Daniel Osburn

Facebook now claims 300 million active users. Naturally, social media growth has also been seen in the workplace, both with regard to employee use as well as functioning as a communication and/or marketing tool for some companies. And Twitter, the micro-blogging site that was almost unheard of at the beginning of 2008, is now one of the internet's 50 most popular sites, according to Alexa Internet Inc.'s web traffic statistics. And according to a survey recently conducted by IANS, a Boston-based research company that focuses on information security, regulatory compliance and IT risk management, the number of enterprises with a social media policy in place has jumped dramatically, too, in just twelve months.

The take away, according to Phillips, is that social media is front and center now in organizations and the discussion is taking place not only among the security team, but within marketing, sales, human resources and even executives. Also see The Seven Deadly Sins of Social Networking Security Jack Phillips, IANS co-founder and CEO, said when IANS conducted the same survey in 2008, the majority of respondents did not have a social media policy. "They really hadn't done the hard thinking," said Phillips. "But then jumping forward to 2009 we saw about a third of the audience now has something in place and another large percentage is considering these kinds of policies." Specifically, just under ten percent of respondent enterprises said their social media policy was fully implemented and communicated in 2008. That jumped to 34 percent in 2009, with another third responding that they had either created or implemented a policy for social media use. Phillips believes this is an opportunity for security folks to raise their profile and take part in an important issue from its inception. Instead, said Phillips, use this as an opportunity to draw attention to existing policies. "Most purists will say: This stuff isn't really new. He shared with CSO four things he thinks organizations should consider when putting together policies and practices for use of Facebook, Twitter, Linked In and other social media within an organization. 1. Don't start from scratch The media landscape is so dynamic that if you create policy for today's hot technology, tomorrow it will be obscure.

It should be part of our HR and acceptable use policies," said Phillips. "The same sort of norms apply to this new world that has applied to the world before today." (See How to Write an Information Security Policy for more on the basics of effective policy.) Phillips noted most of the organizations IANS polled with a social media policy already in place said they had not named specific medias because of changing pace of new media. "It's Twitter today, but it may be something else tomorrow," he said. 2. Use social media policies to raise security awareness "This issue is an opportunity for info sec leaders to refocus attention on information security and risk management, said Phillips. For instance, when compliance regulations came into play, savvy security teams were able to create new policies to comply, while also letting employees know why they were important. IANS is dispelling what Phillips says is age-old advice for enterprises when it comes to adapting to change. Same holds true this time around, said Phillips. "We are finding some innovative awareness tactics that focus on these technologies because they are front and center. The percentages are so low in terms of success of awareness campaigns, this is an opportunity to jump in." 3. Use social media access to raise security's positive profile within the organization While the initial security reaction to new media is often to block, Phillips said most organization now need to consider that not only may allowing access be necessary, but also useful from an info sec perspective. A Twitter campaign, or a Facebook campaign, a Linked In campaign, can all have real impact in terms of receptivity.

Also see Security Awareness Programs: Now Hear This! "The advice we have given is, instead of just knee-jerk blocking everything, we find that this as an opportunity to record usage and activity among the employee base," said Phillips. "When the original data-loss-protection technologies were introduced, they were not in blocking mode, but in monitoring mode." Phillips believes the new technology of social media gives information security what he calls "an interesting opportunity" to see how critical these technologies are to the enterprise. "That kind of information is quite useful to other functions of the enterprise," he said "Sales, marketing, HR are all going to be interested and that raises information security's profile among management." 4. Be prepared for the next phase As social media platforms come and go, some will ultimately become commonplace and integral to an enterprise. As it stands now, he said, he finds his clients are more comfortable with some mediums and with others; not so much. While creating entire new policies around social media doesn't make sense right now, at some point, said Phillips, it will become necessary for policies to be more specific. Most organizations find Linked In to be the most controllable and with the least potential for damage. Particularly, said Phillips, because many employees are not respecting that line between personal and enterprise. "Because these technologies are so different, it is at some point we expect policies are going to have to get granular," he said. "Our sense is high-performing teams will have to create unique Facebook, Twitter, Linked In and Google Docs policies.

But Facebook, with its security vulnerabilities, and the nature of its content, still makes many uncomfortable. And they are going to have to get that granular about what is appropriate and inappropriate with each tool. "We will end up with an open environment, but we will end up with some asterisks that say, it's open, but not 100 percent open. For example, some might say: 'It is not appropriate to use the company's name on your Facebook profile.'

Fraudsters are targeting social networking sites with increased frequency and users need to take precautions, the FBI warned. Clearly, the Data Snatchers have found a way to automate the creation of Facebook accounts, which means they've found a way to bypass the Facebook Capcha (the image of letters which are required for a new account, which are supposed to ensure that a human is involved)," said Thompson. Just today Roger Thompson, chief of research at AVG Technologies, blogged about an automated rogue spyware attack using Facebook in which hackers create new Facebook pages. "We're seeing rather a lot of these, all from different profiles, but with the same picture and link. Network World Extra: 12 tips for safe social networking The FBI meanwhile states that fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques.

