Threat 2.0: Security and Compliance for Web 2.0 Sites
By Alan Calder
()
About this ebook
This pocket guide will provide you with an invaluable introduction to the security and compliance issues surrounding Web 2.0 technologies. It includes a programme of best-practice steps you can take to manage the risks involved with Web 2.0, together with advice on how to ensure your organisation stays on the right side of the relevant privacy and data protection requirements.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5IT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5PCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5Network and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratings
Related to Threat 2.0
Related ebooks
Fight Fire with Fire: Proactive Cybersecurity Strategies for Today's Leaders Rating: 0 out of 5 stars0 ratingsHow to Use Web 2.0 and Social Networking Sites Securely: A Pocket Guide Rating: 0 out of 5 stars0 ratingsSecurity Technology Convergence Insights Rating: 0 out of 5 stars0 ratingsIT Induction and Information Security Awareness: A Pocket Guide Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5IT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsISO 27007 A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Maturity Model Certification A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Awareness A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsThreat Management Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsSoftware License Optimization And Entitlement A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsFuture Perspectives Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsCCISO Third Edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsCyber Incident Response Plan A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsISO 19770 A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsInformation Security Architecture A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Risk Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsBusiness Continuity and the Pandemic Threat - Learning from COVID-19 while preparing for the next pandemic Rating: 0 out of 5 stars0 ratingsHybrid Cloud Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsCybersecurity ISMS Policies And Procedures A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsIoT Platform Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsEnterprise Cybersecurity A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsIT risk Second Edition Rating: 0 out of 5 stars0 ratingsManaging Organizational Risk Using the Supplier Audit Program: An Auditor's Guide Along the International Audit Trail Rating: 0 out of 5 stars0 ratingsThe Network Security Test Lab: A Step-by-Step Guide Rating: 0 out of 5 stars0 ratingsCybersecurity Protocols A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratings
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Codes and Ciphers Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsSecurity+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5
Reviews for Threat 2.0
0 ratings0 reviews
Book preview
Threat 2.0 - Alan Calder
978-1-849281-24-9
FOREWORD
Web 2.0 – a widespread series of developments in the way websites are designed and accessed, and more widely known as ‘social networking sites’ – is a new and exciting way for websites to work. The extent to which Web 2.0 sites (such as Wikipedia, FaceBook, and YouTube) also rely on user-generated content adds to their immediacy, excitement and relevance.
Web 2.0 sites do, however, come with their own set of risks – risks to users, to their confidential information, and to associated parties. It is not unusual, when technology is evolving so quickly, and is subject to such rapid take up, for such security risks to be bypassed – to the detriment of users.
This book is probably the first book on this subject to be published; it has its origins in the detailed research which we did into Web 2.0 during Autumn 2008 and provides organisations with core guidance on how to ensure that their websites remain secure – and comply with the rapidly evolving regulatory requirements that cover personal data and computer security.
CONTENTS
CHAPTER 1:
WEB 2.0
There is no doubt that Web 2.0 technologies bring many benefits. For example, the viral nature of Web 2.0 technologies such as social networking is an extremely powerful tool, which can be used to engage a large number of Web users very quickly for collaborative, knowledge sharing and networking purposes.
However, the interactivity and openness of Web 2.0 technologies in themselves also create risks. Sophos have reported that there has been a phenomenal growth in web threats over the last year¹. Malware is present not only on malicious websites, but there is also a growing number of trusted and reputable websites which are compromised. For example, in April 2008 the Cambridge University Press website was compromised². Visitors to its online dictionary were subject to attempts to run an unauthorised hacker’s script on their computers.
The risks from Web 2.0 technologies are compounded by the exponential growth in the volume of web-based personal data. In addition, the time lag between the fast moving pace of Web technology development and the speed at which legislation evolves means that complying with legislation can be complex and unclear.
¹ Mid-Year Report: Malware, Spam and Web Threats in 2008, Mike Harris, Sophos (2008).
² Security threat report update, Sophos (July 2008).
The benefits of Web 2.0 technologies
The business benefits of Web 2.0 technologies include:
The central, online storage of documents enabling increased collaboration and group knowledge in real time and across geographic boundaries.
Improved and more interactive relationship with customers.
Increased vertical networking among colleagues in larger organisations.
Improved communication.
Improved partnership working.
Incentivised working conditions for the younger members of the workforce.
The following sections detail the ways in which Web 2.0 technologies can be used to provide benefits in specific business areas.
Product innovation: increased efficiency and cost savings derived from the speed of sharing, combined with enabling a central location for sharing files and drawings. Collaboration tools also enable employees to be tapped for ideas which are then hosted and developed in a single virtual location.
Sales, marketing and market research: the main benefit of these tools for sales and marketing and market research is in lead generation and brand awareness.
Video, blogging, social networking, forums and videoconferencing all enable customers to be tapped for ideas, feedback, preferences and recommendations which can then in turn be used to advertise products and feed the marketing and sales process. For example, Amazon has a function on their website that suggests, based on one’s previous purchases, ‘other products which you might like to buy’.
Production: Web 2.0 tools such as wikis and collaboration tools can be used to gain and generate input from a wide number of employees, which is available to view in a central place.
HR processes: Web 2.0 technologies, particularly interactive videos, can also be used for employee training.