How to Use Web 2.0 and Social Networking Sites Securely: A Pocket Guide
By Alan Calder
()
About this ebook
This pocket guide tells you the steps your organisation should take to ensure that your employees are using Web 2.0 sites in a secure manner, and that your confidential corporate data is protected.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5IT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5PCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5Network and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratings
Related to How to Use Web 2.0 and Social Networking Sites Securely
Related ebooks
Threat 2.0: Security and Compliance for Web 2.0 Sites Rating: 0 out of 5 stars0 ratingsCyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratingsSeven Deadliest Social Network Attacks Rating: 0 out of 5 stars0 ratingsManaging Online Risk: Apps, Mobile, and Social Media Security Rating: 0 out of 5 stars0 ratingsDefending the Digital Perimeter: Network Security Audit Readiness Strategies Rating: 0 out of 5 stars0 ratingsBlind Spot: Smartphone and Computer Personal Security Guide Rating: 3 out of 5 stars3/5IT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsCyber Security and the Future of Digital Payments Rating: 0 out of 5 stars0 ratingsThe Ransomware Handbook: How to Prepare for, Prevent, and Recover from Ransomware Attacks Rating: 4 out of 5 stars4/5Managing Information Security Rating: 0 out of 5 stars0 ratingsMobile Malware Attacks and Defense Rating: 5 out of 5 stars5/5PCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratingsPhishing Detection A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCEH v9: Certified Ethical Hacker Version 9 Practice Tests Rating: 0 out of 5 stars0 ratingsBig Data Privacy Second Edition Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsSoftware License Optimization And Entitlement A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsDigital Footprints Rating: 0 out of 5 stars0 ratingsNational Cyber Security Division Second Edition Rating: 0 out of 5 stars0 ratingsPhishing Detection And Response A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsHacking for Everyone?: An Introduction to Cyber Security Rating: 0 out of 5 stars0 ratingsDetecting and Combating Malicious Email Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsOWNED: Why hacking continues to be a problem Rating: 0 out of 5 stars0 ratingsBlockchain in Cyber Security A Complete Guide - 2019 Edition Rating: 1 out of 5 stars1/510 Things That Used to be Good Ideas in Data Security Rating: 0 out of 5 stars0 ratingsCybersecurity as a Fishing Game: Developing Cybersecurity in the Form of Fishing Game and What Top Management Should Understand Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in North America Rating: 0 out of 5 stars0 ratingsDigital Forensics Basics: A Practical Guide Using Windows OS Rating: 0 out of 5 stars0 ratings
Security For You
Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Destination CISSP Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Cybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsHow to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5
Reviews for How to Use Web 2.0 and Social Networking Sites Securely
0 ratings0 reviews
Book preview
How to Use Web 2.0 and Social Networking Sites Securely - Alan Calder
978-1-849281-14-0
FOREWORD
At its simplest, Web 2.0 is the term used to describe the second generation of web technologies, including social networking sites, blogs and wikis, all of which enable the Web to be used in a different, more interactive way than before. These technologies also enable users to connect with a very large number of people in a short period of time at low cost.
The use of Web 2.0 technologies has also spawned new business models and enabled improved collaboration, knowledge sharing and communication within organisations.
At the same time, however, Web 2.0 technologies bring greater security risks for their fast growing universe of users. The number of risks is also growing exponentially. The challenge for businesses, therefore, is to find ways of enabling their users to use Web 2.0 technologies whilst minimising the risks.
Given the widespread use of Web 2.0 technologies and their impact in terms of the number and types of incidents and the cost of them, controlling Web 2.0 risks needs to be a high priority for all organisations. This pocket guide provides recommendations for organisations that will help them ensure that their employees are using Web 2.0 sites in a secure manner, and that their personal and confidential corporate data is protected.
CONTENTS
INTRODUCTION
At its simplest, Web 2.0 is the term used to describe the second generation of Web technologies, including social networking sites, blogs and wikis, which enable the Web to be used in a different, more interactive way than before. These technologies enable activities such as online networking, user involvement, creativity and online collaboration. The technologies also enable users to connect with a very large number of people in a short period of time at low cost.
The combination of newer technologies such as Ajax and CSS has enabled some websites those described as Web 2.0 sites to feature enhanced functionality, better storage of data and a richer user interface. For example, the Google maps application provides much detail of information, together with a rich interface where the page and the map are refreshed instantly as the cursor is moved.
The use of Web 2.0 technologies has also spawned new business models and enabled improved collaboration, knowledge sharing and communication within organisations.
At the same time, however, Web 2.0 technologies bring greater security risks for their fast growing universe of users. The number of risks is also growing exponentially. A report carried out by ScanSafe in July 2008 showed that there was more web-based malware in July 2008 than in the whole of 2007¹. Not only that, but the amount of malware reported in October 2008 exceeded that of July 2008 by 21%.
The challenge for businesses, therefore, is to find ways of enabling their users to use Web 2.0 technologies whilst minimising the risks.
Mary Landesman, Senior Security Researcher at ScanSafe points to three reasons for the increasing number of security risks associated with Web 2.0 technologies²:
1 The maturity of Web 2.0 and the sheer number of websites and inexperienced people who are able to put up websites
.
2 Automated tools that allowed for discovery of vulnerable web servers and sites. Attackers no longer have to manually probe for vulnerable targets that are slow, inefficient and exposed the attacker to discovery.
3 Exploit frameworks available in the public sector. These are pre-built with exploits that
¹ ‘Web-borne malware targets unexpected industries’, Neil Roiter, SearchSecurity.com, 13 November 2008, http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1338866,00.html.
² ‘Web-borne malware targets unexpected in industires’, Neil Roiter, SearchSecurity.com, 13 November 2008, http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1338866,00.html
make it easy