
	Home > Ask the Security Experts > Security Management Questions & Answers > What are the best security practices to consider when developing a corporate blog?

Ask The Security Expert: Questions & Answers

EMAIL THIS

What are the best security practices to consider when developing a corporate blog?

EXPERT RESPONSE FROM: Mike Rothman

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 04 April 2007
What are some security best practices to incorporate when creating a corporate blog?

EXPERT RESPONSE
This is as much a marketing question as a security one. The good news is that I have also worked in marketing professionally and can address both aspects. First and foremost, blogs are all about new and interesting content. Someone needs to be responsible for the blog and accountable for ensuring new content gets added at least a few times per week; this is usually a corporate marketing function.

From a security standpoint, there are three different scenarios to be concerned about. The first involves sensitive corporate data being divulged on the blog. Although this may be unintentional, it's a good idea to have some kind of review cycle and/or approval process for content before it's published. This can be challenging, considering blog posts can't be reviewed in committee for weeks and are expected to provide timely, relevant information.

The second scenario involves the posting of inappropriate information by an employee. This occurs mostly on personal blogs, but employees' actions reflect on an organization whether they are on the clock or not. It's within reason to set behavior guidelines for employees . At a minimum, a disclaimer on an employee's personal blog saying that these views are personal should be required. The best practice to remedy this is to define an acceptable use policy (AUP) for blogging, both on corporate blogs and personal blogs. As with email and Web AUPs, it's important to manage expectations about behavior before you have problems.

Finally, be conscious of reader comments. Blogs are open by nature and they solicit passionate responses from increasingly anonymous respondents. Inevitably, someone will say something unflattering about your company and you need to be aware of that.

For more information:

Blogging on corporate machines can increase your company's vunerability to online information theft.

Don't fall victim to IM or email threats. Visit our Messaging Security School, which features lessons on IM security, mobile device protection, countermeasures for malicious email code and best practices for Microsoft Exchange users

Sound Off! -

Be the first to post a message to Sound Off!

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Management
	Is it against HIPAA regulations to permanently store sensitive information?
	Two-tier distributed systems vs. three-tier distributed systems
	How to prevent software piracy
	How do ISO 17799 and SAS 70 differ?
	Has FFIEC made any VoIP-specific mandates?
	What is the best way to administer exams to students via computer?
	Should computer exams be transmitted as PDF files or Word files?
	Is it against HIPAA regulations to display client names?
	Getting started on a career in penetration testing
	Are there security management products that can track compliance objectives?

Acceptable Use Policy

Can DHCP be used to selectively block instant messaging clients?

Can watching online videos present enterprise security risks?

Database authentication, encryption getting priority in some businesses

Online game exploits threaten IT security

Boston Celtics face off against spyware

Blocking Web anonymizers in the enterprise

Veterans Affairs data theft should be 'call to arms'

Survey: Women more likely to download spyware

Scam artists flocking to MySpace

When 17 days of security is an 'Olympian' task

Acceptable Use Policy Research

Enterprise Data Protection

Web 2.0 and e-discovery: Risks and countermeasures

Screencast: Recovering lost data with WinHex

Countermeasures against targeted attacks in the enterprise

Websense, Reconnex top Forrester ranking of DLP vendors

Are open recursive DNS servers inherently insecure?

Penetration testing: Helping your compliance efforts

Worst practices: Learning from bad security tips

The ins and outs of database encryption

RSA attendees see data classification, rights management projects stumble

Worst practices: Encryption conniptions

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

cut-and-paste attack (SearchSecurity.com)

data splitting (SearchSecurity.com)

deperimeterization (SearchSecurity.com)

Google hacking (SearchSecurity.com)

masquerade (SearchSecurity.com)

snooping (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy