In a 2014 study of CEOs and CMOs, IBM found 63% wanted social strategies which generate business metrics while only 20% of businesses worldwide actually have them. This means strategies which not only grow your company’s social footprint but link to your sales and marketing systems. With this critical linkage, your social and mobile strategies will provide you with the ability to engage consumers at a 1-to-1 level and measure your social investments in terms of costs, revenues, profits and ROI. In this fifth MOOC of the Social Marketing Specialization - "The Business of Social" - you will learn how to transform your organization's social marketing from an untracked investment to an integral part of your company’s marketing strategy. You will learn the legal considerations involved as well as proven performance metrics and management tactics for success. Additional MOOC 5 faculty include: * Rich Gordon (Professor & Director of Digital Innovation, Medill, Northwestern) * Tom Collinger (Executive Director Spiegel Research Center and Senior Director Distance Learning, Medill Integrated Marketing Communications, Northwestern) * Seth Redmore (CMO, Lexalytics, Inc.) * Jeff Davidoff (CMO, Donuts.Domains) * Matt Krull (Business Unit Executive, IBM Security) * Frank Mulhern (Associate Dean, Department Chair, and Professor, Integrated Marketing Communications, Northwestern)
Security, Privacy, and Governance Pt. 2
Loading...
来自 西北大学 的课程
The Business of Social
413 评分
从本节课中
Legal Considerations
In this module, you will learn the appropriate security, privacy, and governance considerations to apply to your social marketing strategy.
与讲师见面
Randy HlavacLecturer, Medill IMC; CEO, Marketing Synergy Inc
[MUSIC]
Privacy is important, but so is data security and information Governance.
We are joined by Matt Krull of IBM.
Welcome Matt.
>> Thank you.
>> Tell me a little bit about what you do at IBM.
>> I work in IBM Security Business Unit.
I'm a business unit executive.
Covering North America for our identity and access sales teams.
I've been with IBM security since 2001, so I've kind of seen the industry grow up and
mature and be in this spot where we are right now with almost every day,
you read in the Wall Street Journal that something bad has happened.
In relevance to data security.
>> How do you kinda frame up the whole subject of data security?
>> IBm has released a CISO study, that's Chief Information Security Officer study.
We publish one annually.
And there's some interesting results of that.
61% of CEOs, 61% of the people That we're dealing with running companies.
Their biggest threat to their brand is data security.
50% of these executives do not understand, or
don't know the risk mitigation strategy.
IE, what happens if something goes bad, or are they properly covered?
And 30% of even admitted.
That they don't have a strategy at all.
>> Are there different ways that CEOs or
CIOs are approaching the whole subject of data security?
>> Well sure, there's kind of a maturity model.
This same CISO study that we did in 2012 highlighted there
are really three categories of security departments.
There are the reactors, there are the protectors, and
then there are the influencers.
The reactors are the ones where an event happens, we have to go buy a product,
plug it in and we're secure.
>> So they're doing it after the event happens.
They're reacting to it and then trying to fix the, plug the hole in the dam.
>> Right, and then they end up with a multitude of products.
We have one company with 85 security products from 45 different vendors.
The next group are the protectors.
And they may have a plan that they're kind of bunkered down in their shell,
maybe in the basement of their building, and they're saying, we're secure.
However, you get back to the CEO or the board and
the board is not aware of that strategy.
That's a big problem because I will talk about in a little bit.
The board and your CEO really needs to be aware of the strategy and
be a part of the strategy.
>> Okay >> And then the last category of
course is the influencers.Those are security professionals who are interacting
>> At a CEO or a board level and
they're being open and honest of where we stand with security,
where we have flaws with security, and
this is a much better approach than trying to either bunker up or
trying to either just react to the latest and greatest threat.
>> That's really a nice way to frame it up.
The key, though, it sounds like I gotta have a plan to really do data
governance right.
How does that work?
>> Well, first of all, you have to understand that if you're not an expert
in data security, you can't be the creator of that plan.
