Professional Documents
Culture Documents
? BBS
Social media technology and network creation of content, and dissemination of content using the Internet Allowing consumers to share the content, comment, discuss and even distribute the news
4
Sources of Data
BLOGS - WordPress and TypePad, MICROBLOGS - Twitter and Tumblr, INSTANT MESSAGING AOL AIM, MS Live Messenger Online communication systems - (e.g., Skype) Image and video SHARING sites - Flickr and YouTube, SOCIAL NETWORKING sites - Facebook and MySpace, PROFESSIONAL NETWORKING sites - LinkedIn
5
Social media use is no longer an exception, but rather a rule! ? As a tool to simulate innovation, ? Create brand recognition, ? Provide Information ? Feedback, Views and Trends ? Hire and retain employees, ? Generate revenue, and ? Improve customer satisfaction.
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives ENGAGEMENTdb, The Worlds Most Valuable Brands. Whos Most Engaged? Ranking the Top 100 Global Brands, www.engagementdb.com/downloads/ENGAGEMENTdb_Report_2009.pdf
A 2010 Burson-Marsteller study of Fortune 500 companies: ? 65% have active Twitter accounts ? 54% have Facebook fan pages ? 50% have Youtube video channels, and ? 33% have corporate blogs
According to the 2010 Social Media Marketing Report , 67% of marketers plan to increase their use of social media channels including blogs, Twitter, and Facebook.
2 Burson-Marsteller, The Global Social Media Check-up Insights: From the Burson-Marsteller Evidence-based Communications Group, www.burson-marsteller.com/ Innovation_and_insights/blogs_and_podcasts/BM_Blog/Documents/Burson-Marsteller%202010%20Global%20Social%20Media%20Check-up%20white%20paper.pdf
Distribution of tweets Breakdown of by/to @QPSMedia and intweets in the #qldfloods for the week of 10 Jan. 2011 Information
category
Crowd-sourcing crisis-relevant information and trends can be achieved from Twitter Data
Souece: #qldfloods and @QPSMedia: Crisis Communication on Twitter in the 2011 South East Queensland Floods Media Ecologies Project, ARC Centre of Excellence for Creative Industries & Innovation (CCI), http://cci.edu.au/ Axel Bruns and Jean Burgess Creative Industries Faculty, Queensland University of Technology Kate Crawford and Frances Shaw Journalism and Media Research Centre, University of New South Wales
missing teenager. Only he forgets to tell her mom first ? Drug Companies Wait for FDA Guidelines on Social Media Marketing - drug makers faced potential legal issues with the reporting of adverse events, negative information and libelous information ? Liability for libel Privacy violations and damage to brand recognition ? Information security risks
1 - http://www.techrepublic.com/blog/career/another-case-of-social-media-eating-the-brain-of-a-user/4136?tag=nl.e101
Business Intelligence Define Access Semi-Structured Data Aggregate - Meta data Analyse Report
10
11
Social Media Social Media Policy Discovery -Target audience -Objectives -Social capability -Governance
Social Media Risk Management Strategy -Listening -Social tools -Content strategy -Blog strategy Data Repository & Storage Information Management -Data Analytics -Goals & Benefits -Review
Business Intelligence Access and Analytics Information Techniques & Consumers Subject Area Action Knowledge
Metadata Security, Privacy, and Regulatory Compliance Project Management, Change Control, Information Management IT Infrastructure and Networks
12
Social media does have inherent risks that could negatively impact enterprise security
? Can be started without proper governance
? Without
? Opportunity cost ? Risk of communicating with customers or constituents ? Risk to corporate network ? Risks from mobile devices ? Risks of social engineering ? Risks of violation of privacy and corporate policies ? Risk of employee personal use of social media from
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives
13
Require good governance and management of information and technology (IT) assets Create a social media strategy Have a plan to address the risks that accompany the technology
1 - ISACA = Information System Audit and Control Association ITGI = IT Governance Institute
14
Information is a key resource for all enterprises. Information is created, used, retained, disclosed and destroyed. Technology plays a key role in these actions. Technology is becoming pervasive in all aspects of business and personal life. What benefits does information and technology bring to enterprises?
1 - ISACA = Information System Audit and Control Association www.isaca.org ITGI = IT Governance Institute
15
When creating a social media strategy - some questions to consider are: Strategic benefit? Involvement of stakeholders? Risks Benefits Vs costs? Legal, Privacy and Regulatory issues and requirements? Ensure positive brand recognition? Awareness training? Handling of customers? Resources to support such an initiative?
ISACA develops and maintain the CobiT and Risk IT frameworks
16
1. Strategy and Governance Establish a policy that addresses social media use Policies to address all aspects of social media use in the workplace? Risk assessment 2. People Effective training for all users 3. Processes Review business process using social media Aligned with policies and standards of the enterprise? 4. Technology IT strategy and supporting capabilities to manage technical risks Technical controls and processes support social media policies and standards Established process to address the risk introduced by Social media and negatively impact on the enterprise?
Source: ISACAs Business Model for Information Security (BMIS) : The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective. 17
? Personal use
it is allowed ? The nondisclosure/posting of business-related content ? The discussion of workplace-related topics ? In-appropriate sites, content or conversations ? Standard disclaimers if identifying the employer ? The dangers of posting too much personal information
? Whether
? Business use
? Whether
it is allowed ? The process to gain approval for use ? The scope of topics or information permitted to flow through this channel ? Disallowed installation of applications, playing games ? The escalation process for customer issues
18
RISK Use of personal account to communicate work-related information Posting of photographs of information that links users to their employees Excessive use of social media in the workplace
IMPACT Privacy violation Corporate reputation damage Loss of competitive advantage Brand damage Corporate reputation damage Network utilisation issue Loss of productivity Increased risk of exposure to virus and malware Infection of mobile devices Data theft from mobile devices Data leakage Bypassed enterprise controls
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives
19
Risks
Data leakage Zombies Downtime Cost Customer backlash Exposure of customer information Reputational damage Targeted phishing attacks Enterprise loss of control/legal rights Customer dissatisfaction Reputational damage Customer retention issue Regulatory sanctions and fines Adverse legal actions
Legal to review contract Establish clear policies on posting Establish log capturing Ensure adequate staffing for handling social media traffic. Create notices that provide clear windows for customer response. Establish appropriate policies, processes and technologies to ensure that communications via social media that may be impacted by litigation or regulations are tracked and archived appropriately. Note that, depending on the social media site, maintaining an archive may not be a recommended approach.
20
Risks
Privacy violation Reputational damage Loss of competitive advantage Brand damage Reputational damage Network utilization issues Productivity loss Increased risk of exposure to viruses and malware Infection of mobile devices Data theft from mobile devices Circumvention of enterprise controls Data leakage
Route enterprise mobile devices through corporate network filtering technology Ensure that appropriate updated controls are installed on mobile devices. Establish or update policies and standards regarding the use of mobile devices to access social media. Develop and conduct awareness training for risks involved with using social media sites.
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives
21
? Consumer-oriented technology, ? An enterprises tool to drive business objectives ? Affords enterprises many potential benefits ? Inherent risks such as data leakage, malware
propagation and privacy infringement. ? Adopt a cross-functional, strategic approach that addresses risks, along with appropriate governance and assurance measures.
2 0 1 0 I S A C A, Social Media: Business Benefits and Security, Governance and Assurance Perspectives
22
23