Other spam entices users to download an application or view a video. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Some spam appears to be sent from users' "friends", giving the perception of being legitimate. Another fraudster favorite involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software, the FBI stated. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected, the FBI stated. Other malicious software gives the fraudsters access to your profile and personal information.

Symantec's Zulfikar Ramzan wrote in a recent CSO article that there's no question that online social networking continues to rise in popularity due to the numerous conveniences and opportunities it provides. These programs will automatically send messages to your "friends" list, instructing them to download the new application too, the FBI stated. There's also no question that social networking provides phishers with a lot more bait than they used to have. Games, links and notifications are the low-hanging fruit for phishers to use as they lead people into dangerous territory. Threats can come from all sorts of avenues within a social networking site.

As society picks up one end of the social networking stick, it finds that it inevitably picks up the security problems on the other end, he stated. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.•Be selective of your friends. The FBI recommended the following basic tips to help prevent most nefarious activities: •Adjust Web site privacy settings. Once selected, your "friends" can access any information marked as "viewable by all friends."•You can select those who have "limited" access to your profile. Users should consider how they want to use the social networking site.

This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.•Disable options and then open them one by one such as texting and photo sharing capabilities. If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.•Be careful what you click on. If you want to report an incident, the FBI says to file a complaint at its Internet Crime Complaint Center (IC3). Just because someone posts a link or video to their "wall" does not mean it is safe.

A proposed amendment that would have given Congress more oversight over the White House cybersecurity czar and at least 17 other czars appointed by President Obama was shut down in the U.S. Senate today. Susan Collins (R-Maine), sought to restrict federal funds for the expenses of White House-appointed czars unless two conditions are met. The amendment, proposed by Sen.

One of them was to require the president to agree that every czar would respond to "reasonable requests" to testify before Congress on matters related to the office. The proposed amendment was in an Interior Department environmental appropriations bill on the Senate floor. The other required White House-appointed czars to issue a report to Congress twice a year. In a statement , Collins said the amendment was needed to ensure greater transparency and accountability. The amendment however was ruled "non-germane" to the pending bill in the Senate this afternoon and will not move forward, a spokesman for Collins said in an e-mail. "The amendment fell," following an objection by Sen. She had claimed that direct White House appointees were largely insulated from congressional oversight and often duplicated or diluted the statutory authority and responsibilities of Cabinet-level appointees who had been vetted by Congress.

Dick Durbin (D-Ill.), he said. At a committee hearing in May on strategies for securing cyberspace, Collins had said that putting the White House in charge would make it harder for Congress to exercise oversight over critical cybersecurity policies and budgets. Collins, who is the ranking minority member of the Senate Homeland Security and Governmental Affairs Committee, had raised similar concerns previously, especially with regard to Obama's plans to appoint a White House cybersecurity czar, or agency coordinator. Collins proposed instead that the government consider adopting the model used in setting up the National Counterterrorism Center (NCTC). The NCTC, which was established in August 2004 on the recommendations of the 9/11 Commission, works in the Office of the Director of National Intelligence (ODNI), a setup that allows for greater congressional oversight, she had said. The president announced the position in May and stressed the need for a national strategy for securing U.S. interests in cyber space. The developments come amid a delay by the White House in naming a new cybersecurity coordinator.

The delay in making the appointment has fueled speculation about the likely candidates and the nature of the job . Earlier this month, the Reuters news service. quoting an unnamed source with "direct knowledge" of the matter, said the front runner for the post was Frank Kramer , an assistant defense secretary under President Bill Clinton.

In the days leading up to NASA's crashing of two halves of a space probe into the moon, doubters turned to the Internet to express fears that the lunar bombing would have negative effects on the Earth. In a quest to find out if there's water on the moon , NASA sent two separated halves of a spacecraft crashing into a permanently dark crater on the south pole of the moon this morning. Scientists and astronomers were quick to step forward to refute any rumors and quell concerns, but rumors are still circulating online. The crashes were meant to send up a huge debris plume that could be measured and analyzed for evidence of water ice hiding in the cold, dark crater.

But detractors were quick to post online warnings about possible negative effects of the experiment. With NASA still hopeful to one day create a viable human outpost on the moon , it would be helpful for anyone there to find water rather than haul it up from Earth. Amy Ephron, an author and screenwriter, wrote an article for the Huffington Post earlier this week, questioning NASA for taking the risks associated with sending two spacecraft crashing into the surface of the moon. "Who did the risk assessment? Ephron was far from alone in her concerns. I mean, what if something goes wrong?" asked Ephron. "I could say something scientifically lame and ask, 'What if it gets thrown off its axis?' or something funny and suggest something (that I actually sort of believe), like, 'What if it somehow throws off the astrology?' Or that we're not risking - as we have the earth with continued experiments of this kind - sending the solar system out of balance. The Chicago Surrealist Movement posted an online petition , which was signed by 560 people, calling for NASA to halt the bombing of the moon.

