Risks
Federal Government information systems are targeted by persistent, pervasive, aggressive threats.
In order to defend against rapidly evolving social media threats, departments and agencies should include a multi-layered approach in a risk management program, including risks to the individual, risks to the department or agency, and risks to the federal infrastructure.
Social media technologies such as Wikis, Blogs, and social networks are vulnerable to the following methods/techniques of cyber attacks: Spear phishing, Social Engineering, and Web Application Attacks
The Threat
Federal Government information systems are targeted by persistent, pervasive, aggressive threats. This is well known and documented, as stated in May of 2009 by Margaret Graves, Acting CIO for the Department of Homeland Security.
Recommendations
The following are a series of strategies and recommendations for federal departments, agencies, and policy makers to minimize risk.
Policy Controls
The safe use of social media is fundamentally a behavioral issue, not a technology issue.
Policy addressing behavior associated with protecting data would likely cover current social media technologies as well as future technologies. Policies for Web 2.0 technologies, blogs, wikis, social media sites, mash-ups, cloud computing, Web 3.0, outsourced e-mail, and other new technologies will remain extensible and applicable.
Acquisition Controls
When Federal agencies use hosted information systems, such as social media websites, they must have some level of risk management, mitigation, and acceptance of residual risk.
Most social media websites have a service subscription model that provides additional capabilities, or may be able to provide federal agencies with additional capabilities for a fee. This has already been demonstrated through modifications to Terms of Service (TOS) agreements by GSA.
http://www.cio.gov/Documents/Guidelines_for_Secure_Use_Social_Media_v01-0.pdf
Free to share your thoughts 