| 6.3 | Social Media system provide an up-to-date security center, with security training and awareness information |
|
|
|
|
|
|
|
|
| 6.4 | Social Media system provide complete and accurate help and a FAQs section |
|
|
|
|
|
|
|
|
| 6.5 | Social Media language selection is possible, the translation accurate, without errors |
|
|
|
|
|
|
|
|
| 7 | Security: Social Media system should provide trusted communication channels between the user and the data Servers | 1 | 2 | 3 | 4 | 1 | 2 | 3 | 4 |
| 7.1 | Social Media system initiate a session lock after a period of inactivity or on user request |
|
|
|
|
|
|
|
|
| 7.2 | Social Media system enforces a limit on consecutive invalid access attempts by a user during a period of time. |
|
|
|
|
|
|
|
|
| 7.3 | Social Media system implement an appropriate time-out logoff period |
|
|
|
|
|
|
|
|
| 7.4 | Social Media system encrypt passwords in storage and in transmission |
|
|
|
|
|
|
|
|
| 7.6 | Social Media system enforce password restrictions, such as complexity, length, expiry period, reuse, etc. |
|
|
|
|
|
|
|
|
| 8 | Privacy and Confidentiality: Social Media system should protect user information against unauthorized access by third parties | 1 | 2 | 3 | 4 | 1 | 2 | 3 | 4 |
| 8.1 | Social Media system clearly state what personal information is collected and for what purposes it will be used |
|
|
|
|
|
|
|
|
| 8.2 | Social Media system require users to confirm statements indicating that they understand the conditions of access |
|
|
|
|
|
|
|
|
| 8.3 | Social Media system ask for permission before distributing personal information to third parties |
|
|
|
|
|
|
|
|
| 8.4 | Social Media personal information collection and storage mechanisms comply with the data protection regulation of the institution |
|
|
|
|
|
|
|
|
| 8.5 | Social Media private or confidential contents are accessed with passwords |
|
|
|
|
|
|
|
|
| 9 | Expressiveness: Social Media system should guide users on security in a manner that still gives them freedom of expression | 1 | 2 | 3 | 4 | 1 | 2 | 3 | 4 |
| 9.1 | Social Media users are initiators of security actions rather than respondents |
|
|
|
|
|
|
|
|
| 9.2 | Social Media system correctly anticipate, and prompt for, the user’s probable next security-related activity |
|
|
|
|
|
|
|
|
| 9.3 | Social Media user can tell the security state of the system and the alternatives for security-related actions if needed |
|
|
|
|
|
|
|
|
| 9.4 | Social Media system clearly state its security capabilities |
|
|
|
|
|
|
|
|
| 9.5 | Social Media system clearly state the users’ responsibilities in terms of security actions |
|
|
|
|
|
|
|
|