Information Systems Security
Managing the security of records and information becomes more complex in new environments, such as Distributed Working environments.
Records may exist in either paper or digital form within ‘hybrid’ – both paper and digital – records systems, and when your paper-based business processes transform to digital processes, they will look and feel different on new, unfamiliar digital platforms.
When working in complex or unfamiliar information systems there are three simple Information Systems Security principles to improve the security of records, documents, and information: the principles of Confidentiality, Integrity, and Availability.
The principle of Confidentiality supports the need to only provide records and information to those who are legitimately authorised to have access to it.
Managing Confidentiality in complex or hybrid systems will involve both physical and digital security control measures including:
- physical access controls,
- security awareness training, and
- encryption and multi-factor authentication.
The principle of Integrity means that records, documents, and information should be complete, accurate and reliable. We must know that we can rely on our information in new environments, and steps toward Integrity begin with knowing whether the information exists in more than one format and by preventing unauthorised changes to be made.
Managing Integrity for hybrid systems is multi-layered but involves a central idea – that of managing all records, documents and information with a common system, regardless of format. Common management systems in turn involve the use of collective controls for all records regardless of form or location, including:
- Classification Tools, and
- Disposal Authorities.
This means that regardless of the location, or format, of records and documents at your organisation, a single system of management should be applied.
The principle of Availability involves timely access to information without interruption of service. Systems delivering availability of information in hybrid, complex, and distributed information environments should also be sufficient for the level of information required. Availability is not simply a matter of technology but is supported by well-managed records and information environments.
Effective management can be as straightforward as appropriate access for authorised people, knowing where your records are and which records exist in more than one format, and a common system of control mechanisms and storage – leading to timely, secure, and reliable information.