Abstract

Security does not sound a very exciting topic for this book, which is showing you new and challenging ways to view your business and how you conduct it. Security means many different things in different contexts. Most of the time, what it is about is protection of people or objects. In our context, security is about protection of information. Two questions arise from the notion of protection of information: 1)Why is protection necessary? and 2)What are we protecting it from? The first question concerns the fact that information has value. If it did not, there would be little point in keeping it. That value is not always value in a strictly financial sense, although the cost of recovering or recreating information may be a significant issue. Archivists have traditionally defined four main types of record value, namely: administrative/informational, legal/evidential, compliance/regulatory and historical. Security is about protecting these as much as anything else. Additionally, a great deal of information is about people, and in many cultures and circumstances people have a right to expect that at least some of the information about them is treated as confidential. Confidentiality implies protection. The second question concerns the fact that there are threats to information, an aspect that we will return to at intervals in this chapter. If one is to protect something, one has to identify what the threats are, so as to take appropriate steps to mitigate them. This chapter is essentially about what the threats are and the steps that can be taken in relation to them. If you have been an archivist or records manager for some time, you will probably have a fairly shrewd idea as to how to deal with many of these issues in a world of physical manifestations of information (books, manuscripts, ledgers, minute books, maps, plans and such like). You may be rather less clear how to deal with these matters in a world of digital manifestations (bits, bytes, computer files, databases and networks). One of the tasks of this chapter is to make the connections between the two worlds, so that you can use and build upon what you already know as the balance of your work moves from physical towards digital, as it probably will.