Conclusion

This book is about security issues of social media, specifically in the public sector, and best practices for mitigating risk in the use of social media. It conforms to the requirements of the national cyber security policies of many countries and gives advice on the security issues relating to the use of social media in public service applications. Social media usage holds great potential; for example, it can enable citizens to be more participatory in central, state, and local government.

Chapter 1 describes several Web 2.0 architectural patterns. One is “participation-collaboration” or “harnessing collective intelligence,” which is concerned with self-organizing communities of people and social interactions. The participation-collaboration pattern is not restricted to social networking; for example, a wiki makes use of this pattern. (It is possible to restrict access to a wiki to a certain group of individuals.) Many of the web applications that characterize Web 2.0 such as the encyclopedia Wikipedia and the website YouTube use this pattern, among others.

Chapter 2 investigates the potential of social media within the public sector. This is a complex topic, as different stakeholders have different perspectives. When participation-collaboration is restricted to administrators, excluding the public, it is called “inward sharing” and uses proprietary software, such as SharePoint. “Outward sharing” involves that between government and other bodies such as the police, health authorities, NGOs, and wealthy or powerful individuals. Other types of sharing are “crowdsourcing” and “outbound sharing.”

Chapter 3 assesses security threats posed by social media in the public sector, of which there are a variety. To illustrate, one threat is “spear phishing,” a type of usage of email associated with fraud directed at a specific organization (Microsoft, 2010). For example, a government administrator might receive an email that purports to come from a colleague requesting information, or asking the recipient to click on a hyperlink, causing malicious software to be downloaded.

The chapter describes threats that social media sites are particularly susceptible to, for example social engineering and the potential problems it causes, mainly relating to handling unsolicited messages (opening received files; hyperlinks; building up a relationship). Risks include identity theft, malware, and damage to the reputation of government departments. Users should also be aware of privacy concerns associated with using web applications within social media sites.

Cybersecurity is a complex topic and social media applications have many vulnerabilities.

Chapter 4 describes the hardware and software controls that minimize risk. The extent to which one should use social media for public service applications depends on the risks involved, and the IT security of Web 2.0 government applications is very important. Managers of individual departments in public sector bodies have to decide whether or not there is a business case for using social media, and inherent to the business case must be a risk assessment. The chapter describes the security measures that are or could be applied to the participation-collaboration pattern of Web 2.0 public service applications. For comparison, reference is made to work carried out in a number of countries.

The chapter looks at:

In preparation for writing Security Risks in Social Media Technologies the author assessed the suitability of various security controls. The bulk of this topic is generic – not country dependent. The country-specific part of the topic relates to the government bodies that are responsible for suggesting controls, monitoring adherence to controls, and so on.

Chapter 5 describes the suitability of various AUPs, one of the security controls, noting only those parts of policies that are directly relevant to social media usage. Many policies exist and extracts are recorded to show examples of how points are worded. The chapter investigates:

Chapter 6 investigates the type of security problems users might encounter in a participation-collaboration pattern used in the school environment. This concerns security relating to the use of social media in schools, where parents, students, and teachers liaise, looking at threats, security measures, and AUPs specific to this application.

Chapter 7 provides an alternative classification of security controls, relating controls to threats rather than using the NIST classification. This alternative arrangement may be preferable to some users.

In summary, it is hoped that this book will contribute to an understanding of the risks posed by Web 2.0 applications in social media technologies and give clear guidance on how to mitigate them.