ENISA: aspetti di sicurezza degli Online Social Networks (parte prima)

L'European Network and Information Security Agency (ENISA) ha pubblicato il suo primo "Position Paper" dal titolo "Security Issues and Recommendations for Online Social Networks" (pdf, 36 pp 1.8 M). I position paper sono documenti di approfondimento che ENISA realizza sui temi significativi dal punto di vista dei rischi emergenti per mezzo dei quali vengono forniti anche suggerimenti per gestire le relative minacce.

Gruppo di lavoro

A questo position paper hanno contribuito:

  • Alessandro Acquisti, Carnegie Mellon University (qui una mia intervista ad Acquisti del 2006 per IsacaRoma newsletter)
  • Elisabetta Carrara, ENISA
  • Fred Stutzman, UNC
  • Jon Callas, PGP Corp
  • Klaus Schimmer, SAP
  • Maz Nadjm, Rareface
  • Mathieu Gorge, Vigitrust
  • Nicole Ellison, MSU
  • Paul King, Cisco Systems
  • Ralph Gross, Carnegie Mellon University
  • Scott Golder, Hewlett-Packard

Indice del documento

  • EXECUTIVE SUMMARY
    • THREATS
    • RECOMMENDATIONS
  • INTRODUCTION
  • PRINCIPAL THREATS
    • PRIVACY RELATED THREATS
      • 1. Digital Dossier Aggregation
      • 2. Secondary Data Collection
      • 3. Face Recognition
      • 4. CBIR (Content-based Image Retrieval)
      • 5. Linkability from Image Metadata, Tagging and Cross-profile Images
      • 6. Difficulty of Complete Account Deletion
    • SNS VARIANTS OF TRADITIONAL NETWORK AND INFORMATION SECURITY THREATS
      • 7. SN Spam
      • 8. Cross Site Scripting, Viruses and Worms
      • 9. SNS Aggregators
    • IDENTITY RELATED THREATS
      • 10. Spear Phishing using SNSs and SN-specific Phishing.
      • 11. Infiltration of Networks Leading to Information Leakage
      • 12. Profile-squatting and Reputation Slander through ID Theft
    • SOCIAL THREATS
      • 13. Stalking
      • 14. Bullying
      • 15. Corporate Espionage
  • RECOMMENDATIONS AND COUNTERMEASURES
    • GOVERNMENT POLICY RECOMMENDATIONS
      • 1. Encourage awareness-raising and Educational Campaigns
      • 2. Review and Reinterpret Regulatory Framework
      • 3. Increase Transparency of Data - handling Practices
      • 4. Discourage the Banning of SNSs in Schools
    • PROVIDER AND CORPORATE POLICY RECOMMENDATIONS
      • 5. Promote Stronger Authentication and Access-control where Appropriate
      • 6. Implement countermeasures against Corporate Espionage using SNSs
      • 7. Maximise Possibilities for Reporting and Detecting Abuse
      • 8. Set Appropriate Defaults
      • 9. Providers should offer Convenient Means to Delete Data Completely
    • TECHNICAL RECOMMENDATIONS
      • 10. Encourage the Use of Reputation Techniques
      • 11. Build in Automated Filters
      • 12. Require the Consent of the Data Subject to Include Profile Tags or e-Mail Address Tags in Images
      • 13. Restrict Spidering and Bulk Downloads
      • 14. Provide more Privacy Control over Search Results
      • 15. Recommendations for Addressing SNS Spam
      • 16. Recommendations for Addressing SNS Phishing
    • RESEARCH AND STANDARDISATION RECOMMENDATIONS
      • 17. Promote and Research Image - Anonymisation Techniques and Best Practices
      • 18. Promote Portable Networks
      • 19. Research into Emerging Trends in SNSs
    • CONCLUDING REMARKS 
  • REFERENCES AND LINKS

Articoli collegati in questo sito

Link

AG-Vocabolario: