We are going to be creating some new boilerplates.
FOR ALL USERS
Here’s an article I found for a client of mine that you all might find helpful. You may want to incorporate this information into your next Security Awareness reminder. It is a great list of seven “don’ts” related to Social Networking Sites. In fact, we are going to be integrating this and other issues into our security awareness training presentations.
We also suggest that Acceptable Use Policies include a section about Social Networking Sites that refers to a guideline for those who use Facebook, Twitter, MySpace, etc. The following link is an example of our thinking for this guideline:
FOR THE MANAGEMENT TEAM
Meanwhile, we are working on a policy and/or guideline about financial institutions’ use of social networking sites. Many of our financial industry clients are getting pressure from their marketing department to allow them to build a Facebook, LinkedIn, Twitter, and/or Myspace presence.
We believe that many financial institutions will need to create a Social Networking guideline to help the marketing department build the presence without creating security risk. You might consider inserting language referring to this guideline in a board-level policy. We’re working on language for the guideline and we’ll have a boilerplate ready by the end of the year.
I could not find a link that illustrates my thinking here. If you know of one, or have ideas, we’d love to hear from you.
We’ll keep you posted.
Dan Hadaway, CISA, CISM