Home > Security Tips > Threat Monitor > Does blogging pose enterprise information security risks?
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

THREAT MONITOR

Does blogging pose enterprise information security risks?


Mike Chapple
09.15.2006
Rating: -4.00- (out of 5)


Threat Monitor
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


Blogging is growing in popularity and rapidly becoming a mainstream communication tool. Even companies are jumping on the bandwagon in record numbers, as a recent American Management Association/ePolicy Institute study of 416 U.S. businesses found 8% of organizations operate official corporate blogs. That's no surprise, given some of the high-profile business blogs, such as those by Justin Rattner of Intel and John Dragoon of Novell. However, the same survey also revealed some troublesome statistics regarding corporate blogging policies or lack thereof. Specifically:

Those are somewhat shocking numbers. While blogging is a powerful marketing and communications tool, it can pose significant risks to enterprise information security when not controlled. While some of these risks are obvious, such as inadvertent (or intentional) disclosure of trade secrets and risk to a company's reputation, other risks are more nuanced. Therefore, if your company is publicly traded, blog postings should be considered in light of applicable Securities and Exchange Commission regulations, because a blog post is like any ot



her corporate communication.

Blogging policies
What can you do to control these risks? As with many security issues, the best place to start is with policy. Here are some questions you should consider when drafting your information security policies:

Blog risks go beyond policy-related concerns as well. A recent SPI Dynamics study noted that content feeds may be used as an attack vector to exploit vulnerabilities in news reader clients. Expect to see this threat develop over the next year, and be certain to keep your blog-reading software up-to-date on vendor security patches to reduce the risk to your enterprise.

About the Author: Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.


Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Threat Monitor,   Information Security Threats,   Emerging Information Security Threats,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Threat Monitor
How to defend against rogue DHCP server malware
When BIOS updates become malware attacks
Mac OS memory flaws pose challenges for enterprise endpoint protection
Cybercrime and threat management
How to find and stop automated SQL injection attacks
Short-lived Web malware: Fading fad or future trend?
Security book chapter: The Truth About Identity Theft
How to use (almost) free tools to find sensitive data
How to block adult websites from enterprise users by logging content
Are Windows Vista security features up to par?

Emerging Information Security Threats
DDoS attacks hit U.S., South Korean government websites
New attack code targets Microsoft ActiveX zero-day vulnerability
Adobe ColdFusion websites being compromised
Antispyware buying guide for Indian enterprises
ATM malware lets attackers take over machines
FTC shutters rogue ISP for hosting malicious content, botnets
The failing war against cybercriminals
White House cybersecurity czar faces major hurdles
Cybercrime and threat management
The Pipe Dream of No More Free Bugs

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
DNS rebinding attack  (SearchSecurity.com)
drive-by pharming  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
man in the browser  (SearchSecurity.com)
phlashing  (SearchSecurity.com)
polymorphic malware  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts