×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Securing the Clicks

samzenpus posted more than 2 years ago | from the read-all-about-it dept.

Security 19

brothke writes:"The book Digital Assassination: Protecting Your Reputation, Brand, or Business Against Online Attacks says businesses that take days to respond to social media issues are way behind the curve. Social media operates in real-time, and responses need to be almost as quick. In a valuable new book on the topic, Securing the Clicks Network Security in the Age of Social Media, Gary Bahadur, Jason Inasi and Alex de Carvalho provide the reader with a comprehensive overview on how not to be a victim of social media based security problems." Read on for the rest of Ben's review.Social media is now mainstream in corporate America, and even though it is hot, the security and privacy issues around it are even hotter. In the past, many firms simply said no to social media at the corporate level. But as Natalie Petouhoff of Weber Shandwick has observed, that will no longer work, as "social media isn't a choice anymore; it's a business transformation tool".

The main security and privacy issue around social media is that users will share huge amounts of highly confidential personal and business information with people they perceive to be legitimate. Besides that, issues such as malware, vulnerabilities (cross site scripting, cross site request forgery, etc.), corporate espionage, phishing, spear phishing and more; are just a few of the many security risks around social media that need to be taken into consideration.

In the book, the authors detail a framework for analyzing the corporate threats that arise from social media. The book uses the H.U.M.O.R methodology (Human resources, Utilization of resources and assets, Monetary considerations, Operations management, Reputation management) a matrix that outlines a systematic approach for developing the necessary security plans, policies and processes to mitigate social media risks.

At 325 pages, the books 5 parts and 18 chapters provide the reader with a comprehensive overview of all of the critical areas around social media secure, that can be used to safeguard its assets and digital rights, in addition to defending their reputation from social network-based attacks. The book covers all of the core topic areas, from assessing social media security, to monitoring in the social media landscape, threat assessments, reputation management: strategy and collaboration and more; the authors provide the reader with an enlightening overview of all of the core areas.

In chapter 1 the authors astutely note that no company today is immune to the many threats posted by a single individual, let alone a socially engaged and networked population. No firm should engage in social media before they fully understand the security and privacy risks that are being introduced. This book not only effectually does that; it also provides an all-inclusive framework around social media security.

As to the notion of the inherent security risks around social media, this was recently proven when Chris Hadnagy (author of Social Engineering: The Art of Human Hacking) and James O'Gorman detailed in their Social Engineering Capture the Flag results from Defcon 19 observed that information leakage via social media is a difficult problem to solve due to how it is used and the frequency it is used in today's society. Having access to social media from computers and cell phones means that people can update their accounts instantaneously, from anywhere. The ease of which an employee can share data can contribute heavily to information leakage.

Chapter 4 on threat assessments provides an exhaustive list of the different types of attackers and threat vectors that need to be considered when using social media. The attacks in the social media space are often different from typical IT attackers. As to threat vectors, there are a number of different vectors, both internal and external that can impact an organization. The chapter lists those vectors and details them.

Chapter 9 – monetary considerations – strategy and collaboration– is a fascinating chapter in that it notes that in many firms, IT security budgets have not yet clearly defined the line item for social media security. In addition, trying to retrofit the IT security budget by assuming that tools already purchased for data loss prevention will also cover social media security concerns will likely be inadequate.

Chapter 11 deals with reputation management – which has the goal to build and protect a positive Internet-based reputation, and not let it get subterfuge via social media. This is a significant issue as the risk to a firm's reputation is significant and growing with the increased use of social networks.

One very helpful feature of the book that effectively brings home the message is numerous real-world case studies in every chapter. One fascinating example in chapter 13 is about the Cooks Source infringement controversy and the nature of how notto respond to a social media issue.

The book also lists numerous amounts of tools. Chapter 13 has a comprehensive list of monitoring tools and the appendix has a list of nearly 100 tools for activity tracking, analytics, geolocation, plagiarism checking and more. These lists are extremely helpful, and the reader can start using many of these tools to get an initial pulse on the level of security around how their firm uses social media.

Chapter 14 provides excellent guidance on how to execute social media security on a limited budget. The authors suggest the use of free or inexpensive software and other resources that can be used to help a company monitor the impact of their social media infrastructure. The chapter also details how social media security can be executed on a bugger budget, via the use of more sophisticated tools that can be used to secure manage the data flows within an organization.

It will not be long until Facebook has its 1 billionth user. Given that a New York court recently referred to a user's reasonable expectation of privacy on sites like Facebook and MySpace as wishful thinking, the importance of Securing the Clicks Network Security in the Age of Social Media can't be overemphasized.

