Blogs, wikis and podcasts are fairly new mainstream communications methods that can improve interaction between individuals who have a common interest, but the use of such tools without guiding principles could severely impact our company. In particular, blogging is growing in popularity and is already considered a conventional and commonly used communication tool. While blogging is a powerful broadcasting tool, it can pose significant risks to CSC’s enterprise information security when not controlled. The main risks to CSC are inadvertent (or intentional) disclosure of CSC or client intellectual property, confidential information and damage to CSC credibility in the market place.
A Personal Blog (short for weblog) is a personal online journal that is frequently updated and intended for general public consumption. Blogs are defined by their format: a series of entries posted to a single page in reverse-chronological order. Blogs generally represent the personality of the author or reflect the purpose of the Web site that hosts the blog.
A Wiki is a is a web site that makes it simple for anyone to create and share web pages, images, and much more in an instant. Similar to a blog in structure and logic, a wiki allows anyone to edit, delete or modify content that has been placed on the Web. In contrast, a blog, typically authored by an individual, does not allow visitors to change the original posted material; only add comments to the original content.
A Podcast is a multimedia file distributed over the Internet for playback on mobile devices and personal computers.
Employees run a personal risk if they post fallacious or slanderous information that could leave them vulnerable to defamation lawsuits. The improper use of blogs, wikis and podcasts can also lead to proprietary information being obtained by CSC’s competitors or create a public relations incident. The concern grows with the popularity of image-ready cell phones and online sites that allow users to post videos.
There are also legal issues that personal blogs raise. These include the potential loss of CSC or customer intellectual property and copyright infringement issues. In addition, the disclosure of a third party's trade secrets can expose a blogger to liability for misappropriation.
CSC views personal websites and weblogs positively, and it respects the right of employees to use them as a medium of self-expression and research. However, all CSC employees must follow the guidelines below when developing and broadcasting blogs, wikis or podcasts:
- Make it clear that the views expressed in the blog, wiki or podcast are yours alone and do not necessarily represent the views of CSC.
- Respect CSC’s sensitive and proprietary information and ensure that such information is not published in unauthorized or public forums.
- Seek CSC managerial approval if there are any questions as to what is appropriate to included in a blog, wiki or podcast.
- Be respectful to CSC, other employees, customers, partners, and competitors.
- Understand and fully comply when CSC identifies topics should not be discussed outside of the company for confidentiality or legal compliance reasons.
- Ensure that any bogging, wiki or pod casting activity does not interfere with work requirements.
GNS is in the process of constructing a more detailed security guideline on the use of blogs, wikis and podcasts that will be published within the next two months. The availability of this guideline will be announced through future security awareness bulletins.
No comments:
Post a Comment