Get documents about "Social Media Risk Assessment Template - DOC - DOC
Shared by: jstorres
-
Stats
- views:
- 149
- posted:
- 3/5/2012
- language:
- pages:
- 11
Document Sample
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
DISCLOSURE OF CONFIDENTIAL LACK OF EMPLOYEE 1) INFORMATION SECURITY TRAINING LOW LOW LOW
CUSTOMER INFORMATION UNDERSTANDING OF INFORMATION
SECURITY RISKS TO CUSTOMER 2) SOCIAL MEDIA TRAINING
INFORMATION
3) INFORMATION SECURITY POLICY
4) SOCIAL MEDIA POLICY
5) SOCIAL MEDIA MONITORING
PROGRAM
6) ACCEPTABLE USE POLICY
7) EMPLOYEE CODE OF CONDUCT
ROGUE EMPLOYEE INTENTIONALLY 1) ADEQUATE EMPLOYEE HIRING / LOW LOW LOW
RELEASES CONFIDENTIAL PRE-SCREENING PROCEDURES
CUSTOMER INFORMATION THROUGH
SOCIAL MEDIA PLATFORM 2) INFORMATION SECURITY TRAINING
3) SOCIAL MEDIA TRAINING
4) INFORMATION SECURITY POLICY
5) SOCIAL MEDIA POLICY
6) SOCIAL MEDIA MONITORING
PROGRAM
7) ACCEPTABLE USE POLICY
8) EMPLOYEE CODE OF CONDUCT
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 1 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
DISCLOSURE OF CONFIDENTIAL LACK OF EMPLOYEE 1) INFORMATION SECURITY TRAINING LOW LOW LOW
COMPANY INFORMATION UNDERSTANDING OF INFORMATION
SECURITY RISKS TO COMPANY 2) SOCIAL MEDIA TRAINING
INFORMATION
3) INFORMATION SECURITY POLICY
4) SOCIAL MEDIA POLICY
5) SOCIAL MEDIA MONITORING
PROGRAM
6) ACCEPTABLE USE POLICY
7) EMPLOYEE CODE OF CONDUCT
ROGUE EMPLOYEES INTENTIONALLY 1) ADEQUATE EMPLOYEE HIRING / LOW LOW LOW
RELEASES CONFIDENTIAL COMPANY PRE-SCREENING PROCEDURES
INFORMATION THROUGH SOCIAL
MEDIA PLATFORM 2) INFORMATION SECURITY TRAINING
3) SOCIAL MEDIA TRAINING
4) INFORMATION SECURITY POLICY
5) SOCIAL MEDIA POLICY
6) SOCIAL MEDIA MONITORING
PROGRAM
7) ACCEPTABLE USE POLICY
8) EMPLOYEE CODE OF CONDUCT
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 2 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
PUBLIC RELATIONS CHALLENGES DISGRUNTLED CUSTOMER USES 1) SOCIAL MEDIA MONITORING LOW LOW LOW
SOCIAL MEDIA TO DISPARAGE PROGRAM
COMPANY
2) CRISIS RESPONSE POLICY AND
PROCEDURES THAT INCLUDE A
SOCIAL MEDIA COMPONENT
DISGRUNTLED EMPLOYEE USES 1) SOCIAL MEDIA MONITORING LOW LOW LOW
SOCIAL MEDIA TO DISPARAGE PROGRAM
COMPANY
2) CRISIS RESPONSE POLICY AND
PROCEDURES THAT INCLUDE A
SOCIAL MEDIA COMPONENT
3) ACCEPTABLE USE POLICY
4) EMPLOYEE CODE OF CONDUCT
5) SOCIAL MEDIA POLICY
OTHER PUBLIC RELATIONS EVENT 1) SOCIAL MEDIA MONITORING LOW LOW LOW
SUCH AS INAPPROPRIATE CONTENT PROGRAM
BY EMPLOYEES
2) CRISIS RESPONSE POLICY AND
PROCEDURES THAT INCLUDE A
SOCIAL MEDIA COMPONENT
3) ACCEPTABLE USE POLICY
4) EMPLOYEE CODE OF CONDUCT
5) SOCIAL MEDIA POLICY
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 3 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
OUTAGE DUE TO SOCIAL MEDIA- LACK OF REGULARLY UPDATED 1) REGULARLY UPDATED ANTI- LOW LOW LOW
BASED VIRUS/MALWARE VIRUS/MALWARE SOFTWARE VIRUS/ANTI-MALWARE SOFTWARE
INFECTION
2) CONTENT FILTERING SOFTWARE
TO RESTRICT/LIMIT ACCESS TO
SOCIAL MEDIA PLATFORMS IF
COMPANY POLICY CALLS FOR
NON-EMPLOYEE USE OF SOCIAL
MEDIA
3) INFORMATION SECURITY TRAINING
4) SOCIAL MEDIA TRAINING
5) SOCIAL MEDIA POLICY
6) INFORMATION SECURITY POLICY
LOSS OF SOCIAL MEDIA-BASED CLOSURE OF SOCIAL MEDIA 1) INCLUDE THIRD-PARTY SOCIAL LOW LOW LOW
CONTENT PLATFORM MEDIA PLATFORMS IN VENDOR
MANAGEMENT PROCESS
2) MAINTENANCE OF SOCIAL MEDIA
MANAGER
CONTENT POSTED THROUGH NON- 1) REQUIRE THAT COMPANY LOW LOW LOW
COMPANY-CONTROLLED/OWNED “OWNED” CONTENT IS POSTED
ACCOUNTS THROUGH COMPANY-
CONTROLLED ACCOUNTS
2) SOCIAL MEDIA POLICY
3) SOCIAL MEDIA TRAINING
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 4 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
VIOLATION OF SOCIAL MEDIA 1) MAINTENANCE OF SOCIAL MEDIA LOW LOW LOW
PLATFORM POLICIES MANAGER
2) SOCIAL MEDIA POLICY
3) SOCIAL MEDIA TRAINING
4) INCLUDE THIRD-PARTY SOCIAL
MEDIA PLATFORMS IN VENDOR
MANAGEMENT PROCESS
LAWSUIT FOR ALLEGED IMPROPER LACK OF UNDERSTANDING OF 1) SOCIAL MEDIA POLICY LOW LOW LOW
USE OF SOCIAL MEDIA IN THE SOCIAL MEDIA RISKS BY HR
HIRING PROCESS DEPARTMENT 2) SOCIAL MEDIA TRAINING
3) CODE OF CONDUCT
LACK OF UNDERSTANDING OF 1) SOCIAL MEDIA POLICY LOW LOW LOW
SOCIAL MEDIA RISKS BY HIRING
MANAGERS 2) SOCIAL MEDIA TRAINING
3) CODE OF CONDUCT
LAWSUIT FOR ALLEGED IMPROPER LACK OF UNDERSTANDING OF 1) SOCIAL MEDIA POLICY LOW LOW LOW
TERMINATION BASED UPON SOCIAL MEDIA RISKS BY HR
SOCIAL MEDIA USE DEPARTMENT 2) SOCIAL MEDIA TRAINING
3) CODE OF CONDUCT
LACK OF UNDERSTANDING OF 1) SOCIAL MEDIA POLICY LOW LOW LOW
SOCIAL MEDIA RISKS BY HIRING
MANAGERS 2) SOCIAL MEDIA TRAINING
3) CODE OF CONDUCT
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 5 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
LAWSUIT FOR COPYRIGHT LACK OF EMPLOYEE 1) MAINTENANCE OF SOCIAL MEDIA LOW LOW LOW
VIOLATIONS UNDERSTANDING OF COPYRIGHT MANAGER
RULES RELATIVE TO SOCIAL MEDIA
USE 2) SOCIAL MEDIA POLICY
3) SOCIAL MEDIA TRAINING
4) EMPLOYEE CODE OF CONDUCT
LOSS OF OPPORTUNITY TO HIRE LACK OF UNDERSTANDING OF 1) SOCIAL MEDIA POLICY LOW LOW LOW
QUALIFIED EMPLOYEE DUE TO SOCIAL MEDIA RISKS BY HR
INFORMATION CONTAINED ON DEPARTMENT 2) SOCIAL MEDIA TRAINING
SOCIAL MEDIA PLATFORM
3) CODE OF CONDUCT
LACK OF UNDERSTANDING OF 1) SOCIAL MEDIA POLICY LOW LOW LOW
SOCIAL MEDIA RISKS BY HIRING
MANAGERS 2) SOCIAL MEDIA TRAINING
3) CODE OF CONDUCT
ATTACK ON CUSTOMERS / INADEQUATE PASSWORD POLICY 1) INFORMATION SECURITY POLICY LOW LOW LOW
FOLLOWERS / FRIENDS THROUGH
HIJACKED SOCIAL MEDIA ACCOUNT 2) INFORMATION SECURITY
TRAINING
3) SOCIAL MEDIA POLICY
4) SOCIAL MEDIA TRAINING
5) CODE OF CONDUCT
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 6 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
LACK OF EMPLOYEE 1) INFORMATION SECURITY LOW LOW LOW
UNDERSTANDING OF SOCIAL MEDIA TRAINING
RISKS TO CUSTOMERS / FOLLOWERS
/ FRIENDS 2) SOCIAL MEDIA TRAINING
3) INFORMATION SECURITY POLICY
4) SOCIAL MEDIA POLICY
5) SOCIAL MEDIA MONITORING
PROGRAM
6) ACCEPTABLE USE POLICY
7) EMPLOYEE CODE OF CONDUCT
EXCESSIVE/INAPPROPRIATE USE 1) SOCIAL MEDIA POLICY LOW LOW LOW
OF SOCIAL MEDIA BY EMPLOYEE
2) SOCIAL MEDIA TRAINING
3) SOCIAL MEDIA MONITORING
PROGRAM
4) ACCEPTABLE USE POLICY
5) EMPLOYEE CODE OF CONDUCT
6) CONTENT FILTERING SOFTWARE
TO RESTRICT/LIMIT ACCESS TO
SOCIAL MEDIA PLATFORMS IF
COMPANY POLICY CALLS FOR
NON-EMPLOYEE USE OF SOCIAL
MEDIA
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 7 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
Risk is the possibility of an act or event occurring that would have an adverse effect on the organization. Risk can also be
