The Assessment Process

The first step toward implementing a strategic social media security practice includes mapping out the current environment to understand the immediate, medium, and long-term implications of engaging communities online. Once initiated, the organization’s involvement with the communities they develop online changes through time, with varying risks and challenges along the way. To prepare for the journey, the organization must conduct an audit of sorts, or rather, what we call a social media assessment process.

The process we have defined will seem familiar to anyone who has conducted a security audit or performed a security assessment. The book will progress through the following steps:

1. Strategy analysis Define what social media strategies and tools are currently in place and how they are being used, and determine what social media security measures are in place. Assess the whole environment and determine where the gaps are.

2. Threat analysis Define and summarize the threat landscape and determine entry points. The threat landscape refers to the different methods by which a company can be attacked, whether it’s a technology attack using spyware or a Trojan horse application in a Facebook application or a customer bashing your brand on Twitter.

3. Operations, policies, and controls Define and implement operational tactics to address threats. Implement new policies and controls to reduce the risk.

4. Monitoring and reporting Implement a lifecycle process for continuous monitoring and reporting on the social media tools, projects, and strategies that you implement and the security implications of each. Perform consistent reporting to ensure that new security strategies remain in effect and effective over time.

Why Follow the Assessment Process?

The assessment process allows you to identify the organization’s current social media activity, the tools and platforms being used, the personnel responsible for community engagement, and the gaps in security and social media policies across existing accounts, social media profiles, and personnel policies. An assessment process is an ongoing and iterative process and, as such, has to track what is being said online about the brand, the company’s products and services, as well as the way communities are communicating about the company and brand, outside of any corporate social media initiatives.

This “ear to the ground” approach enables a constant research and response process that informs the organization about changing community preferences around tools, tone, and user interface so the company can remain flexible enough to react quickly to threats and real attacks against the company’s technologies and reputation. Short-and long-term communication objectives must be created, along with proposed deployment methodologies for each platform. In the chapters that follow, we describe how to assess the internal and external environment and will present a flexible methodology for deploying, managing, and securing your social media strategy. We call this methodology the H.U.M.O.R. Matrix (Human Resources, Utilization of resources and assets, Monetary considerations, Operations management, and Reputation management). You’ll learn more about the H.U.M.O.R. Matrix in Chapter 2; however, Table 1-1 gives you a brief overview of the matrix’s components.

Table 1-1 Definition of the H.U.M.O.R. Matrix