You have to know, I teach a lot to our IBM Technical teams or IBM sales teams or
IBM customer teams, you have a plethora of people that are available to you.
And by bringing someone who knows data security on your team,
you're actually making yourself much smarter.
So the first thing I would do is to fully understand where
you are as an individual or a company as it relates to data security.
And don't be afraid to go out and
get help from outside professionals to help you build the security strategy.
>> So what you're saying is that I really don't know where the limits are,
I need to get an expert.
For it to do that.
Can you give me a good example of a company that might have stumbled
into a problem because they really didn't realize the extent of data security?
>> I have a great example.
About a year ago, one of our technical reps,
he was sitting in just watching a football game on a Sunday night.
I think it was January, it was an NFL playoff game or something.
And he got a phone call from one of his customers.
A good friend they've worked together for a long time.
Then he said can you be here tomorrow?
Well it was noted in the Wall Street Journal that another retailer was
breached and a couple of other retailers they thought were breached.
And this retailer was afraid
that they were releasing credit card numbers out to the public.
So while we couldn't get there on Sunday we were there on Monday and
over the course of three days we worked diligently to determine that
this retailer was not releasing credit card information to the public.
My technical rep came back and said, this was a great experience.
I've never sat in a room working with a team and,
on an hourly call, updating the CEO.
Cuz that CEO was nervous that he'd have to go to the Wall Street Journal and
give a statement about credit cards being released.
That's not the way you wanna do it.
You don't wanna call a vendor really be at
the goodwill of that vendor to show up as quickly as possible and
out of goodwill prove that you're clean.
You want to have a contract with an emergency services security firm,
that you can call up on a Saturday night and
they have people stationed to get in right away to help you.
That's part of planning.
>> Information governance in more than just technology and software.
It's also people and how you're interacting with the data.
Is that correct?
>> That's correct yes.
You could put all of the technology in place that you want.
But your least common denominator actually are either your customers or
your employees.
We have a great story of a chief security officer.
It goes through the anatomy of a breach.
You know, alarms start sounding, and
everybody's panicked and somebody's getting mad.
And the story goes, then we cut to a different scene where
this chief security officer was getting coffee that morning,and the coffee ask for
his email address as part of the loyalty chain.
And of course, while he's sitting there sipping his cup of coffee on his corporate
owned phone, he went to the loyalty chain's site.
>> Mm-hm.
>> Because they sent him an email.
>> Okay. >> Well, guess what?
As the story goes, the coffee house was in cahoots with some bad guys.
>> Mm-hm.
And they just happened to find the right fish in their fishing scheme.
They were able, by going to the website, put malware on that phone, and
when he walked back into the office, he was able to provide the little niche.
The hackers needed to get in, and cause a data security breach.
But that's just a case of you have to train your employees to be smart.
>> Right. >> You have to train your kids
to be smart.
You have to train your parents to be smart.
If you get an email and
says click here, don't click there unless it's a trusted source.
>> Right. If you don't know where it's from,
don't hit the button and start something that could be really bad.
>> But it's also having the controls in place, in case you hit that button
your systems know that you're hitting the button and going to a bad site.
And hopefully preventing that bad site.
Many people have made this mistake.
We correlate that data, we put it into our systems and
then hopefully prevent the next person or company from making that same mistake.
>> Matt this is great information, but
if there is one piece of advice you'd give to our participants what would that be?
The best advice I can give you is to have a plan for your data security governance.
Know what your depth and breadth is.
Know what tools you're using.
Know what your emergency services provider is.
But also, not if, but when you're attacked, have a plan in place.
Have a chain of command in place, and know the one person that you need to go to,
to lead you through that time of crisis.
That one person in an instant becomes the most important person
in your company right then and there.
>> That's great advice.
Also I wanna thank you for putting the videos,
as well as the CISO study into the toolkit so
our participants can learn more about data security and information governance.
Thank you, Matt.
>> Thank you.
[MUSIC]
