From the ISACA website an article on Tips for Addressing Social Media Risks
The article starts:-
Does your organization use social media? How do you know for sure? Social media usually require no special technology, little or no involvement from IT, and no official project plan or explicit permissions to get started. Social media involve the creation and dissemination of information through social networks using the Internet. Social media tools include blogs, product review sites, Twitter, Facebook, LinkedIn, YouTube, Wikipedia and many other outlets. Any Internet site that allows individual users to supply content can be considered a type of social media.
Managing the risks from social media requires that the organization have a social media strategy, sound policy and a plan to address the risks that accompany social media technology.
The article highlighst some of the risks and approaches to understanding and mitigating risks. It links to a complimentary copy of the ISACA white paper on Social Media: Business Benefits and Security, Governance and Assurance Perspectives
An abstract from the white paper:-
Initiated as a consumer-oriented technology, social media is increasingly being leveraged as a powerful, low-cost tool for enterprises to drive business objectives such as enhanced customer interaction, greater brand recognition and more effective employee recruitment. While social media affords enterprises many potential benefits, information risk professionals are concerned about its inherent risks such as data leakage, malware propagation and privacy infringement. Enterprises seeking to integrate social media into their business strategy must adopt a cross-functional, strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.
There are a number of other useful links