Addressing security concerns: the expanding role of information governance.

• Author: Altepeter, Andrew
• Position: Safeguarding Critical E-Documents: Implementing a Program for Securing Confidential Information Assets - Book review

Safeguarding Critical E-Documents: Implementing a Program for Securing Confidential Information Assets

Author: Robert F. Smallwood

Publisher: John Wiley & Sons

Publication Date: 2012

Length: 263 pages

Price: $75

ISBN-13: 978-1-118-15908-8

Source: www.arma.org/bookstore

Over the past decade, cyber security has become a major concern in the public consciousness. From WikiLeaks, to state-sponsored attempts to steal valuable intellectual property, to highly publicized retail companies' credit card breaches, information professionals face a constant barrage of threats to their organizations' information.

These threats erode an organization's ability to prosper and threaten American competitiveness as a whole. While traditionally, information professionals have focused on helping the organization meet legal, regulatory, and business requirements, the equally pressing concern of securing information assets provides them new opportunities.

Protecting these assets are not only the responsibilities of the firewall administrators, network architects, and others who sit in IT. In his book Safeguarding Critical E-Documents: Implementing a Program for Securing Confidential Information Assets, Robert F. Smallwood argues an important piece of this strategy must be information governance.

While acknowledging that there are several competing definitions of information governance, Smallwood characterizes it as an interdisciplinary subset of corporate governance: the melding of records management, IT governance, e-discovery, business continuity, disaster recovery, information security, and privacy. Its ultimate aims are to manage and control the output of IT through policies and tools that control access to and use of information.

Although Smallwood is not the first to use this definition of information governance, it is a relatively new approach that greatly expands the scope of what until quite recently has been a field primarily rooted in the disciplines of records management and e-discovery.

Smallwood's book is divided into five parts. He first outlines the major security problems and risks organizations face and introduces basic information governance principles. In Part II he describes the risks and countermeasures that can be taken for specific platforms, such as unstructured content, e-mail, instant messaging, social media, mobile devices, and cloud computing. Part III is devoted solely to e-records management issues, specifically defining and...