Home > Ask the Security Experts > Expert Archive: Security Management Questions & Answers > What are the best security practices to consider when developing a corporate blog?
Ask The Security Expert: Questions & Answers
EMAIL THIS

What are the best security practices to consider when developing a corporate blog?

Mike Rothman, past SearchSecurity.com expert EXPERT RESPONSE FROM: Mike Rothman, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 04 April 2007
What are some security best practices to incorporate when creating a corporate blog?

>
This is as much a marketing question as a security one. The good news is that I have also worked in marketing professionally and can address both aspects. First and foremost, blogs are all about new and interesting content. Someone needs to be responsible for the blog and accountable for ensuring new content gets added at least a few times per week; this is usually a corporate marketing function.

From a security standpoint, there are three different scenarios to be concerned about. The first involves sensitive corporate data being divulged on the blog. Although this may be unintentional, it's a good idea to have some kind of review cycle and/or approval process for content before it's published. This can be challenging, considering blog posts can't be reviewed in committee for weeks and are expected to provide timely, relevant information.

The second scenario involves the posting of inappropriate information by an employee. This occurs mostly on personal blogs, but employees' actions reflect on an organization whether they are on the clock or not. It's within reason to set behavior guidelines for employees . At a minimum, a disclaimer on an employee's personal blog saying that these views are personal should be required. The best practice to remedy this is to define an acceptable use policy (AUP) for blogging, both on corporate blogs and personal blogs. As with email and Web AUPs, it's important to manage expectations about behavior before you have problems.

Finally, be conscious of reader comments. Blogs are open by nature and they solicit passionate responses from increasingly anonymous respondents. Inevitably, someone will say something unflattering about your company and you need to be aware of that.

For more information:

  • Blogging on corporate machines can increase your company's vunerability to online information theft.
  • Don't fall victim to IM or email threats. Visit our Messaging Security School, which features lessons on IM security, mobile device protection, countermeasures for malicious email code and best practices for Microsoft Exchange users


    • BROWSE BY TAG
    Expert Archive: Security Management,   Enterprise Data Protection,   Enterprise Data Governance,   Information Security Policies, Procedures and Guidelines,   Information Security Management,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Expert Archive: Security Management
    What is the GISP certification and how does it compare to the CISSP certification?
    Using a QSA to write up a PCI DSS report on compliance (ROC)
    How can gap analysis be applied to the security SDLC?
    Comparing cheap security products and appliances to costly appliances
    What are some tips on protecting my security budget in a poor economy?
    What value do research firms provide to their subscribing enterprises?
    What certificate offers the best ROI for an IT project manager?
    Is insider activity or outsider activity a bigger enterprise threat?
    How does information security prevent fraud in the enterprise?
    Differences between an SAS 70 data center and a Tier III data center

    Enterprise Data Governance
    Creating an enterprise data protection framework
    Analyst DLP study finds maturity, ranks top DLP vendors
    Voltage, RSA spar over tokenization, data protection
    Twitter gets condemned by CISOs at Forrester forum
    PCI DSS compliance requirements: Ensuring data integrity
    Trustwave acquires data loss prevention vendor Vericept
    Data has become too distributed to secure, Forrester says
    Cloud-based security services should start private
    Compliance in the cloud
    How to write technology outsourcing contracts

    Information Security Policies, Procedures and Guidelines
    Essential guide: Pandemic planning for H1N1
    Whitelists, SaaS modify traditional security, tackle flaws
    Melissa Hathaway urges more cooperation, government attention to cybersecurity
    Reuters: Obama ready to select cyber security czar
    How a corporate Twitter policy can combat social network threats
    Should enterprises be concerned with Twitter in the workplace?
    Information security management hype: Debunking best practices
    Data breach avoidance begins with security basics, panel says
    Expert: Information security spending often restricts innovation
    GAO report cites government weaknesses, data leakage

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    cut-and-paste attack  (SearchSecurity.com)
    data masking  (SearchSecurity.com)
    data splitting  (SearchSecurity.com)
    deperimeterization  (SearchSecurity.com)
    Google hacking  (SearchSecurity.com)
    masquerade  (SearchSecurity.com)
    snooping  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts