From a security standpoint, there are three different scenarios to be concerned about. The first involves sensitive...
corporate data being divulged on the blog. Although this may be unintentional, it's a good idea to have some kind of review cycle and/or approval process for content before it's published. This can be challenging, considering blog posts can't be reviewed in committee for weeks and are expected to provide timely, relevant information.
The second scenario involves the posting of inappropriate information by an employee. This occurs mostly on personal blogs, but employees' actions reflect on an organization whether they are on the clock or not. It's within reason to set behavior guidelines for employees . At a minimum, a disclaimer on an employee's personal blog saying that these views are personal should be required. The best practice to remedy this is to define an acceptable use policy (AUP) for blogging, both on corporate blogs and personal blogs. As with email and Web AUPs, it's important to manage expectations about behavior before you have problems.
Finally, be conscious of reader comments. Blogs are open by nature and they solicit passionate responses from increasingly anonymous respondents. Inevitably, someone will say something unflattering about your company and you need to be aware of that.
For more information:
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.