Posted by: David Scott
acceptable use, business exposure, business liability, content, content control, content liability, content management, content management system, data access, data breach, data control, data exposure, data management, data recovery, data security, data theft, information dump, information leak, information theft, project control, project management, WikiLeaks
I feel compelled to continue the discussion of content and its management in view of the WikiLeaks dump. A real concern of mine – and this is totally from a business-IT management/content point-of-view, it is not meant as a political statement – is a high-profile government spokesman’s comments today in a very high-profile news venue. He stated that the United States did not have to fear a guy who plunked down $35 for a web presence, with a laptop. You can Google to identify the spokesman and his exact comments if you wish – for our discussion here, it is merely a springboard… a recognition of a lagging appreciation for the accelerating environment and any content’s vulnerability within.
On the contrary, a web presence (actually, mere internet connectivity) a laptop, and a modicum of ability, are all that it takes today to create real damage. At some point, absent imaginative protections, someone is going to take an entire power plant offline – or worse – with a laptop and internet connectivity. As stated in I.T. WARS: Greater power is coming to smaller and smaller groups; even to the individual. As the size of any group is reduced – with attendant increase of power – counter-protections, debated actions, and measures of control diminish, and potentials for harm increase.
A BTW tenet: In the realm of risk, unmanaged possibilities become probabilities.
As to content and control, I believe that small and medium business must have well-articulated and documented content management (CM) policies in place, with defined measures of protection. Large business will be amending and constantly evolving their policies. In fact, a triumvirate of policies should serve the organization, all organizations, well:
Content Management – Acceptable Use – Security
Let’s save the overall Security Policy ‘till later – it’s an overarching umbrella that includes physical assets as well. All of these policies and plans can refer to one another, particularly to specific reinforcing parts. For now, let’s briefly discuss Content Management vs. Acceptable Use: Sooner or later, every organization is going to have some measure of policy for content’s management, and that measure will likely increase as time goes by. It is important to note here what a CM policy is, and what it is not – or at least in my view, what it should be, and should not be.
It is for leveraging content, exposing and reducing specific liabilities, and for taking action on content in an administrative sense: enabling access, use and leverage; reporting on; archiving; and destroying. It is not the central policy regarding definitions and expectations of appropriate use, and regarding actions taken in circumstances of willful abuse of content. Content management measures certainly do help to identify and expose abuse (as well as limit it); however, the definitions of acceptable use, abuse, and measures regarding them, will be contained in the organization’s Acceptable Use Policy.
Jumping ahead slightly, this Acceptable Use Policy details appropriate use of all business resources, tools, and assets – including information (content). Your CM policy can point to the Acceptable Use Policy (or contain extracts from it) regarding things such as the improper access, accumulation, dissemination, removal, and destruction of information. But again, content management helps us to identify and leverage content toward a positive purpose; helps to limit liability and exposure; and to take administrative action on content.
In the next days, we’ll continue the discussion, and articulate the “mechanical” components of a CM system, in order to set policy.
NP: Spencer Davis Group, Gimme Some Lovin’ (LP), original vinyl, Odeon.