Information governance: Information security and access within a UK context

Records Management Journal

Volumn 20, Issue 2, 2010, Pages 182-198

  Lomas, Elizabeth ^a  

^a NORTHUMBRIA UNIVERSITY   (United Kingdom)

Author keywords

Data security; Information management; Quality standards; Records management; Risk management; United Kingdom

Indexed keywords

EID: 77954859177     PISSN: 09565698     EISSN: None     Source Type: Journal    
DOI: 10.1108/09565691011064322     Document Type: Review

References (38)

1. ARMA (2009), Evaluating and Mitigating Records and Information Risks, ARMA, Overland Park, KS.
2. Bailey, S. (2009), "Forget electronic records management, it's automated records management that we desperately need" in Records Management Journal, Vol. 19, No. 2, pp. 91-7.
3. Brown, M., Demb, S.R. and Lomas, E. (2009), "Continued communication - maximising the potential of communications: the research and outputs of a co-operative inquiry", Proceedings of the Managing Information in the Digital Era Conference, Botswana October.
4. Cabinet Office (2008a), Data Handling Procedures in Government: Final Report, Cabinet Office, available at: www.cabinetoffice.gov.uk/media/65948/dhr080625.pdf (accessed 1 February 2010).
5. Cabinet Office (2008b), Protecting Information in Government, Cabinet Office, available at: www.cabinetoffice.gov.uk/media/328380/protecting-information.pdf (accessed 1 February 2010).
6. Cabinet Office and CESG (2009), HMG Information Assurance Maturity Model and Assessment Framework, Cabinet Office and CESG, available at: www.cesg.gov.uk/products_services/iacs/iamm/media/iamm-assessment-framework.pdf (accessed 1 February 2010).
7. Childs, S., Hardiman, R., Hay-Gibson, N., Lomas, E. and McLeod, J. (Eds.) (2008), "Examining the issues and challenges of email and e-communications exploring strategies with experts", Proceedings of the 2nd Northumbria Witness Seminar Conference, Newcastle-upon-Tyne, 24-25 October.
8. Civil Service (2008), Cross Government Actions: Mandatory Minimum Measures, Civil Service, available at: www.cabinetoffice.gov.uk/media/cabinetoffice/csia/assets/dhr/cross_gov080625.pdf (accessed 1 February 2010). See also Central Sponsor for Information Assurance www.cabinetoffice.gov.uk/csia (accessed 1 February 2010).
9. Coates, S. (2008), "Gordon Brown says government cannot ensure data safety", The Times Online, November 2, available at: www.timesonline.co.uk/tol/news/politics/article5065795.ece (accessed February 1, 2010).
10. Egbuji, A. (1999), "Risk management of organisational records", Records Management Journal, Vol. 9, No. 2.
11. ENISA (2010), "Flying 2.0 - enabling automated air travel by identifying and addressing the challenges of IoT and RFID technology", available at: www.enisa.europa.eu/act/rm/emerging-and-future-risk/deliverables/flying-2.0-enabling-automated-air-travel-by-identifying-and-addressing-the-challenges-of-iot-rfid-technology-2 (accessed 1 February 2010).
12. Gilb, T. (2005), Comptitive Engineering: A Handbook for Systems Engineering, Requirements Enqineering and Software Engineering Using Planguage, Elsevier Butterworth-Heineman, Oxford.
13. Graves, R. (2007), Suetonius The Twelve Ceasars, Penguin Classics, New York, NY.
14. Great Britain. Parliament. House of Commons (1998), The Stationery Office, London, Data Protection Act.
15. Heifer Organisation (2010), "Fat, calories, CO2?", World Ark, Spring, available: www.nxtbook.com/nxtbooks/heifer/worldark_2010spring/#/8 (accessed:14 April 2010).
16. ICO (2010), "Press release: data breaches to incur up to £500,000 penalty", 12 January, available at: www.ico.gov.uk/upload/documents/pressreleases/2010/penalties_guidance_120110.pdf (accessed 1 February 2010).
17. IPCC (2008), Report into Missing HMRC Data CDs, Independent Police Complaints Commission, London.
18. ISO (2001), 15489-1: Information and Documentation - Records Management. Part 1: General, ISO, Geneva.
19. ISO (2005a), 17799:2005. Information Technology - Security Techniques - Code of Practice for Information Security Management, BSI, London.
20. ISO (2005b), 27001:2005 BS 7799-2:2005. Information Technology - Security Techniques - Information Security Management Systems - Requirements, BSI, London.
21. ISO/TR (2001), 15489-2: Information and Documentation - Records Management. Part 2: Guidelines, ISO, Geneva.
22. Lomas, E. (2009), "The synergy of international information standards: aligning records management practice with risk and information security models", paper presented at the Records Management Society Conference, 19-21 April.
23. Lomas, E., Shepherd, J. and Stephenson, K. (2010), "Continued communication: maximising your communications in a Web 2.0 world", paper presented at the Records Management Society Conference, 21-23 March.
24. McLeod, J. (2004), "Assessing the impact of ISO 15489 in practice: early indications from the UK", paper presented at the 15th International Congress on Archives, Vienna, 23-29 August.
25. Mat-isa, A. (2006), "Risk management and managing records" Tough, A. and Moss, M. (Eds.), Record Keeping in a Hybrid Environment, Chandos House, London.
26. (The) Nielsen Company (2009), The ISO Survey 2008, The Nielsen Company, New York, NY, available at: www.iso.org/iso/survey2008.pdf (accessed, 1 February 2010).
27. Noon, M. and Blyton, P. (2007), The Realities of Work, Palgrave MacMillan, London.
28. Oliver, G. (2007), "Implementing international standards, first know your organisation" in Records Management Journal, Vol. 17, No. 2, pp. 82-93.
29. Poynter, K. (2008), Review of Information Security at HM Revenue and Customs, Final Report, June, available at: www.hm-treasury.gov.uk/media/0/1/poynter_review250608.pdf (accessed 1 February 2010).
30. Sampson, K.L. (1992), Value Added Records Management: Protecting Corporate Assets, Reducing Business Risks, Quorum Books, Westport, CT.
31. Willis, A. (2005), "Corporate governance and management of information and records" in Records Management Journal, Vol. 15, No. 2, pp. 86-97.
32. Bisson, J. and Saint-Germain, R. (2005a), "The BS 7799/ISO 17799 standard: for a better approach to information security", Callio. p. 19 contains an information security bibliography, available at: www.callio.com/files/wp_iso_en.pdf (accessed 1 March 2010).
33. Bisson, J. and Saint-Germain, R. (2005b), "The ISO 17799 standard: for a better approach to information security", Records Management Bulletin, Vol. 127, pp. 21-3 and 36.
34. BS 10008 (2004), Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically, BSI, London.
35. Dodgson, P. (2010), "Information assurance for records managers", paper presented at the Records Management Society Conference, 21-23 March.
36. European Commission (2007), On Promoting Data Protection by Privacy Enhancing Technologies, European Commission, Brussels.
37. European Commission (2008), Early Challenges on the Internet of Things, European Commission, Brussels.
38. Humphreys, T. and Plate, A. (2005), Guide to the Implementation and Auditing of ISMS Controls Based on BS ISO 27001, BSI, London.