Professional Documents
Culture Documents
Full Chapter Security Risks in Social Media Technologies Safe Practices in Public Service Applications 1St Edition Alan Oxley Auth PDF
Full Chapter Security Risks in Social Media Technologies Safe Practices in Public Service Applications 1St Edition Alan Oxley Auth PDF
https://textbookfull.com/product/application-of-social-media-in-
crisis-management-advanced-sciences-and-technologies-for-
security-applications-1st-edition-babak-akhgar/
https://textbookfull.com/product/uncertainties-in-gps-
positioning-a-mathematical-discourse-1st-edition-alan-oxley/
https://textbookfull.com/product/networked-public-social-media-
and-social-change-in-contemporary-china-1st-edition-wei-he-auth/
https://textbookfull.com/product/public-administration-
partnerships-in-public-service-fifth-edition-edition-johnson/
Public Service Innovations in China 1st Edition Yijia
Jing
https://textbookfull.com/product/public-service-innovations-in-
china-1st-edition-yijia-jing/
https://textbookfull.com/product/wireless-positioning-
technologies-and-applications-second-edition-alan-bensky/
https://textbookfull.com/product/mapping-the-risks-and-risk-
management-practices-in-islamic-banking-1st-edition-mehmet-
asutay/
https://textbookfull.com/product/ethics-and-management-in-the-
public-sector-1st-edition-alan-lawton/
https://textbookfull.com/product/challenges-and-opportunities-in-
public-service-interpreting-1st-edition-theophile-munyangeyo/
Security Risks in Social Media Technologies
CHANDOS
SOCIAL MEDIA SERIES
This series of books is aimed at practitioners and academics involved in using social
media in all its forms and in any context. This includes information professionals,
academics, librarians and managers, and leaders in business. Social media can enhance
services, build communication channels, and create competitive advantage. The impact
of these new media and decisions that surround their use in business can no longer be
ignored. The delivery of education, privacy issues, logistics, political activism and
research rounds out the series’ coverage. As a resource to complement the understanding
of issues relating to other areas of information science, teaching and related areas, books
in this series respond with practical applications. If you would like a full listing of
current and forthcoming titles, please visit our website www.chandospublishing.com or
email wp@woodheadpublishing.com or telephone +44 (0) 1223 499140.
New authors: we are always pleased to receive ideas for new titles; if you would like to
write a book for Chandos in the area of social media, please contact George Knott,
Assistant Commissioning Editor, on george.knott@chandospublishing.com or telephone
+44 (0) 1993 848726.
Bulk orders: some organisations buy a number of copies of our books. If you are
interested in doing this, we would be pleased to discuss a discount. Please email
wp@woodheadpublishing.com or telephone +44 (0) 1223 499140.
Security Risks in
Social Media Technologies
Safe practices in public service
applications
ALAN OXLEY
Chandos Social Media Series ISSN: 2050-6813 (print) and ISSN: 2050-6821 (online)
© A. Oxley, 2013
ix
Security Risks in Social Media Technologies
Tables
1.1 Comparison of Web 1.0 and Web 2.0, 2005 5
1.2 Twitter usage by age in the USA, February 2013 15
1.3 Twitter usage by household income in the USA,
February 2013 16
1.4 Twitter usage by level of education in the USA,
February 2013 16
1.5 Twitter usage by ethnicity in the USA,
February 2013 16
1.6 Patterns of some Web 2.0 applications,
circa 2005 23
2.1 Situational features of emergency tweets 65
x
List of figures and tables
xi
List of abbreviations
API application programming interface
AUP acceptable use policy
GCHQ Government Communications Headquarters
ICO Information Commissioner’s Office
ISP internet service provider
JSON JavaScript Object Notation
NGO non-governmental organization
PTA parent–teacher association
REST Representational State Transfer
RPC remote procedure calling
SSO single sign-on
TPM Trusted Platform Module
VLE virtual learning environment
xiii
Acknowledgments
The author wishes to thank the IBM Center for the Business
of Government for providing funding for a project directly
related to Security Risks in Social Media Technologies.
