Controls Mitigating the Risk of Confidential Information Disclosure by Facebook: Essential Concern in Auditing Information Security
Controls Mitigating the Risk of Confidential Information Disclosure by Facebook: Essential Concern in Auditing Information Security
Author(s): Ivan Ognyanov KuyumdzhievSubject(s): Electronic information storage and retrieval, ICT Information and Communications Technologies
Published by: UIKTEN - Association for Information Communication Technology Education and Science
Keywords: Facebook; audit; information security; security policy
Summary/Abstract: Facebook allows people to easily share information about themselves which in some cases could be classified as confidential or sensitive in the organisation they’re working for. In this paper we discuss the type of data stored by Facebook and the scope of the terms “confidential” and “sensitive data”. The intersection of these areas shows that there is high possibility for confidential data disclosure in organisations with none or ineffective security policy. This paper proposes a strategy for managing the risks of information leakage. We define five levels of controls against posting non-public data on Facebook - security policy, applications installed on employees’ workstations, specific router software or firmware, software in the cloud, Facebook itself. Advantages and disadvantages of every level are evaluated. As a result we propose developing of new control integrated in the social media
Journal: TEM Journal
- Issue Year: 3/2014
- Issue No: 2
- Page Range: 113-119
- Page Count: 7
- Language: English
