With the exponential rise in the use of social networks, it now seems odd when you come across the one or two individuals who staunchly oppose the use of these much cherished and adored refuges. But can we really know, trust, and keep track of the several hundred virtual friends we are amassing. This session takes a scientific look at whether we can and the impact the answer to this has on employees, and the corporations in which they work.

1. Some thoughts from the thought
leaders: web future
• Acting as a human prosthesis, working for them
unconsciously
• Carry forward openness
• Do a better job understanding the language of
the web – video, pictures, still images, and
connecting them to people; communities and
collaboration
• Do what the brain can’t do
• Ultimate extension of me, my own knowledge
base
Contributors: Howard Bloom, Author, The Evolution of Mass Mind from the Big Bang to the 21st
Century, Peter Norvig, Director of Research, Google Inc., Jon Udell, Evangelist, Microsoft Corporation,
Prabhakar Raghavan, PhD, Head of Research and Search Strategy, Yahoo! Inc.
[Extended list available from presenter]

2. Social Networks – Should my
employer be concerned?
Mark Henshaw, (ISC)2

3. Why do we have Social Networks?
• They have established themselves, are ubiquitous
and persistent
• “A limb”, “a right”, “a differentiator”
• Community, belonging, social groups
• Decline in citizenship
• Increased social dispersal
• Language is a cheap means of social grooming –
maintaining uncoupled yet effective social
cohesion
Dunbar’s number = 150 Bernard and Killworth mean number = 290

4. Social Networks – trust everyone
Targeted malware
Lack of control
n2n bridgeheads
Attack surfaces
Corporatevulnerability
GREATER TRUST INCREASES VULNERABILITY
Open web access
Increasing pervasive
vulnerabilities due to unfettered
hyperconnected “trust” in the
workplace
• Number of social contacts = currency
• Impersonation is relatively simple
• Creating false persona and building a social network
• Social Engineers dream
• Basic instincts ignored, easy lures

5. Information under Siege
Unfettered evolution; hyperconnected coupled with web x.x leads to
significant reduced effectiveness of traditional layered controls and increased
risk to critical assets

6. People Dependent, controlled, limited,
dangerous, inefficient
Liberated, self-governing, self-selecting, self-
protecting and self-healing, peer production,
free to choose how we work
Process, and
Data
Hard coded (DNA), one size, big
engine long ROI, inefficient,
ineffective, single use, dumb
Adaptive, Intelligent, loss protected DLP,
rights managed DRM, classified information,
clever metadata, information managers
Technology Monolithic, evolved bottom up,
limiting, data centric
Stateful, layered, risk based, plug-in and go,
software as service, standardised, SOA,
information centric, vendor agnostic
Supplier Silo minded vertical, product
based solutions, part of the
problem
Integrated cross-pollinated supplier-plus-
supplier-to-customer (S+S2C), diverse
service orientated
Governance Internal focused, hierarchical
weighting, exclusive, not holistic
Extended, cross-community participative,
aware, peer-to-peer, collaborative, inclusive,
operating with a clear business mandate
We are: We want:
today future
Integrated approach
Architecture of Participation

7. Should my employer be concerned?
YES if any one of the following is true
1 - No business awareness and risks are not understood
2 - Social Media Policy does not exist, or Policy does exist BUT employees are
not trained
3 - Employees not aware of risks – no education and awareness exists covering
use of Social Media and Social Networks
4 - Data Loss Prevention tools (DLP) not installed OR operational
5 - High sensitivity/value information/industry
6 - If no business benefit
Create and implement a Social Media Strategy
Form a Social Media steering committee
Establish robust and proven governance
Where appropriate prevent access
Consider the impact of personal use
Develop Architecture of Participation
Ensure that your employee NDA’s include client
information (identities, names, addresses, etc.)
within the definition of “confidential
information.”
Add a social media section to non-compete
clauses and NDAs that clearly addresses use of
social media
Carefully periodically review the various use,
privacy, copyright and other policies

8. Questions
Contact the presenter: markh@acceptablesolutions.co.uk