Abstract
When creating, storing, and maintaining sensitive records, such as government data or records that reflect citizen rights or represent their health data, those records need to be trustworthy and secure. Since organizations are creating huge digital records, security in recordkeeping grows in complexity, and the relationship between the cybersecurity and recordkeeping domains is also expanding. While integrity and appraisal of records have always been considered important for records, existing standards and security discussions are missing some essential perspectives. Thus, research is needed to understand cybersecurity factors (different cybersecurity standards, techniques, protocols, etc.) for recordkeeping and the potential consequences of ignoring factors. With this goal, we explore two core standards, International Organization for Standardization ISO 15489 and ISO 27001, and selected relevant recent literature. This study makes a case for a universal standard for these cross-domain aspects of recordkeeping and cybersecurity by considering the existing standards and identifying the missing cybersecurity factors in recordkeeping. It also discusses relevant challenges and future research directions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Attacks in record handling in service NSW. https://www.itnews.com.au/news/service-nsw-told-to-urgently-improve-data-handling-after-cyber-attack-559244
Compliance with the NSW cyber security policy (CSP). https://www.audit.nsw.gov.au/our-work/reports/compliance-with-the-nsw-cyber-security-policy
The application of technology-assisted review to born-digital records transfer, inquiries and beyond. Technical report, The National Archives UK (2016)
Allegrezza, S., et al.: Policies for recordkeeping and digital preservation. Recommendations for analysis and assessment services-code 04. Project report (2017)
Bak, G.: Trusted by whom? TDRs, standards culture and the nature of trust. Arch. Sci. 16(4), 373–402 (2016)
Bearman, D.: Office of the secretary: evaluation of email records management and cybersecurity requirements, ESP-16-03. Am. Arch. 80(2), 459–462 (2017)
Bralić, V., Stančić, H., Stengård, M.: A blockchain approach to digital archiving: digital signature certification chain preservation. Rec. Manag. J. 30(3), 345–362 (2020)
Bui, T., et al.: Archangel: tamper-proofing video archives using temporal content hashes on the blockchain. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (2019)
Duranti, L., Rogers, C.: Trust in records and data online. In: Integrity in Government through Records Management, pp. 227–238. Routledge (2016)
Frank, R.D.: Risk in trustworthy digital repository audit and certification. Arch. Sci. 22(1), 43–73 (2022)
Hofman, D., Lemieux, V.L., Joo, A., Batista, D.A.: The margin between the edge of the world and infinite possibility: blockchain, GDPR and information governance. Rec. Manag. J. 29, 240–257 (2019)
Huda, M.: Empowering professional and ethical balance in digital record management. Organ. Cybersecur. J. Pract. Process People 2(1), 60–73 (2021)
International Organization for Standardization (ISO): 15489 information and documentation - records management - Part 1: concepts and principles. Standard, ISO, Cenevre (2016)
ISO: 27001 information technology - security techniques - information security management systems - requirements. Standard, ISO, Cenevre (2013)
ISO: 27035 information technology - security techniques - information security incident management - Part 1: principles of incident management. Standard, ISO, Cenevre (2016)
ISO: 15801 document management - electronically stored information - recommendations for trustworthiness and reliability. Standard, ISO, Cenevre (2017)
ISO: 17068 information and documentation - trusted third party repository for digital records. Standard, ISO, Cenevre (2017)
ISO: 18829 document management - assessing ECM/EDRM implementations - trustworthiness. Standard, ISO, Cenevre (2017)
ISO: 27003 information technology - security techniques - information security management systems - guidance. Standard, ISO, Cenevre (2017)
ISO: 14641 electronic document management - design and operation of an information system for the preservation of electronic documents - specifications. Standard, ISO, Cenevre (2018)
ISO: 27005 information technology - security techniques - information security risk management. Standard, ISO, Cenevre (2018)
ISO: 27050-1 information technology - electronic discovery - Part 1: overview and concepts. Standard, ISO, Cenevre (2019)
ISO: 22428 managing records in cloud computing environments - Part 1: issues and concerns. Standard, ISO, Cenevre (2020)
ISO: 27002 information security, cybersecurity and privacy protection - information security controls. Standard, ISO, Cenevre (2022)
Jaigirdar, F.T., Rudolph, C., Bain, C.: Prov-IoT: a security-aware IoT provenance model. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1360–1367. IEEE (2020)
Larsen, D.: Integrity and keeping the nation’s records. Public Sector 42(2), 23–24 (2019)
Lemieux, V.L.: Trusting records: is blockchain technology the answer? Rec. Manag. J. (2016)
Moreau, L., et al.: The open provenance model core specification (v1.1). Future Gener. Comput. Syst. 27(6), 743–756 (2011)
Mosweu, O., Ngoepe, M.: Trustworthiness of digital records in government accounting system to support the audit process in Botswana. Rec. Manag. J. 31(1), 89–108 (2021)
Rolan, G.: Towards interoperable recordkeeping systems: a meta-model for recordkeeping metadata. Rec. Manag. J. 27(2), 125–148 (2017)
SAĞLIK, Ö.: Arşivlenen elektronik belgelerin güvenilirliğini tehdit eden riskler: Teknolojik koşullar açısından bir inceleme. Bilgi Ve Belge Araştırmaları (16), 29–47
Yeo, G.: Records, information and data: exploring the role of record-keeping in an information culture. Facet Publishing London (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Jaigirdar, F.T., Saglik, O., Rudolph, C., Evans, J. (2023). Are We Missing the Cybersecurity Factors in Recordkeeping?. In: Sserwanga, I., et al. Information for a Better World: Normality, Virtuality, Physicality, Inclusivity. iConference 2023. Lecture Notes in Computer Science, vol 13971. Springer, Cham. https://doi.org/10.1007/978-3-031-28035-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-28035-1_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28034-4
Online ISBN: 978-3-031-28035-1
eBook Packages: Computer ScienceComputer Science (R0)