information security and records management: are they a good marriage? (265898021)

8/9/2019 Information Security and Records Management: Are They a Good Marriage? (265898021)

http://slidepdf.com/reader/full/information-security-and-records-management-are-they-a-good-marriage-265898021 1/27

Information Security and Records ManagemeAre they a good marriage?

EDUCAUSE SPC May 20!



Theresa SemmensNDSU CISO

Kathy KimballUniversity of Virginia CISO

Caroline WaltersUniversity of Virginia University RecordsOcer



Records Management

Information Security

!istorically" in order to s#cceed in the role of CISO" strongs$ills have been re%#ired& ' c#rrent trend is to meldmanagerial(b#siness)oriented roles" s#ch as records man

#nder the CISO& Trends that blend more than one f#nctionrecords management and information sec#rity are *rovo$among sec#rity *rofessionals +ho are concerned that infosec#rity is no longer a *rimary foc#s& The University of ViNDSU have combined these roles #nder the Information SOce& This interactive *resentation +ill *rovide t+o di,einstit#tional *ers*ectives on ho+ it +or$s and ho+ it can



-oll %#estions coming soon.

•

/or Smart *hones• '#dience can res*ond by

te0ting S-C1234R5 to67827 to 9oin the session

• /or la*to*s and tablets

• To 9oin the session

'#dience can res*-oll:v&com(s*c123

https://www.polleverywhere.com/profile/edit

https://www.polleverywhere.com/profile/coverage_area

https://pollev.com/spc2015rm






-oll ;#estion

•

Records 5anagement can cohabitate *eacef#lly Information Sec#rity

'& <es

=& No

C& 5aybe

D& No Cl#e

-oll:v&com(s*c1234rm or te0t S-C1234R5 to 67827









What is records management>

•

ISO 34?@A)3 deBnes records management as thof management res*onsible for the ecient andsystematic control of the creation" recei*t"maintenance" #se and dis*osition of records" incthe *rocesses for ca*t#ring and maintaining evidand information abo#t b#siness activities andtransactions in the form of records



What is a record>

•

ISO 34?@A deBnes record deBnition as informacreated" received" and maintained as evidence ainformation by an organiation or *erson" in *#rof legal obligations or in the transaction of b#sin

• Sim*le deBnitionE records are Fall boo$s" *a*ers"

*hotogra*hs" machine readable materials" or othdoc#mentary materials" regardless of *hysical focharacteristics" made or received by a #niversity



What is information sec#rity>

• The *rocesses and methodologies +hare designed and im*lemented to *ro*rint" electronic" or any other form ofconBdential" *rivate and sensitiveinformation

or data from #na#thoriedaccess" #se" mis#se" disclos#re"destr#ction" modiBcation" or disr#*tio

• G htt*E((+++&sans&org(information)sec#



University of Virginia

•

!istory• -osition descri*tion and res*onsibilities

• Re*orting Str#ct#re

• S$ills" ed#cation" certiBcation and talents for• CISO

• University Records Ocer



University of Virginia

•

Information Sec#rity became concern in 3AAA H3• =y 122@ had gro+n to 8 /T: and incl#ded IT *oli

• 122@ Records 5anagement -rocess Sim*liBcatio-ro9ect

• 5oved Records 5anagement from Jibrary to Informat

Sec#rity• Records Ocer *osition created

• /#nded the *rogram

• 122A 'dditional /T: hired in Records 5anageme

• 1234 'dditional /T: hired in Records 5anageme



Why Is Records 5anagement UnSec#rity>•

-rocess Sim*liBcation -ro9ect felt the follo+ing c+ere critical in determining in +hich #nit Record5anagement sho#ld resideE

• =readth of Unit /#nction H=oth 'dministrative and 'c

• Com*atibility of Records 5anagement +ith the #nit m

•

C#stomer service orientation• Reg#latory and Com*liance role

• Reso#rces for both technical and administrative s#**Records 5anagement



Why Sec#rity HContin#ed

•

Records 5anagement co#ld *otentially o#rish in#mber of areasE• Jibrary =ased on the criteria" -ro9ect Team felt there

ins#cient reg#latory and com*liance res*onsibility in the missionL mission some+hat at odds +ith datadestr#ction em*hasis& Recommended library remain

res*onsible for 'rchival f#nctions• /inancial 'dministration(=#siness O*erations Strong

com*liance f#nction" c#stomer foc#s& /elt reven#e geem*hasis might be at odds +here Records 5anagemconcerned& ' good candidate if less need for electrontechnical e0*ertise and g#idance is deemed a**ro*ri

• CIO(Sec#rit Re #lator and Com liance(-olic role



Records 5anagement Iss#es at



UV' CISO

•

Develo*s" im*lements" enhances and oversees informsec#rity and *rivacy *olicies and sec#rity of the Univediverse and decentralied com*#ting environment

