Securing the Clicks Network Security in the Age of Social Media [Paperback]

Gary Bahadur (Author), Jason Inasi (Author), Alex de Carvalho (Author)

Book Description

Publication Date: October 10, 2011 | ISBN-10: 0071769056 | ISBN-13: 978-0071769051 | Edition: 1

Defend against corporate espionage launched from social networks

Protect your organization from devastating social media attacks with instruction from a team of information security experts. Securing the Clicks: Network Security in the Age of Social Media explains the latest threats along with detailed fixes, best practices, and "from the headlines" case studies. Find out how to analyze risk, implement robust security protocols, and enforce social media usage policies. Regulatory compliance, online reputation management, and incident response are also covered in this comprehensive volume.

• Assess your global social media presence and identify vulnerabilities
• Establish solid security policies at every level of your organization
• Allocate resources for planning, administration, and corrective action
• Monitor usage by employees, clients, competitors, and the public
• Block cyberstalking. phishing, malware, and identity theft exploits
• Guard intellectual property rights, trademarks, copyrights, and logos
• Preserve your brand image using online reputation management tools

Gary Bahadur is the founder and CEO of KRAA Security [www.kraasecurity.com/social-media-security], which protects organizations from threats through a combination of prevention services. He was the cofounder and CIO of Foundstone, Inc.

Jason Inasi is CEO and cofounder of The Factory Interactive {www.thefactoryi.com], a digital design and marketing agency, and president of Inasi Group, an international, multidisciplinary, technology advisory firm.

Alex de Carvalho is vice president of business development and community at VoxMed, cofounder of The Startup Forum, director of social media at Medimix International, and adjunct professor of social media at the University of Miami.

Editorial Reviews

About the Author

Gary Bahadur, CISSP, is the founder of KRAA Security and a social media security consultancy. He was co-founder and Chief Information Officer of Foundstone, Inc., a security vulnerability risk management firm that provided security consulting and training services and technical infrastructure implementation and was sold to McAfee in 2004. Mr. Bahadur is a frequent speaker at security conferences and writes for a number of security-related publications, including Information Security Magazine and SysAdmin Magazine.

Jason Inasi is CEO and creative director at The Factory Interactive, a Miami-based digital design and identity development agency specializing in brand identity, SEO, mobile and Web applications, and business-to-business collaboration. He speaks widely on social media.

Alex de Carvalho is VP of Business Development & Community at VoxMed, co-founder of The Startup Forum, director of social media at Medimix International, and adjunct professor of social media at the University of Miami. He has more than 15 years of experience directing business development at online media and mobile content companies.

Product Details

• Paperback: 368 pages
• Publisher: McGraw-Hill Osborne Media; 1 edition (October 10, 2011)
• Language: English
• ISBN-10: 0071769056
• ISBN-13: 978-0071769051
• Product Dimensions: 7.3 x 0.7 x 9.1 inches
• Shipping Weight: 12.8 ounces (View shipping rates and policies)
• Average Customer Review: 4.8 out of 5 stars  See all reviews (8 customer reviews)
• Amazon Best Sellers Rank: #415,650 in Books (See Top 100 in Books)
  • #99 in Books > Computers & Technology > Business & Management > Social Media for Business

Most Helpful Customer Reviews

12 of 12 people found the following review helpful

5.0 out of 5 stars Required reading for those looking to securely use social media November 4, 2011

By Ben Rothke

Format:Paperback

In the book Digital Assassination: Protecting Your Reputation, Brand, or Business Against Online Attacks, it states that businesses that take days to respond to social media issues are way behind the curve. Social media operates in real-time, and responses need to be almost as quick.

In a valuable new book on the topic, Securing the Clicks Network Security in the Age of Social Media, Gary Bahadur, Jason Inasi and Alex de Carvalho provide the reader with a comprehensive overview on how not to be a victim of social media based security problems.

Social media is now mainstream in corporate America, and even though it is hot, the security and privacy issues around it are even hotter. In the past, many firms simply said no to social media at the corporate level. But as Natalie Petouhoff of Weber Shandwick has observed, that will no longer work, as "social media isn't a choice anymore; it's a business transformation tool".

The main security and privacy issue around social media is that users will share huge amounts of highly confidential personal and business information with people they perceive to be legitimate. Besides that, issues such as malware, vulnerabilities (cross site scripting, cross site request forgery, etc.), corporate espionage, phishing, spear phishing and more; are just a few of the many security risks around social media that need to be taken into consideration.

In the book, the authors detail a framework for analyzing the corporate threats that arise from social media. The book uses the H.U.M.O.R methodology (Human resources, Utilization of resources and assets, Monetary considerations, Operations management, Reputation management) a matrix that outlines a systematic approach for developing the necessary security plans, policies and processes to mitigate social media risks.

