The H.U.M.O.R. Matrix

What framework should a corporation use to secure social media? Organizations first need a methodology to analyze the security environment. The content within the methodology should address the organization’s overall security strategy, including departments such as Information Technology, Human Resources, Marketing, and Legal. To outline the key components of our framework for the implementation of a complete strategy, we’ve developed the H.U.M.O.R Matrix, which we introduced briefly in Chapter 1.

We utilize this framework throughout the rest of the book to provide a structured approach to developing and implementing a secure social media strategy. Each section of the H.U.M.O.R. Matrix outlines all the requirements, tactics, policies, and implementation processes necessary to move your organization to a new secure process over time, no matter which social media applications are currently in vogue.

The goal of this book is to allow you to implement practical and secure strategies that last for years. Table 2-1 illustrates a way to gather metrics on social media activities. In the left-hand column, we list the areas of control. We use the three right columns to track activity and progress in implementing secure strategies. Throughout the book, we’ll also reference a fictional company, JAG Consumer Electronics, to illustrate how your company can implement these strategies. JAG, a manufacturer of a variety of custom electronics, operates in several countries. They have their own Research and Development team. The Marketing department manages social media; however, like many companies, JAG hasn’t really developed a robust marketing plan for using all social media outlets appropriately. There is no dedicated position for managing social media; for the most part, the Marketing team shares the responsibility. They do not, however, work hand in hand with IT and Human Resources whenever launching new campaign or social media initiatives.

Table 2-1 Matrix for Measuring H.U.M.O.R. Metrics

To start out, JAG evaluated how they generally felt social media was managed in the organization across the five areas of the H.U.M.O.R. Matrix. Through this assessment, JAG discovered that Human Resources was not providing enough training and policies for using social media. The IT team was not integrated with Marketing in utilizing all the different social media tools necessary. There was neither a specific budget for securing social media, nor operational guidelines for IT, Marketing, HR, and Legal to consult for daily operations. The company also lacked robust tools to track the results of social media outlets. JAG completed their self-assessment, indicating their current ratings and where they would like to be in the H.U.M.O.R Matrix over the coming year. By following our framework, JAG can achieve this desired security posture within 12 months. The rest of this chapter defines each section of the matrix.

In the JAG matrix in Table 2-1, we see JAG thinks all five areas currently rate “Poor.” Once you have read this book, you can conduct an assessment of your “Current State” and determine what your numbers are today. Normal security practices would define “Poor” as a weak implementation of security practices, or no implementation, lack of standards, and inconsistent management. “Average” security practices are defined as basic practices being in place, meeting the average standards of what is implemented in your industry, but with room for improvement. “Best Practices” usually mean very strict controls, detailed policies and procedures, best of breed implementations, and consistent practices that are kept up to date over time.