Be conversant with current information technologies and best practices relating to records preservation and security.
As information and recordkeeping systems evolve, so do threats and attacks. Therefore, it is up to the records and information professional to be consistently current in their knowledge of available information technologies and best practices relating to the continued preservation and security of records. These threats and attacks can be internal, such as with accidental disposition, purposeful stealing of records and information for monetary gain, improper storage that leads to the deterioration of the record or loss of information, or these threats and attacks can be external, such as the destruction of records and information through an emergency or disaster event, the accidental or purposeful leaking of secure information to the public, and a user being privy to a level of access that should not be granted to them; of course, these are just some of the more common examples, but being conversant with current information technologies and best practices relating to records preservation and security means being aware of the potential security scenarios and being prepared to do what it takes to minimize risk.
The main thing to remember with information security is that the program implemented likely, factually will not be perfect and protect an organization from all threats and attacks in existence. However, it is the level of awareness of as many types of threats and attacks as possible, then the incorporation of that awareness into security policy that is the most effective way to minimize risk. As Merkow and Briethaupt say, “Given enough time, tools, skills, and inclination, a malicious person can break through any security measure” and that “security measures simply buy time. Of course, buying time is a powerful tool. Resisting attacks long enough provides the opportunity to catch the attacker in the act and to quickly recover from the incident” (2014). It is keeping the security measures updated and effective that would buy that precious time.
Just as well, maintaining information technologies is more than just updating the system at a constant pace, but it is also monitoring the effectiveness of the security system in place. There is a need to have a dependent system in place. On a methodological level, “Verification is the process of confirming that one or more predetermined requirements or specifications are met. Validation then determines the correctness or quality of the mechanisms used to meet the needs” (Merkow 2014, 24). It is also having built-in litheness to protect most, if not all of the information needed to be preserved and protected: “A flexible digital repository should allow us to store all types of digital objects along with the appropriate descriptive and administrative metadata” (Jantz 2006, 202). By having the capability to secure more records and information at once, you are able to focus more on keeping it organized to keep it better secured in the event of retrieval. This is why records preservation is a part of its security as well.
Evidence for submission
Electronic Information Security Discussion – Electronic Recordkeeping Systems and Issues in Electronic Recordkeeping (MARA 249)
For this discussion, which was posed in relation to the electronic recordkeeping security learning unit, the student had to define the relationship between “privacy”, “information and cyber security”, and “business continuity planning”. What the student (myself) replied was that considering the end goal of most threats and attacks was to disrupt business and gain access to information considered private to those who do not have access to it, and that when implementing business continuity planning, access should be granted to those that are working with the information, and the information should otherwise be protected.
Applying Assurance Theory to the Understanding of Information Technology – Information Assurance (MARA 284)
This presentation highlights the complementary qualities that information assurance and information technology both possess, which include the concepts of access control assurance, access control management, and information technology risk management. It argues for the capability of the Cloud to be secured despite the notion that storage could be stationary in one area but have mobility in access. It also argues “that IT risk has to line up with the goals that come from business risk, which is to balance the risks taken in an organization to obtain a better return and organization safety”.
Impacts of Information Governance on Mobile Devices – Information Governance (MARA 284)
This essay reflects on the concept of information governance, which incorporates the permanence of information security policy with the tools available to carry it out, as applied to the mobile device, which has the potential to be different than a system where the information is stored and accessed from a stationary device. The student draws on the notion that self-protection and responsibility are the framework for applying security to these mobile devices: “So the conclusive step-by-step of breaking down the impact of security threats and subsequent protections would be to make those ultimately responsible of protecting the information (the top management tier, be it of the organization or simply at the recordkeeping level) aware of the gravities of the consequences should the security of the information become compromised, and from there identify in as much detail the responsibilities at the staff levels for the individual user methods of protection. It is when these responsibilities are defined (much like with other devices) that the technological aspect of security can be utilized and a framework can be built.”
What was learned and how it will be applied
The above selections are meant to exemplify both the future of information security and its inevitable entanglement with information technology as well as knowing the basic frameworks that are behind the notion of records preservation and security. Even the simplest tasks such as not sharing my password or warehouse passcode with anyone except those who assist me in getting my password when I have forgotten it as well as keeping the records I am using organized enough for the sake of only using the records I need to use are indicative of information security. The most common mistakes in information security stem from not following internal procedure, but what will be applied in a position is to first understand the information security policies and whether they are doing enough to secure the information. There is a combination of personal responsibility and consistency from policy to application (particularly in the policies for records preservation and information technology). If everything is consistent and documented as such, then information will be kept more secure before external threats would be considered (which they should and would be).
Jantz, R., & Giarlo, M. (2006). Digital Archiving and Preservation: Technologies and Processes for a Trusted Repository. Journal of Archival Organization, 4(1/2), 193-213. doi:10.1300/J201v04n01-10
Merkow, M. S., & Breithaupt, J. (2014). Information security: Principles and practices. Pearson Education.