Risk Management

Book Review: Social Media Risk and Governance

Reviewed by Thomas Rzemyk

01 November 2016

Print Issue: November 2016

Kogan Page; koganpage.com; 232 pages; $37.95.

Phil Mennie is an international expert on social media, risk management, and information technology governance. His latest publication, Social Media Risk and Governance, is a must-read for the intermediate to advanced risk management security practitioner. It is a captivating book depicting the importance of identifying social media and information technology risks in an organization, outlining ways to address each of these risks immediately and to the benefit of an organization.

Governing the safety of social media inside and outside of the workplace is a challenging task. Mennie articulates a clear and concise social media strategy that can be adopted by risk management professionals both domestically and internationally, with specific protocols and tools. He uses example from real-world companies—like MasterCard—to support his points. Diagrams, matrixes, case studies, images, graphs, flowcharts, procedure assessment methods, and other forms of multimedia further support the text.

One shortcoming in the book is its lack of information on cloud computing. Many organizations are migrating to cloud-based storage options, such as OneDrive, Dropbox, and Google Drive. Research indicates that organizations should be very cautious about storing sensitive data in the cloud. The author reflects on the importance of data privacy, but does not expand on specific steps for properly uploading and transferring data to the cloud safely.

Also in the text, the author notes that certain legislation is being considered by several states and jurisdictions. However, the description is vague and does not contain specific pieces of legislation for reference.

The book urges technology professionals, compliance regulators, and risk management leaders to ask difficult questions: Is our organization embracing the power of social media? Are we keeping both internal and external stakeholders safe? What governance protocols do we have in place? How are we measuring the success of our protocols?

In sum, this book will benefit security professionals, social media experts, search engine optimization professionals, and risk managers. It is a true asset to the security management and information technology sector.

Reviewer: Thomas Rzemyk, Ed.D., is a professor of criminal justice at Columbia Southern University and director of technology and cybersecurity instructor at Mount Michael Benedictine School. He is a criminology discipline reviewer in the Fulbright Scholar Program, and he is a member of ASIS.