Social Media Risk Metrics
-
Upload
iftach-ian-amit -
Category
Technology
-
view
890 -
download
0
Transcript of Social Media Risk Metrics
![Page 1: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/1.jpg)
The Newest Element of Risk Metrics: Social Media
Ian Amit @iiamit
![Page 2: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/2.jpg)
Spot the problem
![Page 3: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/3.jpg)
Basic Motivation - hottest/easiest vector!• “… in previous years, we saw phishing messages come and go and
reported that the overall effectiveness of phishing campaigns was between 10 and 20%. This year, we noted that some of these stats went higher, with 23% of recipients now opening phishing messages and 11% clicking on attachments. Some stats were lower, though, with a slight decline in users actually going to phishing sites and giving up passwords.”
• “For two years, more than two-thirds of incidents that comprise the Cyber-Espionage pattern have featured phishing.”
• 2015 DBIR
![Page 4: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/4.jpg)
Why do I want this? (1)
![Page 5: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/5.jpg)
Why do I want this? (1)
![Page 6: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/6.jpg)
Why do I want this? (2)
![Page 7: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/7.jpg)
Why do I want this? (3)• Are you engaged in a “controversial” practice?
Financial Services DIB Healthcare
Pharma Agribusiness LEA
Energy
![Page 8: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/8.jpg)
Coming up with a solution…
![Page 9: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/9.jpg)
Let’s create a framework!
![Page 10: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/10.jpg)
The solution should provide:
![Page 11: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/11.jpg)
How feasible is it?
Sentiment Analysis and German Elections
“Twitter can be seen as a valid real-time indicator of political sentiment.”
![Page 12: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/12.jpg)
http://www.aaai.org/ocs/index.php/ICWSM/ICWSM10/paper/viewFile/1441/1852
![Page 13: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/13.jpg)
Goal, Question, Metric
Victor Basili
Goals establishwhat we want to
accomplish.
Questions help us understand how to
meet the goal. They address
context.
Metrics identify the measurements that
are needed to answer the questions.
Goal 1 Goal 2
Q1 Q2 Q3 Q4 Q5
M1 M2 M3 M4 M5 M6 M7
![Page 14: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/14.jpg)
GQM Example: Patch Management
Patching Scorecard
Goal 1: Comprehensive
Goal 2: Timely
Goal 3: Cost Efficient
![Page 15: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/15.jpg)
Patching Scorecard
Goal 1: Comprehensive
Goal 2: Timely
Goal 3: Cost Efficient
% Coverage by Business Units
%Coverage by Asset category
%Coverage by Risk
Unix
Windows Server
DesktopOS
Components
Likelihood
Impact
Most Significant Failures
Repeat Offenders
By Asset Category
By Location (DMZ, Semi-Pub, Internal)
By Business Unit
By Asset Category
By Location (DMZ, Semi-Pub, Internal)
By Business Unit
![Page 16: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/16.jpg)
Patching Scorecard
Goal 1: Comprehensive
Goal 2: Timely
Goal 3: Cost Efficient
What should our Priorities be for timeliness?
What is Policy for timeliness?
What other Considerations for Timeliness?
What is time to patch like for assets with worst Likelihoods?
What is time to patch like for assets with worst Impacts?
What % are Late by
What are our Repeat Offenders?
likelihood
Impact
by asset category
by business unit
by risk
UNIX
Windows Server
Desktop
likelihood
impact
![Page 17: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/17.jpg)
Patching Scorecard
Goal 1: Comprehensive
Goal 2: Timely
Goal 3: Cost Efficient
Cost
Risk Reduction
Hour per Asset spent PatchingBy Asset Category
By Location (DMZ, Semi-Pub, Internal)
By Cost Per Hour
Hour per Asset, by ALE per Hour
Hour per asset category
![Page 18: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/18.jpg)
GQM for SMRM• Goal: Provide a social media risk scorecard for a person/
organization.
• Questions: How would one’s OA affect the likelihood of a threat? How would one’s OA affects the impact of a threat, and the areas of impact? How does unsanctioned presence of someone affect said threats?
• Metrics: Provide a qualitative* approach to measuring the overall risk, as well as specific aspects of the social media presence.
*And when we say qualitative we lie a little bit…
![Page 19: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/19.jpg)
More Goals!• Provide a measurable way to quantify risk associated with online activity of the
organization and it's employees.
• Provide another measure for quantifying risk of working with 3rd parties and contractors.
• Create a score for executives to measure their social media exposure (from an exec protection perspective, insider trading, etc...)
• Create a score for measuring and comparing intra and extra industry social media risk ratings
• Be able to quantify the effect of changing controls, processes and policies on the risk associated with social media.
![Page 20: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/20.jpg)
Enter, SMRM!
![Page 21: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/21.jpg)
Is the individual risky?
![Page 22: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/22.jpg)
Is the individual risky?
![Page 23: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/23.jpg)
Is the individual risky?
![Page 24: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/24.jpg)
Is the individual risky?
