Information Governance (InfoGovernance) is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information to enable an organization to achieve its goals. Information governance should be an element in planning an enterprise's information architecture.

(Gartner Hype Cycle for Legal and Regulatory Information Governance, 2009, December 2009).

An Engagement Area (EA) is an area where the commander of a military force intends to contain and destroy an enemy force with the massed effects of all available weapons systems.

(FM 1-02, Operational Terms and Graphics, September 2004).

Saturday, November 8, 2014

Is Social Media Risky? Organizational Considerations (Cartoon and Clip)

The Cartoon and Clip of the Week for November 7, 2014

Daily we read, see and hear more and more about the organizational risks associated with social media use. This week’s cartoon and clip highlights a unique approach to dealing with social media risk (cartoon) and some considerations for thinking about and evaluating organizational risk and cost related to social media (clip).


Organizational Risk and Costs
While the benefits of social media use in the workplace can be great, the risks associated with social media usage by organizational employees can also be great.   These risks, many times grouped according to their origin as a data risk, a behavior risk, and/or a technology risk, can have a significant impact on key organizational areas to include but not limited to:
  • Revenue: The potential for organizational revenue loss based on reputation damage and confidential information exposure.
  • Productivity: The potential for organizational productivity loss based on too much time spent on social networks and use of social networks to undermine management by circumventing established hierarchy and workflow patterns.
  • Security: The potential organization information system security compromise based on the introduction of malware into technology systems and uncontrolled exchange of data.

A Simple Framework for Considering Social Media Risk

In order to appropriately evaluate and address potential social media risk within an organization, its important to have a simple and understandable approach from which to begin considering an organization’s social media landscape.   While there are many tactics and techniques for evaluating and addressing potential social media risks, the following four steps may provide a useful and overarching framework for beginning to consider social media risk:

  • Do you have a risk related to social media? (Example:  Potential or Actual Risk)
  • Have you done an impact analysis on how the social media risk might impact the organization?  (Example:  Acceptable or Unacceptable Risk)
  • Have you identified the social media networks that might contribute to social media risk with the organization?  (Example:  LinkedIn, Facebook, Twitter)
  • Have you identified employees that may be using social networks in the workplace?  (Example: Individuals, Workgroups, Departments)
  • Have you determined the location where social networks are being accessed?  (Example:  Inside Corporate Firewall, Outside Corporate Firewall)
  • Have you established policy or guidance addressing the access of social networks by employees?  (Example:  Social Media Usage Policy, Corporate Communication Device Usage Policy)
  • Do you have a system in place to monitor usage of social media networks?  (Example:  Active Technology Monitoring, Passive Human Sampling)
  • Have you established an individual, workgroup, or department as the lead in assessing social media usage reports?  (Example:  Director of Human Resources, Office of Compliance, IT Department)
While there are many additional considerations that could be added to this short listing, the benefit of the framework is that it can help you get started evaluating and addressing social media risk in an intentional and proactive manner.