For those firms that are looking to securely use social media, and not get abused by it, this book should be required reading.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Securing the Clicks Network Security in the Age of Social Media from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

19 comments

First (-1, Offtopic)

sexconker (1179573) | more than 2 years ago | (#37951848)

First you get the money
Then you get the power
Then you get the penises^wdicks^wclicks

Re:First (-1)

Anonymous Coward | more than 2 years ago | (#37951858)

pointless wasted comment

Social Media Security On A PinHead: +5, Ingenious (0, Insightful)

Anonymous Coward | more than 2 years ago | (#37952364)

be ANTI-SOCIAL.

Yours In Ufa,
Kilgore Trout.

Isn't it ironic (1)

Anonymous Coward | more than 2 years ago | (#37952836)

that it says "businesses that take days to respond are behind the curve"... but then it was published in book format, which can take months to publish, and days to arrive after someone orders it.

Re:Isn't it ironic (0)

Anonymous Coward | more than 2 years ago | (#37961962)

so what is the alternative?

Corporations Need To React Faster, eh? (0)

Anonymous Coward | more than 2 years ago | (#37952884)

Interesting! I'll go pick up a copy of this book after I close my Bank of America account tomorrow morning.

News for Marketing toolbags... (1)

sdguero (1112795) | more than 2 years ago | (#37953080)

This isn't news for nerds. It's a promotion for a marketing guy's book. The post merely summarizes the book and says that it's topic is REALLY REALLY IMPORTANT.

Book review FAIL. Slashdot FAIL. I miss you taco.

Re:News for Marketing toolbags... (1)

AlXtreme (223728) | more than 2 years ago | (#37954232)

And the reviewer's book has the same publisher as this book (McGraw-Hill Osborne Media). How blatantly obvious can a shill be?

At least Taco would have the decency to not state that the reviewer is also an author...

Re:News for Marketing toolbags... (1)

s_javinder (2501570) | more than 2 years ago | (#37962638)

http://en.wikipedia.org/wiki/Shill [wikipedia.org] A shill, plant or stooge is a person who helps a person or organization without disclosing that he or she has a close relationship with that person or organization. Does that fact that he wrote a book for the same publisher constitute ‘a close relationship’? Me thinks no. :::Shill typically refers to someone who purposely gives onlookers the impression that he or she is an enthusiastic independent customer of a seller (or marketer of ideas) that he or she is secretly working for. The review is detailed. This is not marketing. What’s your problem?

Re:News for Marketing toolbags... (0)

Anonymous Coward | more than 2 years ago | (#37961998)

this book as I undersdtnad it is not marketing, rather securtiy tools and monitoring.

Re:News for Marketing toolbags... (1)

s_javinder (2501570) | more than 2 years ago | (#37962546)

http://en.wikipedia.org/wiki/Book_review [wikipedia.org] A book review is a form of literary criticism in which a book is analyzed based on content, style, and merit.[1] A book review could be a primary source opinion piece, summary review or scholarly review.[2] It is often carried out in periodicals, as school work, or on the internet. And he did just that. He analyzed and recommended it. What do you want?

Interesting (0)

Anonymous Coward | more than 2 years ago | (#37953146)

Love how there are only 6 (now 7) comments on this and most of them are anonymous.

What does that say about bullshit like "social media isn't a choice anymore; it's a business transformation tool"? A phrase that should serve as a warning to any "social" users as it reveals it's all about "businesses" that are ethically challenged pseudo- or crypto-criminal and built on leeching off their "customers".

Facebook and others are the vectors of a novel kind of illness; an electronically transmitted parasitic disease mislabeled as "social media". They're simply digital cockroaches emulating their biological brethren in most aspects.

MVC-Compliant Web 3.0 SaaS Cloud (0)

Anonymous Coward | more than 2 years ago | (#37953178)

I tuned out when I saw four instances of the phrase "social media" in the snippet alone.

"Social media is a revolutionary opt-in marketing paradigm that enables business to leverage community engagement!" tl;dr: Some unemployed idiot ("social media entrepreneur") scams your executives into cutting a check, makes an official company Twitter feed and fills it with bullshit. Claims to be engaging your client base.

Misread as Securing the Chicks (1)

popoutman (189497) | more than 2 years ago | (#37954066)

Misread the book title as "Securing the Chicks" and thought - ooh using nerd skills in the dating game....
Was a little disappointed.

innlegget ditt er meget bra (0)

Anonymous Coward | more than 2 years ago | (#38044596)

innlegget ditt er meget bra, http://bit.ly/rNsQ2d kan jeg dele den med mine venner på twitter? du vet, er det flott å legge til verden.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...