|
04.10.07
Security, HR And Corporate Secrets
 By
Dan Morrill
Security and HR are more involved in keeping corporate secrets in the world of Wiki's, blogs, YouTube, and MySpace. Computer World is running an interesting piece about corporate data leakage and unregulated corporate communications.
They state:
Miller's response strikes at the heart of the corporate debate over how to minimize the security risks opened up by blogging, social networking, video sharing and other interactions that fall under the Web 2.0 umbrella. Companies are wrestling with a multitude of issues, such as whether to restrict employees from blogging on employer-owned equipment, whether to monitor what blogs say, whether to steer blogging activity toward a company- sponsored blog and how to set up parameters around these activities. There's also the question of whether to open the corporate network to the wild and woolly worlds of MySpace.com, iTunes, Flickr and YouTube. Source: Computer World
Keeping a professional blog or a corporate sponsored blog where people will interact with the company and make a decision about the worthiness of the company based on what they read about the company. This works both professionally and personally. The role of security is to enforce the policies of the company, and when informed of a violation to investigate the issue to see if there really is one, and then turn it over to the HR department and or the legal department.
These issues have been thrown more into the forefront as people loose jobs, or do not get hired because of what is in blogs and other data sources that are user generated, and user commented on. The IEEE is having a call for papers now that deals with:
However, there are issues with respect to management of identities, reputation, privacy, anonymity, transient and long term relationships, and composition of function and content, both on the server side and inside the web browser. While the security and privacy issues are not new (many of these issues already exist with portal servers and browsers), the security issue is increasingly becoming acute as the technologies are adopted and adapted to appeal to a wider developer audience. Some of these technologies deliberately bypass existing security mechanisms. This workshop is intended to discuss the limitations of the current technologies and explore alternatives. Source IEEE
Companies that get the power, responsibilities and liabilities of blogs are already making policies that guide under what circumstances people can blog about. As we grow more interconnected within the web 2.0 framework, the processes that we use to define reputation and how to manage the on line reputations that we have is going to consume more and more legal department, security and HR resources as complaints are made, investigations are conducted, and findings of either founded or non founded are issued.
Companies need to understand web 2.0, and understand what their employees are saying on line, and along the lines of the acceptable use policies that companies are increasingly exerting. As well as ensure that the necessary corporate resources are available to investigate events as they happen, or as they are reported.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
