Guidelines for Secure Use of Social Media by Federal Departments and Agencies, v1.0

Risks

Federal Government information systems are targeted by persistent, pervasive, aggressive threats.

In order to defend against rapidly evolving social media threats, departments and agencies should include a multi-layered approach in a risk management program, including risks to the individual, risks to the department or agency, and risks to the federal infrastructure.

Social media technologies such as Wikis, Blogs, and social networks are vulnerable to the following methods/techniques of cyber attacks: Spear phishing, Social Engineering, and Web Application Attacks

The Threat

Federal Government information systems are targeted by persistent, pervasive, aggressive threats. This is well known and documented, as stated in May of 2009 by Margaret Graves, Acting CIO for the Department of Homeland Security.

Recommendations

The following are a series of strategies and recommendations for federal departments, agencies, and policy makers to minimize risk.

Policy Controls

The safe use of social media is fundamentally a behavioral issue, not a technology issue.

Policy addressing behavior associated with protecting data would likely cover current social media technologies as well as future technologies. Policies for Web 2.0 technologies, blogs, wikis, social media sites, mash-ups, cloud computing, Web 3.0, outsourced e-mail, and other new technologies will remain extensible and applicable.

Acquisition Controls

When Federal agencies use hosted information systems, such as social media websites, they must have some level of risk management, mitigation, and acceptance of residual risk.

Most social media websites have a service subscription model that provides additional capabilities, or may be able to provide federal agencies with additional capabilities for a fee. This has already been demonstrated through modifications to Terms of Service (TOS) agreements by GSA.

http://www.cio.gov/Documents/Guidelines_for_Secure_Use_Social_Media_v01-0.pdf

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: