Contents

Foreword

Introduction

Part I Assessing Social Media Security

Chapter 1 The Social Media Security Process

Case Study: Reputation Damage from an Unprepared Social Media Strategy

What Went Wrong?

How Security Has Changed in the Recent Past

The Assessment Process

Why Follow the Assessment Process?

Organizational Analysis: Your Industry Online, the Good and the Bad

Analyzing Your Social Media Initiatives

Analyzing Your Existing Internal Processes

Securing Customer Data

Securing Channels of Communication

Identifying the Current Gaps in How Your Company Utilizes Social Media Securely

Competitive Analysis

Wrap Up

Chapter 2 Security Strategy Analysis: Foundation of Your Security Policy

Case Study: Hacking Is an Equal Opportunity Sport

The H.U.M.O.R. Matrix

Human Resources

Assessing the Current Environment

Measuring the Current State: H.U.M.O.R. Matrix

Utilization of Resources and Assets

Assessing the Current Environment

Measuring the Current State: H.U.M.O.R. Matrix

Monetary Considerations

Assessing the Current Environment

Measuring the Current State: H.U.M.O.R. Matrix

Operations Management

Assessing the Current Environment

Measuring the Current State: H.U.M.O.R. Matrix

Reputation Management

Assessing the Current Environment

Measuring the Current State: H.U.M.O.R. Matrix

Wrap Up

Chapter 3 Monitoring in the Social Media Landscape

Case Study: A Dangerous Public

What Could Have Been Done?

What Are Your Customers and the General Public Saying?

What to Monitor

When to Dedicate Resources to Combating Negative Mentions

Processes to Track the Conversations Leading Up to an Attack

What Are Your Employees Saying?

What to Monitor

The “What If” Scenario

Wrap Up

Part II Assessing Social Media Threats

Chapter 4 Threat Assessment

Case Study: Political Hacking

What Went Wrong?

The Changing Threat Landscape

Identifying the Threats

The Attackers

Threat Vectors

Threat Assessment and the Threat Management Lifecycle

Identify and Assess

Analyze

Execute

Threat Management in Action

H.U.M.O.R. Threat Assessment

Human Resources Threats

Utilization Threats

Monetary Threats

Operational Threats

Reputation Threats

Assessing Damage

Developing a Response

Wrap Up

Chapter 5 What Can Go Wrong

Case Study: Firesheep, A Real-World Example of Social Media Hacking

Dangers Specific to Social Networks

IT Security Restrictions to Protect Your Networks

Cyberstalking

Corporate Cyberstalking

Validating the End User

Determining Accountability

Data Scraping

Wrap Up

Part III Operations, Policies, & Processes

Chapter 6 Social Media Security Policy Best Practices

Case Study: Growth of Social Media Policy Usage

What Is an Effective Social Media Security Policy?

Regulatory and Legal Requirements

Managing In-house (Self-hosted) Applications

Managing Externally Hosted Applications

Enterprise-wide Coordination

Codes of Conduct and Acceptable Use

Roles and Responsibilities: The Community Manager

Education and Training

Policy Management

H.U.M.O.R. Guidelines

Developing Your Social Media Security Policy

The Policy Team

Determining Policy Response

A Sample Social Media Security Policy

Wrap Up

Chapter 7 Human Resources: Strategy & Collaboration

Case Study: “Expensive Paperweight” Gets Fired

Identifying Business Processes, Regulations, and Legal Requirements

The Community Manager: Defining and Implementing

Small Companies’ Human Resource Challenges

Medium-Sized Companies’ Human Resource Challenges

Large Companies’ Human Resource Challenges

Training

Training Community Managers

Training Employees

Wrap Up

Chapter 8 Utilization of Resources: Strategy & Collaboration

Case Study: Inappropriate Tweets

How Are Security Processes Handled?

Collaborating Securely

Utilizing Technology

Preventing Data Loss

Educating Employees

Wrap Up

Chapter 9 Monetary Considerations: Strategy & Collaboration

Case Study: Calculating the Cost of Data Loss

Costs of Implementing Controls

Costs of Threats and Countermeasures

Wrap Up

Chapter 10 Operations Management: Strategy & Collaboration

Case Study: Military Cyberprofiles

Operations Management Strategy

Roles and Responsibilities

Asset Management

Security Awareness Training

Physical Security

Communications

Network Management

Access Control

Application Development and Testing

Compliance

Controls Auditing

Auditing Steps for Internal Security Tools and Social Media Sites

Auditing Steps for External Social Media Sites

Wrap Up

Chapter 11 Reputation Management: Strategy & Collaboration

Case Study: Domino’s Reputation Attack

What Went Wrong?

What Did They Do Right?

Attempts to Ruin Brand Equity: From Logos to Brands

Actively Managing Your Reputation

Contacting Post Authors and Domain Owners

Requesting Content Removal

Resorting to Legal Recourse

Utilizing Search Engine Optimization

Zen and the Art of Social Media Strategy

When Marketing Campaigns Go Wrong…

Creating Your Own Social Network

Who Do You Call in a Crisis?

Reducing Reputation Risks with Incident Management

Wrap Up

Part IV Monitoring & Reporting

Chapter 12 Human Resources Monitoring & Reporting

Case Study: Facebook Posting Leads to Firing

Monitoring by Human Resources

Compliance

Focus of Monitoring

Can HR Ban Activity?

How to Monitor Employee Usage

How to Use Social Media to Monitor Prospective Employees

Baseline Monitoring and Reporting Requirements

Policy Management

Wrap Up

Chapter 13 Utilization Monitoring & Reporting

Case Study: How Not to Respond

Who, What, Where, When, and How?

Technology

URL Filtering

Searching and Analyzing Data

Intellectual Property

Copyright

Incident Management

Reporting Metrics

Wrap Up

Chapter 14 Monetary Monitoring & Reporting

Case Study: The Budgetary Challenge

Social Media Security on a Limited Budget

Google Alerts

Google Trends

Google Blog Search

Google Insights for Search

Social Media Security on a Big Budget

Radian6

Lithium (formerly Scout Labs)

Reputation.com

Training Costs

Wrap Up

Chapter 15 Operations Management Monitoring & Reporting

Case Study: Social Media Success

Types of Monitoring to Ensure Security Practices Are Followed

Data Loss Management: Tools and Practices

Alerting Systems

Usage Trend Tracking

Log File Archives

Monitoring and Management Tools

Monitoring Mentions

Monitoring Employees

Tracking Employee Usage

Benefits of Tracking Employee Usage

Dissemination of Policy Changes

Following the Social Media News

Wrap Up

Chapter 16 Reputation Management Monitoring & Reporting

Case Study: Uncontrolled Reputation Damage

Online Reputation Management

Brand Equity

Reputation Management and Employees

Setting Up a Monitoring System

Establishing a Baseline and Comparing Historical Periods

How to Make Good Use of Reputation Information

Wrap Up

Part V Social Media 3.0

Chapter 17 Assessing Your Social Media Strategy

How JAG’s Doing

The Challenges Ahead

Determine the Implementation Processes

Security Is a Moving Target

Continuous Changes in Management and Policy

Check Your Sources

Authentication Systems Are Changing

Brand Attacks Are Hard to Track

Active Reputation Management

Respond

Report

Remediate

Wrap Up

Chapter 18 The Future of Social Media Security

The Internet of Things

Evolving Threats to the “Global Brain”

Loss of Control

Product and Data Threats

Erosion of Privacy

Geolocation Targeting

Attack of the Appliances

Attack of the Brands

“You R owned!”

Inconsistent Regulations

The Best Defense Is a Good Offense

Jumping into the Deep End

Wrap Up

Appendix Resource Guide

Index