Have You Hugged Your InfoSec Team Today?

2009 October 5
by Allan Schoenberg

Do you know the name of the person who manages your information security (InfoSec)? If not, you may want to take some time to get to know them before building your case with legal to launch a social media initiative.

security.

One of the consistent questions asked of me in applying social media at CME Group is on the topic of getting legal support. I’ve addressed this in several speeches and continue to talk with people about building a case when asked. Recently, I have begun to point out that getting legal buy-in really starts with having a key ally on your side — in my case it was our information security team. Let me explain.

When it comes to any type of communication online – Twitter, Facebook, email, bit.ly — security risks exist. Take a look at this story from today’s InformationWeek at the latest news on security and social media. And after working in the information security industry a few years I was able to have a unique point of view on these threats when I met with InfoSec.

With the support of information security to pursue social media, I was able to bring a strong reference to the discussion with our legal and disclosure committee. In essence, I had laid out my argument with a team that resisted at first, but after meeting their criteria they became (and remain) supportive. In addition, I was able to build a stronger relationship with IT as we continue to look for ways to enhance our online presence.

Here’s how I addressed the challenge with information security as we became more proactive in social media in financial services back in 2007.

  • Talk the talk. As someone genuinely interested in technology, but not an engineer, I often like to say I speak geek. For me to be able to talk to our information security team in their jargon helped in the initial discussions. Before meeting with InfoSec you should have a firm grasp of the risks that exist and that you understand this issues of spam, torjan horses, viruses, etc.
  • Have a business case. Doing social media for the sake of social media is not a plan, and you will likely be at odds with the InfoSec team (among others). As you look to promote your brand they look to protect it. Come prepared and be ready for some tough questions about why you need the resources you’re requesting. This discussion can help you develop your case to other audiences.
  • List your resources. Don’t come to the meeting without a list of what you need, and don’t just show up to a meeting with a list of resources expecting a rubber stamp of approval. Since every application comes with a risk make sure you have at least two business reasons for choosing that technology and that you realize the potential risks from its use. You will also need to show how you will protect against any security miscues (e.g., only clicking on links from trusted sources).
  • Stay on top of the news. During the process of talking with InfoSec it was helpful to also send them news and information about risks that were occurring. The fact that I was able to identify the risks that were occurring and that I was trying to actively protect the exchange helped build confidence with the team.
  • Bring examples. Resistance to allow the use of certain technologies may be more difficult than others, so come prepared with real world examples of companies that use it. If they see that competitors in your industry or other blue chip companies are already deploying the technology you will help them see that it can be achieved.

The lessons learned here were two-fold.

First, play to your strengths. In this case it was my experience in information security. You should know where your strengths are — investor relations, sales & marketing, risk management -  in order to build an ally for your efforts.

Second, understand your internal network of influence. Having allies, while never a guarantee, helps to garner support. As we discussed social media with our legal team I was able to immediately eliminate one key obstacle — information security — while demonstrating that others supported the effort.

If you want to continue to pursue this topic another resource for you is the online Twitter discussion Behind the Firewall started by Arik Hanson (@ArikHanson) and Rick Mahn (@RickMahn). Simply search Twitter for #btf to follow the topics related to this blog post.

As always, good luck and share your thoughts/experiences below or on Twitter at #btf.

  • Share/Bookmark

from → Uncategorized

blog comments powered by Disqus

Bad Behavior has blocked 440 access attempts in the last 7 days.

Twitter links powered by Tweet This v1.6.1, a WordPress plugin for Twitter.