• Incl#des overall res*onsibility for assessing" monitoring" anim*roving the sec#rity of the University of VirginiaMs com*#systems" net+or$s" and data

•

Wor$s in *artnershi* +ith #nits and individ#als across#niversity to form#late *olicies and to assess sec#rity

• Investigates and coordinates res*onse to sec#rity inci

• -rovides o*erational management of the Information -olicy" and Records Oce



UV' Records Ocer

•

/ormally a**ointed as Records Ocer to JibraryVirginia *er Virginia -#blic Records 'ct" res*onsiincl#deE

• Com*liance +ith the Virginia -#blic Records 'ct follretention sched#les" com*leting CertiBcates of RecorDestr#ction

• -rovide training and g#idance to sta,(fac#lty on *olic*roced#res for *ro*er Records 5anagement

• IdentiBcation of archival records and ens#re transfer archival(historical records to *ro*er archival re*ositor

• Coordinate +ith Jibrary of Virginia on the revision or c

of records series for the Common+ealth or individ#al



IS-RO Org Chart



North Da$ota State University

•

!istory• -osition descri*tion and res*onsibilities

• Re*orting Str#ct#re

• S$ills" ed#cation" certiBcation and talents for• CISO(Director" Records 5anagement

• Re*orts to the Vice -resident for Information Tec



NDSU CISO -osition Descri*tion

•

-rovide leadershi*" g#idance and advocacy for and rela• sec#rity *olicies" *roced#res" and im*lementation&

• IT sec#rity strategic *lanning" *olicies" and *roced#res&

• Develo* and im*lement an ongoing enter*rise)+ide IT sec#rity *lan" +hich +ill incl#de assessment and eval#

• -rovide management" oversight and direction for recor

management& • 5anage" oversee" and *rovide g#idance and direction r

f#nctions of information technology asset managemenactivities incl#ding revie+ing and a**roving soft+are services&



-rovide management" oversightdirection for records manageme• Serve as a leader that facilitates" shares and coordinates information +ith all +ho

+ith records management" i&e&" cam*#s leaders" cam*#s #nit record coordinatorsSystems records management" and the North Da$ota Information Technology Div5anagement *ersonnel&

• 5aintain" revise" #*date" and *#blish as needed *olicies and *roced#res for comand a**ro*riate handling of #niversity records&

• Coordinate retention" *reservation and destr#ction *rocesses and *roced#res forrecords in accordance +ith University *olicies" state and federal la+s&

•

'ssist eneral Co#nsel +ith coordinating e,orts to com*ly and res*ond to any isJitigation !old Notices" *#blic records re%#ests and data breach incidents and inv

• Coordinate ongoing training and ed#cation needs for #nit record coordinators&

• Investigate and re*ort any *otential non)com*liance to the a,ected de*artmentMor vice *resident" the V- of IT and eneral Co#nsel&

• 5anage and s#*ervise records management *rofessional and st#dent sta,



Records 5anagement Iss#es atNDSU

/ormal *roced#re in *lace not managed(enforced dirfrom state government HITD oversight

Res*onsibilities non)e0istent

eneral lac$ of #nderstanding and $no+ledge

/looding(b#ilding colla*se(other

The Jog Cabin Room

/ine 'rts

-ersonnel records in de*artments

Records stored in rented storage loc$ers(garages



-oll ;#estion

• Do yo# have a records management *rogram that incl#des *olicies*roced#res im*lemented and active>

'& <es

=& No

C& !ave *olicies and *roced#res " b#t they are not enforced and *r










-oll ;#estion

Records management is sit#ated #nder>'& Information technology

=& =#siness and Bnance

C& Jegal and(or com*liance

D& Jibrary

:& Other










-oll ;#estion

•

't yo#r instit#tion" records management incl#deareas and *eo*le

'& Only b#siness

=& =#siness and ed#cation

C& 'll em*loyees +ith the e0ce*tion of fac#lty are re%#com*ly

D& :veryone and all de*artment










Records 5anagement Reso#rce

•

'R5' International htt*E((arma&org(• enerally 'cce*ted Record Kee*ing -rinci*alsE htt*E((

+++&arma&org(r1(generally)acce*ted)br)record$ee*ines

• 'II5 ) htt*E((+++&aiim&org(

•

5:R 5anaging :lectronic Records ConferenceEhtt*E((+++&merconference&com(• 5ay 3@)12" 1234 ) Chicago

Information Sec#rity and Reco

http://arma.org/

http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles



http://www.aiim.org/

http://www.merconference.com/








http://arma.org/

http://arma.org/



Than$

o#

"uestions?

• Theresa Semmens Theresa&SemmensPnds#&ed#

• Kathy Kimball

$r$8*Pvirginia&ed#

• Caroline Walters

c+@dePvirginia&ed#

Information Sec#rity and Reco5anagementE

're they a good marriage>

information security and records management: are they a good marriage? (265898021)

Documents