xv
Preface
Security measures can be used by management, IT staff, and
users in participatory or collaborative service provision
within the public sector. Security Risks in Social Media
Technologies explores this issue. Topics are targeted, and
issues raised and lessons learned are analyzed. This book
helps readers understand the risks posed by Web 2.0
applications and gives clear guidance on how to mitigate
those risks. The body of the book is concerned with social
media, the dominant Web 2.0 technology associated with
security in the public sector. The scope, however, includes
more than social networking. Among other things there are
wikis, and these are being used in the public service. As an
example, the military use wikis. The body of the book
comprises three topics, each of which is presented from an
international perspective. In particular, reference is made to
activities in the USA, Australia, and the UK, where Web 2.0
adoption in public services is receiving a great deal of
attention. The first one concerns security controls. The
second topic concerns acceptable use policies (AUPs). The
third topic concerns the use of social media in schools,
where parents are liaising with the school, for example.
This book:
xvii
Security Risks in Social Media Technologies
xviii
Preface
xix
Security Risks in Social Media Technologies
xx
Preface
xxi
About the author
Alan Oxley is a Professor of Computer and Information
Sciences at Universiti Teknologi PETRONAS in Malaysia.
Alan is an all-rounder in computer science and has written
numerous academic articles and chapters. He has expertise
in understanding the risks associated with the use of social
media and in formulating guidelines to mitigate them.
Recently he was awarded a research stipend by the IBM
Center for the Business of Government. (The basis for all of
the work undertaken by the IBM Center for the Business of
Government is to improve the effectiveness of government
work. Their reports draw attention to current research and
practice and make it generally available. The Center has a
Social Media Director, who is currently Gadi Ben-Yehuda.)
The author’s research led to the publication of the report A
Best Practices Guide for Mitigating Risk in the Use of Social
Media (Oxley, 2011). Readers have found the guidelines to
be extremely valuable and have incorporated much of the
advice into their literature on IT security, including
confidentiality. The guidelines have been cited, and Alan’s role
as the sole author has been acknowledged. Hyperlinks point
to the guidelines and a web page describing his work.
Because of his leadership role in the development of
guidelines detailing social media risks and controls to
mitigate them Alan is well placed to act in the role of advisor
on these matters. A considerably more expansive exposition
of the topic is presented in Security Risks in Social Media
xxiii
Security Risks in Social Media Technologies
xxiv
About the author
email: alanoxley@petronas.com.my
Universiti Teknologi PETRONAS website: http://www.utp.
edu.my/
Author’s website: http://www.utp.edu.my/staff/ex.php?mod=
ex&sn=132723
xxv
Introduction
The increased pervasiveness of information and
communications technology in our lives has led to a
fundamental transformation of how people communicate,
and the popularity of social media platforms has contributed
to this phenomenon significantly.
Security Risks in Social Media Technologies explores how
security controls (or security measures) can be used by
information technology service managers and users in
participatory or collaborative service provision within the
public sector. A small number of topics are discussed and the
issues raised and lessons learned are analyzed. The book
describes the risks posed by certain Web 2.0 applications
and gives clear guidance on how to mitigate them.
The term “government” is used to describe central, state,
and local government. The public sector includes government
as well as other bodies.
Several Web 2.0 architectural patterns have been described,
for example by Governor, Hinchcliffe, and Nickull (2009).