the potential that a given threat will exploit vulnerabilities to cause loss of, or damage. Risk is generally measured by a
combination of severity and likelihood of occurrence.
A threat is an action or event that might jeopardize the organization. It is a sequence of circumstances and events that
allow a human (intruder, criminal, disgruntled employee, terrorist, etc.) or other agent (virus, Trojan horse, natural
disaster, etc.) to cause a misfortune by exploiting vulnerabilities.
A Vulnerability is a weakness that allows a threat to manifest. Threats cannot manifest unless a vulnerability is exploited.
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 8 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
Likelihood of Occurrence Table
Likelihood Description
Negligible Unlikely to occur.
Very Low Likely to occur two/three times every five years.
Low Likely to occur once every year or less.
Moderate Likely to occur once every six months or less.
High Likely to occur once per month or less.
Very High Likely to occur multiple times per month.
Extreme Likely to occur multiple times per day.
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 9 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
Impact Severity Levels
Impact Severity Description
Insignificant Almost no impact if the threat is realized and vulnerability is exploited.
Minor effect on the organization that will require minimal effort to repair or
Minor
reconfigure.
Some negligible yet tangible harm that will require some expenditure of resources
Significant
to repair.
Damage to the reputation of the organization, and/or notable loss of confidence in
Damaging the organization’s resources or services. Will require expenditure of significant
resources to repair.
Considerable system outage and/or loss of customer/business partner confidence.
Serious May result in the compromise of services or a large amount of
customer/organization information.
Extended system outage or permanent closure. May result in complete
Critical
compromise of services or confidential information.
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 10 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
SAMPLE SOCIAL MEDIA RISK ASSESSMENT MATRIX - MARCH 2012
THREAT VULNERABILITY EXISTING LIKELIHOOD IMPACT RISK
CONTROLS OF SEVERITY LEVEL
OCCURRENCE
Risk Levels
Likelihood Impact Severity
Of Insignificant Minor Significant Damaging Serious Critical
Occurrence
Negligible Low Low Low Low Low Low
Very Low Low Low Low Low Moderate Moderate
Low Low Low Moderate Moderate High High
Moderate Low Low Moderate High High High
High Low Moderate High High High High
Very High Low Moderate High High High High
Extreme Low Moderate High High High High
UPDATES AND REVISIONS: Please help the community by posting your improvements to this risk assessment in the “Comments”
section of the social media risk assessment post at http://socialmediabanking.blogspot.com/2012/03/social-media-risk-assessment-
process.html
Prepared by Jesse Torres (MrJesseTorres@gmail.com) 11 Visit the Social Media and Banking Blog at http://socialmediabanking.blogspot.com
Download at http://www.JesseTorres.com/doc/socialmediariskassessment.doc
