Saturday, November 10, 2012

Vulnerabilities To Be Addressed To Safely Utilize Online Social Networking: Privacy Protection

Privacy violations can be completely prevented through a single, strict policy: do not post content to online social networking sites. The complete lack of control over disseminated content means that any distribution is a potential redistribution. Damage mitigation can be achieved through one of three fairly disjoint policies. One option is to encrypt posted content and only distribute the key to the trusted recipients out-of-band. This way if either the first or second of the above privacy violations occur then the secondary recipients will be unable to view the content. The third violation is still possible, in that the authorized recipient can either forward/post the key or repost the received, but decrypted, content. Alternatively, a policy of treating all, even limited, distributions as full public postings. Anything, and everything, posted should be classified as approved for public dispersal, because each post has the potential to be released publicly. (UMUC, 2010) Lastly, any postings of non-publicly releasable content can be performed under careful scrutiny of the social networking site’s privacy settings and to be released to recipients under a legally binding and enforceable non-disclosure agreement. Such an agreement will still not physically prevent redistribution, but does permit a legal recourse in the event of redistribution.

Of the four policy suggestions to prevent or mitigate the damage from the discussed privacy violation, only one truly maintains the usability of the social networking site. Personal poster responsibility and operating under the assumption of full public disclosure allows the user to continue operating as is expected on the site. Not posting equates to not using the site. Posting only under encryption or a non-disclosure agreement runs significantly counter to the social, as opposed to business, nature and focus of most social networking sites.

UMUC (2010). Cybersecurity Policies in the Private and Public Sector. UMUC CSEC620 Module

Vulnerabilities To Be Addressed To Safely Utilize Online Social Networking

No comments:

Post a Comment