Brian P Burns, Deputy CIO, Department of the Navy
Bottom line: The security of Social Media starts with the protection of data and user behavior — not necessarily the tool sets.
I.e., the tools are not the challenge, the risks are with the data and the user’s behavior.
Brian is a part of the Federal CIO Council — ISIMC
Info Security and identity management committee
Chartered in Dec 2008
Security Program Mgmt
Security acquisition – contract language
Identity, Credentialing and access mangment
Network and Infrastructure security
We need to take an information-centric approach to the way we handle social media.
Layers (clouds) of service within Federal Govt, DoD, Dept of Navy – collaboration with other branches
Security constraints internally and externally
From high-sec only on mil to FIPS199 – low sensitivity on .gov sites
Gov 20 (embrace of web20)
Web 20 (platform and interaction – user-created content, not just viewing but interacting, using, contributing)
Risk, attacks and their application to the Federal Government
Spear Phishing (attacks using email, social networking, getting you to click, get account #s, etc.)
Social Engineering (self, family and friends, colleagues and neighbors, citizens and market — exploting relationship
Web application security
Security of Social Media — starts with the protection of data and user behavior — not necessarily to tool sets.
Question: Air Force: Curious about IA community and the NetOps community and Branches — is there cooperation to secure and also give flexibility?
A: Brian: Innovation comes faster than the security wrapper. We’re trying to set the protocols so the secure implementation comes more quickly with innovation.
Navy CIO talking social media, #gov20, threats, benefits, applications for Navy, DoD, Fed Govt. #pfgov