GAO: Agencies need policies and procedures for social media

GAO: Agencies need policies and procedures for social media

Federal agencies increasingly use recently developed Internet technologies that allow individuals or groups to , organize, comment on, and share online content. The use of these social media services including popular Web sites like Facebook, Twitter, and YouTube has beenorsed by President Obama and provides opportunities for agencies to more readily share information with and solicit feedback from the public. However, these services may also pose risks to the adequate protection of both personal and government information.

GAO examined the headquarters-level Facebook pages, Twitter accounts, and YouTube channels of 24 major federal agencies; reviewed pertinent policies, procedures, and guidance; and interviewed officials involved in agency use of social media.

GAO founds that the use of these services can pose challenges in managing and identifying records, protecting personal information, and ensuring the security of federal information and tems. However, social media technologies present unique challenges and risks, and without establishing guidance and assessing risks specific to social media, agencies cannot be assured that they are adequately meeting their responsibilities to manage and preserve federal records, protect the privacy of personal information, and secure federal tems and information against threats.

GAO recommends that:

- To ensure that appropriate privacy and security measures are in place when commercially provided social media services are used, the Secretary of Defense should conduct and document a privacy impact assessment that evaluates potential privacy risks associated with agency use of social media services and identifies protections to address them;

- To ensure that appropriate security measures are in place when commercially provided social media services are used, the Secretary of Homeland Security should conduct and document a security risk assessment to assess security threats associated with agency use of commercially provided social media services and identify security controls that can be used to mitigate the identified threats;

- To ensure that appropriate privacy and security measures are in place when commercially provided social media services are used, the Secretary of State should conduct and document a privacy impact assessment that evaluates potential privacy risks associated with agency use of Twitter and YouTube and identifies protections to address them;

- To ensure that appropriate privacy and security measures are in place when commercially provided social media services are used, the Secretary of State should conduct and document a security risk assessment to assess security threats associated with agency use of commercially provided social media services and identify security controls that can be used to mitigate the identified threats;

The document, with all the recommendations, is available here:
http://www.gao.gov/new.items/d11605.pdf

venerdì 29 luglio 2011
social:

Sei iscritto alla members area? Fai il login, oppure iscriviti.










Misura antispam: Quanto fa più 7?