One of them is “participation–collaboration” or “harnessing
collective intelligence,” which is concerned with self-
organizing communities of people and social interactions. It
should be noted that the participation–collaboration pattern
is not restricted to social media; for example, wikis make use
of this pattern. (It is worth pointing out that it is possible to
restrict access to a wiki to a certain group of individuals.)
xxvii
Security Risks in Social Media Technologies
xxviii
Introduction
xxix
Security Risks in Social Media Technologies
xxx
1
Background
For years, work-related technology and the corresponding
processes for using it have been evolving – telephones,
photocopiers, and so on were all new once. Since 2000 the
1
Security Risks in Social Media Technologies
2
Web 2.0 and social media
3
Security Risks in Social Media Technologies
Web 2.0
Wikipedia states that the term “Web 2.0” is associated with
web applications that “allow users to interact and collaborate
with each other in a social media dialogue as creators of user-
generated content in a virtual community” (Wikipedia, n.d.).
However, there is no simple definition of Web 2.0. Asking
the question “Why is it difficult to define Web 2.0?” might
elicit the response, “The web is changing so fast that any
definition would soon be out of date.” Wikis, weblogs, social
networking, social media sharing, mash-ups, folksonomies,
and web services are examples of aspects of Web 2.0. (Ibrahim
(2012) defines a web service as a programmable software
module that is equipped with standard interface descriptions
and can be universally accessed through standard network
communication protocols … The Web services technology is
endowed with a comprehensive set of standards, which
involves protocols, languages and frameworks. These
facilitate the clear description of the functionality of a Web
service, the easy location of a Web service over the Web and
the creation of a new Web service from existing ones.)
If you study internet technology you will only see part of
the picture, as Web 2.0 is also about how people use
internet technology. The term “Web 2.0” was coined in
2003 by Tim O’Reilly when he was planning a conference
and in 2005 he clarified what he meant by “Web 2.0”
(O’Reilly, 2005). According to him, Web 2.0 is the common
term used to describe the next generation of the World Wide
Web, which focuses on allowing users to share information
4
Web 2.0 and social media
5
Security Risks in Social Media Technologies
6
Web 2.0 and social media
Social media
According to Zarrella (2009), “social media is best defined in
the context of the previous industrial media paradigm.
Traditional media, such as television, newspapers, radio, and
magazines, are one way, static broadcast technologies… (a)
magazine… distributes expensive content to consumers, while
advertisers pay for the privilege of inserting their ads into that
content.” In addition, readers have no possibility to send
instant feedback if they disagree with something. Now it is
easy for everyone “to create – and most importantly – distribute
their own content” with the new web technologies (Zarella,
2009). “A blog post, tweet, or YouTube video can be produced
and viewed by millions virtually for free” (Zarella, 2009).
Kaplan and Haenlein (2010) define social media as “a group
of Internet-based applications that build on the ideological and
technological foundations of Web 2.0, and that allow the
creation and exchange of User Generated Content.”
A key feature of Web 2.0 is the simplicity with which
content can be created and disseminated for social purposes.
This content comprises words, graphics, photos, videos,
7
Security Risks in Social Media Technologies
8
Another random document with
no related content on Scribd:
Thus the “activity” of Leibnitz exactly corresponds to what we have
called individuality, and his “passivity” to that want of complete
internal systematisation which we have found inseparable from finite
existence. The immense significance of this definition of activity and
passivity in terms of internal systematisation will be more apparent
when we come, in our concluding book, to discuss the meaning of
human freedom, and its connection with determination and
“causality.” For the present it is enough to note that our own doctrine
is substantially that of Leibnitz freed from the inconsistency which is
introduced into it by the monadistic assumption of the complete
independence of the various finite individuals. It is, of course,
impossible to unite, as Leibnitz tried to do, the two thoughts. Either
there is ultimately only one independent individual, the infinite
individual whole, or there is no meaning in speaking of higher and
lower degrees of individuality. Leibnitz’s inconsistency on this point
seems due entirely to his desire to maintain the absolute individuality
of the particular human “soul,” a desire which is explained, partly at
least, by his anxiety not to come into collision, as Spinoza and others
had done, with the official theology of the period.
