By Mike Meikle, CEO at Hawkthorne Group
12 Jan 2010 - In my last post, I referenced the relatively new (Sept 09) federal guidelines for Social Media security by the federal government. I went ahead and put the guidelines in the online storage widget for anyone to access. I'm going to discuss my own findings and try to make sense of all the bureaucrat/corporate speak in the document.
Let's start from the top shall we?
The document's executive summary rightly categorizes the decision to move to social media as a risk-based decision. The technology behind it all is really no where near as important. As was discussed in the previous post the "why" is far more important than the "how".
The Feds are a huge target for every known and unknown type of malcontent so they include a quite extensive section on risk mitigation, which we'll get into later. It is also nice to see that the folks who crafted the document push the fact that the move to implement social media in an organization must be a business decision.
So, a real business case must be crafted as to why the move into social media is necessary. Of course IT cannot take the default "no" position on social media.This is ingrained in our psyche due to the endless crappy MS Access applications we had to support back in the day.
These were usually written by a guy who moved to Botswana and the entire department's budget depended upon (eye twitch). Once you jump out of the Executive Summary, it's the usual government hodgepodge of cross-referenced mandates as to why the document came into existence.
In the next post I'm going to provide links to each supporting document with a small blurb about each. I'll also toss them into the storage widget for ease of download.
Part II
I promised in my last post to walk you through the various supporting documents that are tied to the Feds' Social Media Guidelines. Also, I will act as translator for all the corporate/government speak. This way lies madness, abandon all hope ye who enter, etc.
One of the linchpins of the document is the President's Memorandum on Transparency and Open Government to the various government agency heads. Basically, it boils down to government needs to be transparent, participatory and collaborative to the public. Now the day this actually happens, I'll eat my hat.
But, this has been the general statement of government leadership since the 90's, at least in Virginia. Some may claim this goes all the way back to the Enlightenment, which actually makes sense if one is familiar with the speed of government initiatives.
Be that as it may, these types of documents normally light a fire under executive management and much running around in circles begins. So next up we have the Federal CIO Vivek Kundra sending out his own memorandum on the subject.
Basically he says the same thing as the president with a nod about security concerns and "Web 2.0″ tossed in for flavor. At the NASCIO event for state CIOs, he lays out a very high-level framework for implementing the current administrations aspirations.
Here he also gives a nod to security concerns. What is interesting about the write up on the event was an anonymous CIO giving a mild raspberry to Mr. Kundra's plan; interesting stuff for a puff-piece.
A lot can be inferred from that one-liner, but I'm sure those experienced in the ways of government already know what I'd say. We move from pronouncements made on-high to the bare-knuckle street fighting of agency politics.
The document rightly states that engaging in Web 2.0 is a risk-based decision, driven by key stakeholders in the organization. For the Feds that means lawyers, PR flacks, various annoyed IT types, the CIO, CISO, Privacy and the owner of the initiative.
So, I was anticipating some more detail on the actual implementation process within an agency, but it only rates a brief paragraph. We can see that above I suppose, basically, standard PMI methodology for the social media project itself. No case studies of successful implementations are presented or referred.
Methodologies or technologies go unmentioned. I get the feeling if you are a CIO at an agency and are considering a social media project, you might be the first one out the chute. Later in the document it discusses security and risk management controls. These we will discuss at a later date.
I'll be back for Part III where we look at how the Feds define security threats.