Faith Vilas, director of the MMT Observatory , said she's been amazed by such negative reactions to the mission. And people against the LCROSS mission started their own Twitter presence with @helpsavethemoon . While some people said they felt NASA's plan was simply too aggressive an attack on the Earth's orbiter, some claimed that the impacts would change the Earth's tides, throw the moon off its axis or even affect women's menstrual cycles. There's simply no danger, she added. "The moon is impacted by nature and meteors all the time," said Vilas. "Nature has done much more damage to the moon than we just did. What we did was nothing. We were not likely to have any effect on the moon at all. We didn't have much of an impact at all." Bruce Betts, director of projects at The Planetary Society , said in an email to Computerworld that this morning's crashes will have no negative impact on the moon or the Earth. "The spacecraft are far too tiny compared to the moon, in fact, to have any significant effect on the moon's orbit or dynamics," he added. "The impact might be likened to a gnat hitting the windshield of a truck."

Microsoft CEO Steve Ballmer received a 5.5% decrease in his overall compensation last year as the company suffered through its first-ever drop in overall revenue, according to documents filed with the SEC Tuesday. Elop joined the company in January 2008 moving from Silicon Valley to the Seattle area. CEOs still getting big perks despite pay backlash The documents also reveal that Microsoft paid Stephen Elop, who heads Microsoft's business division, a hefty $4.1 million in relocation expenses.

Ballmer and three of the other executives named in the report – CFO Chris Liddell, COO Kevin Turner and Entertainment and Devices Division head Robbie Bach – also saw their 2009 overall compensation decrease. Overall, compensation for all Microsoft executives was down 29%. Ballmer's base salary actually rose from $640,833 to $655,833, but his cash incentives payments were down $100,000 to $600,000 in 2009. Ballmer since becoming CEO in January of 2000 has not taken any stock compensation. Elop was the only one of the five executive's listed who saw his compensation rise in fiscal year 2009. Elop's comparable figure for fiscal year 2008, however, only reflects six month's salary as he joined the company half way through the fiscal year. He already owns more than 400 million shares, which gives him ownership of 4.5% of the company. Turner's base salary rose $21,000 to $641,667, but his overall compensation dropped 37% from $8.6 million to $5.4 million.

Liddell, saw his salary increase by $20,000 to $561,667, but his overall compensation dropped 26% from $4.7 million to 3.5 million. Bach's base salary also rose $21,000 to $641,667, but his overall compensation dropped 24% from $8.2 million to $6.2 million. Turner was the lone exception as he also suffered a loss in his cash incentive payment of $47,981. The number likely won't brighten in fiscal year 2010, which started July 1 for Microsoft. All the executives suffered their losses based on drops in the fair market value of their stock awards at the time they were granted. The company decided in January 2009 to eliminate merit-based salary increases for fiscal year 2010. The decision also includes freezing base salaries for executive officers at their 2009 levels for fiscal year 2010. The report also lists the evaluation the Board put forth on Ballmer's performance in 2009 and his merit for compensation via the companies incentive plan.

This amount was recommended by the Compensation Committee to the Board based on his performance appraisal by the independent members of the Board and other information deemed relevant, including Mr. Ballmer's performance against his individual commitments, the Company's progress in key product development areas such as Windows and online search, his leadership in expense management which helped to offset the declines in revenue due to the economic downturn, and the financial performance of the Company relative to the 25 largest technology companies (measured by operating income). The independent members of the Board of Directors considered the recommendation of the Compensation Committee and approved Mr. Ballmer's Incentive Plan award." Follow John on Twitter. The evaluation states: "For fiscal year 2009, Mr. Ballmer's Incentive Plan award was $600,000 which was 90% of his base salary.

Research firm Gartner is projecting that 20% of households worldwide will be connected to the Internet through a broadband connection by year-end. Following behind South Korea in broadband penetration rate are the Netherlands (80%), Denmark (75%), Hong Kong (72%), Canada (69%) and Switzerland (69%). Gartner says that the United States lags behind many developed countries with a 60% broadband penetration rate, although this still ranks the United States ahead of countries such as Japan (58%), Germany (55%), Australia (55%) and Sweden (54%). Over the next four years, however, Gartner expects broadband penetration in the United States to rise rapidly, as it is projected to add 27 million new connections and hit a penetration rate 78% by 2013. If the United States is successful in adding these new connections, Gartner projects that it will leapfrog several countries that it now trails in terms of broadband penetration rate, including New Zealand, the United Kingdom and Norway. WiMAX changes lives in rural Thailand In all, Gartner projects that 422 million households worldwide will have a fixed broadband connection by the end of this year, an increase of 10.5% from the 382 million households that had a fixed broadband connection at the end of 2008. Looking further down the road, Gartner projects that 580 million households worldwide will have a fixed broadband connection, an increase of 37% over the number projected to have broadband by the end of 2009. South Korea is currently the leader in household broadband penetration, Gartner reports, as 86% of South Korean households have broadband connections. South Korea is still projected to be the king of broadband penetration, however, as Gartner predicts that 93% of South Korean households will be connected to the Web via broadband in 2013. Gartner also predicts that developing countries will add 135 million new broadband connections over the next four years, with Brazil, Russia, India and China accounting for more than two-thirds of new connections in the developing world and nearly half of all new connections worldwide.