§ 8. The definition of infinite and finite individuality completes the
general outline of our conception of Reality as a whole, and its
relation to its constituent elements. Recapitulating that doctrine, we
may now say that the real is a single all-embracing whole of
experience or psychical matter of fact, determined entirely from
within by a principle of internal structure, and therefore completely
individual. Because the matter of the system is in all its parts
experience, the principle of its structure must be teleological in
character.[71] That is, the system must be the embodiment, in a
harmonious unity of conscious feeling, of a consistent interest or
mental attitude. As such we may call it the realisation indifferently of
a purpose or idea, and we may speak of the absolute experience as
the completed expression of an absolute knowledge or an absolute
will.
But if we do so, we must bear in mind that there can be here no
question of a thought which works upon and reconstructs into
systematic harmony a body of data originally supplied to it in a
relatively unintelligible and disconnected form from some foreign
source, or of a volition which gradually translates into reality an end
or purpose originally present to it as an unrealised idea. The
processes of thought and volition can clearly have no place in an
experience for which the what and the that are never disjoined; as
we shall by and by see more fully, they involve existence in time, and
existence in time can belong only to the finite and imperfect. Hence it
is best, in the interest of intellectual clarity and candour, to avoid the
use of such expressions as knowledge and will in speaking of the
absolute experience; at best they are in large part metaphorical, and
at worst potent weapons of intellectual dishonesty.[72] The
constituents of the system, again, are lesser experience systems of
the same general type, in each of which the nature of the whole
manifests itself, though to different degrees. They are thus all finite
individuals of varying degrees of individuality. The more
comprehensive and the more internally unified by an immanent
principle of teleological structure such a system, the more fully
individual it is, and the more adequately does it reveal the structure
of the all-pervading whole. This is the intellectual justification for our
instinctive belief that what is for our human experience highest and
best is ultimately in the constitution of the universe most completely
real.
66. Not the sum of them, because the systematic whole of Reality
is not a sum but a single experience. To identify it with the sum of its
appearances would be the same error which occurs in Ethics as the
identification of happiness (a qualitative whole) with the sum of
pleasures (a quantitative collection).
67. The reader will find it instructive to observe how Prof. Sidgwick
unconsciously assumes that the distinction between Reality and
Appearance means a distinction between two more or less
independent “worlds” or “things” (Philosophy: its Scope and
Relations, Lectures 1 and 4), and thus deprives his own criticism of
the antithesis of all validity as against a view like our own.
68. So, again, a velocity which is already infinitesimal may receive
an acceleration which is infinitesimal in relation to the velocity itself.
The reader’s own studies will no doubt furnish him with numerous
other illustrations of the same kind.
69. See for illustrations of the impossibility of carrying out a single
principle in our actual judgments of particular cases, Mr. Bradley’s
already quoted article in Mind for July 1902.
70. For a fuller exposition of the conception of infinity here adopted
I may refer the reader to the famous essay of Dedekind, Was sind
und was sollen die Zahlen, especially pp. 17-20. The English reader
will find an account of Dedekind’s work, with an acute discussion of
its metaphysical significance, in Royce, The World and the
Individual, First Series, Supplementary Essay. It does not seem
necessary for the purpose of this chapter to specify the points in
which I find myself unable to follow Professor Royce in his use of the
theory. See infra, chap. 4, § 10.
71. It would not be hard to show that in the end all systematic
structure is teleological. For all such structure in the last resort is a
form of order, and depends on the possibility of saying “here this is
first, that is second.” And wherever we predicate order we are
asserting the embodiment in detail of some dominant purpose.
72. In fact, it is clear that if we speak of “idea” or “volition” in
connection with the absolute individual, we cannot mean actual
“ideas” or actual “volitions.” We must be using the psychological
terms improperly in something of the same sense in which we speak
of a man’s “guiding ideas” or “settled will” to denote what clearly,
whatever it may be, is not actual ideational or volitional process. See
further, Bk. IV. chap. 6, § 1.
CHAPTER IV