Disinformation Risk Management Framework
Contextual Needs and Requirements
The crucial first step is to establish the parameters through which disinformation can impact an organization. In other words, we start with the “how”, the “where” and the “who”.
The uOttawa IIL’s uses a well-defined approach to establish a measurable organizational context by applying international best practices in standards, regulations, legislation, and contractual information. Organizational processes (such as Quality, Environment, IT Services, Business Continuity, Information Security, Information Privacy, and Occupational Health and Safety) are analyzed to scope out the exercise, thus forming the “information boundaries” of the client organization.
The uOttawa IIL follows:
- Internationally-recognized standards - ISO 9001, 14001, 20000, 22301, 27001, 35000, 45001, and others;
- Internationally-recognized regulations - Canadian federal legislation (Privacy Act, PIPEDA), provincial laws (Quebec’s Bill 64, etc.), as well as international regulations (GDPR, CCPA).
Relevant and Applicable Data Dictionary
The uOttawa IIL leverages the client organization’s “information boundaries” to develop a relevant and applicable data dictionary for data elements being used within these boundaries. This data dictionary is built specifically for each organization and represents a consolidated and unified common meaning of data, words, and language characteristics.
Applying the Disinformation Risk Management Framework
Disinformation risk management is a language that all parties within the organization must understand and agree on for effective outcomes. To this end, the uOttawa IIL uses the results and outputs from the assessment of contextual needs requirements and the data dictionary to establish the meta data elements and data structure. This is first analyzed by leveraging Qualitative Data Analysis (QDA) and Structured Risk Analysis. Then, using QDA in combination with machine learning, AI technology, and sentiment analysis, uOttawa IIL analysts can visually identify patterns within the unstructured data of risk statements and mitigation strategies. Applying a structured risk analysis method to the meta data, our analysts can use proven data analytics methods (Benford’s Law and others) to identify anomalies and trends related to disinformation risks. The outcome is a better understanding of areas within the organization that are being affected by disinformation.
Finally, as a way to further codify and verify the possible high-risk areas, the uOttawa IIL implements a Misinformation Susceptibility Test (MIST). The result of this analysis is an objective and evidence-based disinformation risk map that can be used to identify high-risk areas, departments, projects, customers, and markets, thus bettering an organization’s risk-based decisions.
To discuss the applicability of the Disinformation Risk Management Framework to your organization, please contact the University of Ottawa’s Professional Development Institute at [email protected]. Our team will be pleased to provide more information and answer any questions you may have.