At 325 pages, the books 5 parts and 18 chapters provide the reader with a comprehensive overview of all of the critical areas around social media secure, that can be used to safeguard its assets and digital rights, in addition to defending their reputation from social network-based attacks. The book covers all of the core topic areas, from assessing social media security, to monitoring in the social media landscape, threat assessments, reputation management: strategy and collaboration and more; the authors provide the reader with an enlightening overview of all of the core areas.

In chapter 1, the authors astutely note that no company today is immune to the many threats posted by a single individual, let alone a socially engaged and networked population. No firm should engage in social media before they fully understand the security and privacy risks that are being introduced. This book not only effectually does that; it also provides an all-inclusive framework around social media security.

As to the notion of the inherent security risks around social media, this was recently proven when Chris Hadnagy (author of Social Engineering: The Art of Human Hacking, reviewed here) and James O'Gorman detailed in their Social Engineering Capture the Flag results from Defcon 19 observed that information leakage via social media is a difficult problem to solve due to how it is used and the frequency it is used in today's society. Having access to social media from computers and cell phones means that people can update their accounts instantaneously, from anywhere. The ease of which an employee can share data can contribute heavily to information leakage.

Chapter 4 on threat assessments provides an exhaustive list of the different types of attackers and threat vectors that need to be considered when using social media. The attacks in the social media space are often different from typical IT attackers. As to threat vectors, there are a number of different vectors, both internal and external that can impact an organization. The chapter lists those vectors and details them.

Chapter 9 - monetary considerations - strategy and collaboration - is a fascinating chapter in that it notes that in many firms, IT security budgets have not yet clearly defined the line item for social media security. In addition, trying to retrofit the IT security budget by assuming that tools already purchased for data loss prevention will also cover social media security concerns will likely be inadequate.

Chapter 11 deals with reputation management - which has the goal to build and protect a positive Internet-based reputation, and not let it get subterfuged via social media. This is a significant issue as the risk to a firm's reputation is significant and growing with the increased use of social networks.

One very helpful feature of the book that effectively brings home the message is numerous real-world case studies in every chapter. One fascinating example in chapter 13 is about the Cooks Source infringement controversy and the nature of how not to respond to a social media issue.

The book also lists numerous amounts of tools. Chapter 13 has a comprehensive list of monitoring tools and the appendix has a list of nearly 100 tools for activity tracking, analytics, geolocation, plagiarism checking and more. These lists are extremely helpful, and the reader can start using many of these tools to get an initial pulse on the level of security around how their firm uses social media.

Chapter 14 provides excellent guidance on how to execute social media security on a limited budget. The authors suggest the use of free or inexpensive software and other resources that can be used to help a company monitor the impact of their social media infrastructure. The chapter also details how social media security can be executed on a bugger budget, via the use of more sophisticated tools that can be used to secure manage the data flows within an organization.

It will not be long until Facebook has its 1 billionth user. Given that a New York court recently referred to a user's reasonable expectation of privacy on sites like Facebook and MySpace as wishful thinking, the importance of Securing the Clicks Network Security in the Age of Social Media can't be overemphasized.

For those firms that are looking to securely use social media, and not get abused by it, this book should be required reading.

10 of 11 people found the following review helpful

5.0 out of 5 stars Relevant and Useful November 18, 2011

By Angela

Format:Paperback

As an IT compliance professional, I appreciate the methodology (H.U.M.O.R) and framework provided to raise the appropriate level of awareness, steer conversations with everyone involved in Social Media (Marketing, Legal, Operations, IT etc). The examples provided in through the book raise the level of importance warranted to this subject. I have already use the framework to assist others in developing their social media policies and raising the level of awareness to the right audience (e.g. executive management). this book provides hand-on information on how to craft and monitor a viable social media policy. A thank you to the authors for taking the time to distill the noise and provide concise information.

12 of 14 people found the following review helpful

5.0 out of 5 stars Great Practical Advice for Business Executives October 30, 2011

By TechLaw

Format:Paperback

The process this book takes on how to secure social media is pretty unique. Their H.U.M.O.R. model is definitely different from what is out there. I agree that you need multiple departments involved with all social media activity, including Human Resources, IT, Marketing, Operations, Legal and more.

I liked the fact that they actually have a practical example of a company that they follow though out the book. They apply the security tools and tactics to how a real company would implement the strategies they discuss.

You have to have a computer in front of you when reading the book. They talk a lot about tools and websites that can be used in social media security and its much easier if you can follow along as you read the book. It seems to be useful to both IT staff and Marketing and HR staff. Its good practical advice on using social media in a secure way.