Summary: | Purpose This thesis analyses what are the current information security risks and opportunities of social media in a business context based on publications from 2015 to 2020. Design/methodology/approach This papers follows a qualitative method, particularly a Systematic Literature Review guided by Okoli and and Schabram (2010), the concept-centric approach described by Webster and Watson (2002) and thematic analysis described by Braun and Clarke (2006). Findings Data leaks, non-compliance and reputational risks seem to be the most significant corporate social media risks. Adopting social media policies and providing employees social media security education, training and awareness are the most mentioned controls by the reviewed literature. Social media are more and more used as a threat intelligence source and for cyber security prediction and detection. Furthermore, social media may be used for InfoSec discussion, as a tool for Information Security Training and Awareness, for internal cyber threat sharing and for incident response handling. Originality/value This thesis provides an overall view of the risks, controls and opportunities that social media use implies for private organizations. Further research is needed that focuses primarily on the opportunities that social media offer to strengthen business Information Security.
|