Home > Ask the Security Experts > Expert Archive: Security Management Questions & Answers > What are the best security practices to consider when developing a corporate blog?
Ask The Security Expert: Questions & Answers
EMAIL THIS

What are the best security practices to consider when developing a corporate blog?

Mike Rothman, past SearchSecurity.com expert EXPERT RESPONSE FROM: Mike Rothman, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 04 April 2007
What are some security best practices to incorporate when creating a corporate blog?


BROWSE BY TAG
Expert Archive: Security Management,   Enterprise Data Protection,   Enterprise Data Governance,   Information Security Policies, Procedures and Guidelines,   Information Security Management,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Expert Archive: Security Management
What is the GISP certification and how does it compare to the CISSP certification?
Using a QSA to write up a PCI DSS report on compliance (ROC)
How can gap analysis be applied to the security SDLC?
Comparing low-cost security appliances to bigger, pricier appliances
What are some tips on protecting my security budget in a poor economy?
What value do research firms provide to their subscribing enterprises?
What certificate offers the best ROI for an IT project manager?
Is insider activity or outsider activity a bigger enterprise threat?
How does information security prevent fraud in the enterprise?
Differences between an SAS 70 data center and a Tier III data center

Enterprise Data Governance
Compliance in the cloud
Risk management must include physical-logical security convergence
Simple information security mistakes can cause data loss, says expert
Organizations struggle with data leakage prevention, rights management
Encryption in data management should never be ignored, expert says
Attackers cash in on fundamental data handling mistakes, Verizon finds
Data loss prevention benefits in the real world
Mass., Nev. data protection laws wrong, ineffective
Cybersecurity hearing highlights inadequacy of PCI DSS
Enforcing a vendor risk assessment to avoid outsourcing security risks

Information Security Policies, Procedures and Guidelines
Twitter risks, Facebook threats trouble security pros
Cybersecurity czar candidate questions clout of new position
Incident response planning
The basics of enterprise GRC project management
RSA council addresses growing security risks in the cloud
How to write a risk methodology that blends business, security needs
Risk management must include physical-logical security convergence
DHS fills National Cybersecurity Center post
New partnerships, creative thinking help security bust recession
Experts optimistic of Obama cybersecurity plan

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
cut-and-paste attack  (SearchSecurity.com)
data splitting  (SearchSecurity.com)
deperimeterization  (SearchSecurity.com)
Google hacking  (SearchSecurity.com)
masquerade  (SearchSecurity.com)
snooping  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


This is as much a marketing question as a security one. The good news is that I have also worked in marketing professionally and can address both aspects. First and foremost, blogs are all about new and interesting content. Someone needs to be responsible for the blog and accountable for ensuring new content gets added at least a few times per week; this is usually a corporate marketing function.

From a security standpoint, there are three different scenarios to be concerned about. The first involves sensitive corporate data being divulged on the blog. Although this may be unintentional, it's a good idea to have some kind of review cycle and/or approval process for content before it's published. This can be challenging, considering blog posts can't be reviewed in committee for weeks and are expected to provide timely, relevant information.

The second scenario involves the posting of inappropriate information by an employee. This occurs mostly on personal blogs, but employees' actions reflect on an organization whether they are on the clock or not. It's within reason to set behavior guidelines for employees . At a minimum, a disclaimer on an employee's personal blog saying that these views are personal should be required. The best practice to remedy this is to define an acceptable use policy (AUP) for blogging, both on corporate blogs and personal blogs. As with email and Web AUPs, it's important to manage expectations about behavior before you have problems.

Finally, be conscious of reader comments. Blogs are open by nature and they solicit passionate responses from increasingly anonymous respondents. Inevitably, someone will say something unflattering about your company and you need to be aware of that.

For more information:

  • Blogging on corporate machines can increase your company's vunerability to online information theft.
  • Don't fall victim to IM or email threats. Visit our Messaging Security School, which features lessons on IM security, mobile device protection, countermeasures for malicious email code and best practices for Microsoft Exchange users




    • Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts