social media sites Ensure that legal and communications teams carefully review user agreements for social media sites that are being considered. Establish clear policies that dictate to employees and customers what information should be posted as part of the enterprise social media presence. If feasible and appropriate, ensure that there is a capability to capture and log all communications. A move to a digital business model may increase customer service expectations Customer dissatisfaction with the responsiveness received in this arena, leading to potential reputational damage for the enterprise and customer retention issues Ensure that staffing is adequate to handle the amount of traffic that could be created from a social media presence. Create notices that provide clear windows for customer response Mismanagement of electronic communications that may be impacted by retention regulations or e-discovery Regulatory sanctions and fines Adverse legal actions Establish appropriate policies, processes and technologies to ensure that communications via social media that may be impacted by litigation or regulations are tracked and archived appropriately. Note that, depending on the social media site, maintaining an archive may not be a recommended approach.

18 Mitigating Risk Threats and Vulnerabilities RisksRisk Mitigation Techniques Use of personal accounts to communicate work- related information Privacy violations Reputational damage Loss of competitive advantage Work with the human resources (HR) department to establish new policies or ensure that existing policies address employee posting of work-related information. Work with the HR department to develop awareness training and campaigns that reinforce these policies. Employee posting pictures or info that link them to the enterprise Brand damage Reputational damage Work with the HR department to develop a policy that specifies how employees may use enterprise related images, assets, and intellectual property (IP) in their online presence. Excessive employee use of social media in the workplace Network utilization issues Productivity loss Increased risk of exposure to viruses and malware due to longer duration of sessions Manage accessibility to social media sites through content filtering or by limiting network throughput to social media sites. Employee access to social media via enterprise-supplied mobile devices. Infection of mobile devices Data theft via mobile devices Circumvention of controls Data leakage Route enterprise smartphones through corporate network filtering technology to restrict/limit access Ensure controls installed/updated on mobile devices Establish/update policies and standards regarding the use of smartphones to access social media. Social media awareness training and campaigns

19 Social Media Audit/Assurance ISACA's Social Media Audit Assurance Program released February 2011 and is available to members only Objective The objective of the social media audit/assurance review is to provide management with an independent assessment relating to the effectiveness of controls over the enterprise’s social media policies and processes. Scope The review will focus on governance, policies, procedures, training and awareness functions related to social media. Specifically, it will address: Strategy and governance—policies and frameworks People—training and awareness Processes Technology

20 Audit/Assurance Program Audit/Assurance Program Step Excerpt from ISACA’s Social Media Audit/Assurance Program COBIT Cross- reference COSO Reference Hyper-link Issue Cross- reference Comments Control Environment Risk Assessment Control Activities Information and Communication Monitoring 2.1 Risk Management Audit/Assurance Objective: The risk associated with social media is identified, evaluated, and aligned with enterprise risk profiles and risk appetite. Risk management is routinely evaluated for new and existing social media projects.2.1.1 Ongoing Risk Assessment 2.1.1 Control: Risk assessments are performed prior to initiation of a social media project. PO1.2 PO9.3 PO9.4 ME4.2 ME4.5 XX 2.2 Policies Audit/Assurance Objective: Policy and supporting standards exist to support social media use. 2.2.1 Social Media Policies and Standards Control: Policies for social media should address the following specific areas: Communication protocol Standardized terms/key words that may convey the company brand, product, image, campaign, business initiative, corporate social responsibility Use of standard logos, images, pictures, etc. Employee personal use of social media in the workplace Employee personal use of social media outside the workplace Employee use of social media for business purposes (personally owned devices) Use of mobile devices to access social media Required review, monitoring and follow-up processes for brand protection Communication of policy via social media sites Notification that compliance monitoring will be the right of the company Management procedures for company accounts on social media sites PO4.6 PO4.8 PO6.3 PO6.4 X

21 Resources and References 5 low-risk, high-reward experiments that could turn IT people into heroes5 low-risk, high-reward experiments that could turn IT people into heroes FaceTime Survey Reveals 38% of IT Managers Ignoring Web 2.0 RisksFaceTime Survey Reveals 38% of IT Managers Ignoring Web 2.0 Risks IT departments in dark over social media use Social Media in Healthcare Marketing: Making the Case Data breaches and the erosion of consumer trust in brands Top Five Social Media Risks for Business: New ISACA White Paper Social Media: Business Benefits and Security, Governance and Assurance PerspectivesSocial Media: Business Benefits and Security, Governance and Assurance Perspectives Chain Exploitation - Social Media Malware ISACA's Social Media Audit Assurance Program released February 2011 and is available to members only

22 Questions?

23 Tom Snyder – tom@trivera.com http://www.triveraguy.com Trivera Interactive tom@trivera.com http://www.triveraguy.com http://www.trivera.com

Download ppt "Slide Heading Social Media: Awareness, Audit and Assurance Tom Snyder Trivera Interactive November 16 th 2011."

Similar presentations

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Social Media in the Physician Practice Setting. Objectives 1. Review the types of social media available for communication with patients. 2. Explain the.

Social Media in the Physician Practice Setting. Objectives 1. Review the types of social media available for communication with patients. 2. Explain the.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Branding Your Company ON-LINE AND OFF. What is your brand?

Branding Your Company ON-LINE AND OFF. What is your brand?
Fluff Matters! Information Governance in an Online Era Lisa Welchman.

Fluff Matters! Information Governance in an Online Era Lisa Welchman.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
The proliferation of social media Word of Mouth– before and after… Crisis communication networks– Nature article.

The proliferation of social media Word of Mouth– before and after… Crisis communication networks– Nature article.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Ethical Implications of Social Media Use in Organizations Jennifer Sawayda Program Specialist Anderson School of Management University of New Mexico Albuquerque,

Ethical Implications of Social Media Use in Organizations Jennifer Sawayda Program Specialist Anderson School of Management University of New Mexico Albuquerque,
 Digital marketing: Uses digital media to develop communications and exchanges with customers  Electronic media (E-marketing): Refers to the strategic.

 Digital marketing: Uses digital media to develop communications and exchanges with customers  Electronic media (E-marketing): Refers to the strategic.
Network security policy: best practices

Network security policy: best practices
Social Media Policies Doug MacLeod Labour & Employment Lawyer MacLeod Law Firm.

Social Media Policies Doug MacLeod Labour & Employment Lawyer MacLeod Law Firm.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google