Wrap Up

IT security budgets have not yet clearly defined line items for social media security. Trying to retrofit the IT security budget and assume tools already purchased for data loss prevention will cover all your social media security concerns is not going to give you enough coverage. Social media security threats should be viewed just as other IT threats, such as virus attacks and hacker attacks, are viewed; dedicated tools and budgets must be identified to manage the risk. Whether you use free online tools and resources or paid resources, you have to address the costs of both threats and responses.

The threat assessment process identifies the threats and, for each threat, its ease of exploitation, impact, and the mitigation tactics necessary to reduce risk. The overall costs of modifying your typical IT security tactics have to be implemented into your budgeting process. With social media, there is a high risk of uncontrolled threats, such as customers posting on blogs and Facebook. You have to redefine your acceptable risk standards and shift budgets to reputation management and crisis control rather than direct software and hardware tools. As social media tools and cloud services change on an almost monthly basis, the budgeting process has to be more flexible than the typical yearly cycle used for most IT security planning processes.

Improvement Checklist

Have you developed a matrix to track all costs associated with social media usage?

Have you identified specific budget line items dedicated to social media security tools?

Have you identified threat tactics and costs to address different kinds of threats?

Have you identified resources required for countermeasures?

Have you implemented a process to budget for new social media tools and threats on a quarterly basis?