![Page 25: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/25.jpg)
![Page 26: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/26.jpg)
Scorecard Development• Started with the basics, comparative measurements…
• Qualitative approach dictates trying to leave quantitative elements out (which we kind’a try to). So the compromise was to provide a fairly detailed breakdown of elements, and instead of measuring them on a scale, only indicate presence (1 or 0).
• Aggregation didn't work (per-se), Averaging would not take into account the full magnitude of the largest elements, MAX() would not factor in contribution from smaller ones. We have to provide more accurate weights…
![Page 27: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/27.jpg)
Scoring Approach• Ended up with providing a weighting system for the major elements
and their importance to the organization (context?!).
• Given X points to distribute between Y elements. Weight = Y’/X where Y’ is the number of points given to each element.
• Sum(Y’…Y’’)=1
• Apply weighting to the scorecard to get weighted risk score. (where weights are appropriate for the organization’s operational context).
![Page 28: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/28.jpg)
Scorecard Status
Likelihood
Manifestation
Impact
# online threats
![Page 29: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/29.jpg)
Personal
Scorecard Status
Likelihood
Manifestation
Impact
# online threats
Likelihood
Manifestation
Impact
# online threats
Corporate Malicious Content
Negative Sentiment
Information Leaks
![Page 30: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/30.jpg)
What Data do I Need?Size
# of monitored assets
Geography
Chatter
ImpersonationsSentiment
![Page 31: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/31.jpg)
How can you do it?
![Page 32: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/32.jpg)
Step 1
None at all None but public information
Volitional Enforced
![Page 33: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/33.jpg)
Step 2
![Page 34: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/34.jpg)
Step 3
![Page 35: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/35.jpg)
Step 4Collect <ALL> the data
E T L
![Page 36: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/36.jpg)
Scraping
Twitter Scraping:
http://knightlab.northwestern.edu/2014/03/15/a-beginners-guide-to-collecting-twitter-data-and-a-bit-of-web-scraping/
<link rel="alternate" type="application/json+oembed" href="https://api.twitter.com/1/statuses/oembed.json?id=623493258958606336" title="Guy Fieri, CISO on Twitter: "Which is more dangerous @nudehaberdasher, @0xcharlie, @a_greenberg stunt in the wild, or Nationalist Attribution Rhetoric from @taosecurity?"">
![Page 37: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/37.jpg)
Step 5Store the data
MARCUS SAYS BIG DATA
![Page 38: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/38.jpg)
Step 6Analysis
![Page 39: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/39.jpg)
Example of Using SA for Subjective RatingWarning - subjectivity ahead!
![Page 40: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/40.jpg)
![Page 41: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/41.jpg)
Step 6bBig data magic
![Page 42: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/42.jpg)
Step 7Scorecard
![Page 43: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/43.jpg)
DEMO
![Page 44: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/44.jpg)
Where can you get it?
• The Society of Information Risk Analysts
• http://www.societyinforisk.org
• As well as on the SMRM site:
• http://risk-metrics.com/
![Page 45: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/45.jpg)
Take-away1. Check what is your current social media security policy (if you have
one).
2. Do you have a current risk model that incorporates social media as part of it (attack surface / information leak / intelligence)
3. Measure your current social media risk posture for key individuals in your organization.
• And then in 2-3 months - measure again to see whether any changes you have implemented in light of the initial measurement had the right impact.
![Page 46: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/46.jpg)
Thank you!
Questions?
@iiamit
![Page 47: Social Media Risk Metrics](https://reader034.fdocuments.in/reader034/viewer/2022051300/58a1da831a28abb6678b5f37/html5/thumbnails/47.jpg)
ReferencesSentiment analysis and german elections: http://www.aaai.org/ocs/index.php/ICWSM/ICWSM10/paper/viewFile/1441/1852Analyze tone of text: https://tone-analyzer-demo.mybluemix.net/Analyze personality based on text: https://watson-pi-demo.mybluemix.net/Sentiment analysis (list from http://breakthroughanalysis.com/2012/01/08/what-are-the-most-powerful-open-source-sentiment-analysis-tools/)Python NLTK (Natural Language Toolkit), http://www.nltk.org/, but see also http://text-processing.com/demo/sentiment/
R, TM (text mining) module, http://cran.r-project.org/web/packages/tm/index.html, including tm.plugin.sentiment.RapidMiner, http://rapid-i.com/content/view/184/196/.GATE, te General Architecture for Text Engineering, http://gate.ac.uk/sentiment/.
Apache UIMA is the Unstructured Information Management Architecture, http://uima.apache.org/ — also sentiment classifiers for the WEKA data-mining workbench, http://www.cs.waikato.ac.nz/ml/weka/. See http://www.unal.edu.co/diracad/einternacional/Weka.pdf for one example.Stanford NLP tools, http://www-nlp.stanford.edu/software/LingPipe, (pseudo-open source). See http://alias-i.com/lingpipe/demos/tutorial/sentiment/read-me.html.