Mark Zuckerberg Facebook chief executive, claims the groups feature will give users tighter control over who they share information with.
Facebook also plans to enable users to download all the information they have put on the site and see how individual applications are using that information.
But, while these are a step in the right direction they may add complexity rather than improving online safety, said Paul Ducklin (pictured), Sophos head of technology, Asia Pacific.
The latest changes implemented by Facebook may well be another missed opportunity to get the fundamentals right, he said.
Facebook would do better to make a real grassroots change to its security than adding more security-related dashboards, said Ducklin.
Facebook should adopt a completely opt-in model that requires users to agree to the terms and conditions of each feature before they sign up to them, he said.
Some 93% of respondents to a poll conducted by Sophos in May 2010 said they would prefer to "opt-in" rather than "opt-out" of sharing their information with others.
"No doubt Facebook shareholders looking forward to the IPO will want to maximise the number of users and the openness and availability of the information posted," said Ducklin.
"But Facebook is influential enough now to make bigger long-term gains by getting ahead of the regulatory curve, than by waiting until legislators force them to change their opt-in/opt-out attitudes," he said.