Access the full text.
Sign up today, get DeepDyve free for 14 days.
(2016)
15489-1:2016: information and documentation – Records management – Part 1: Concepts and principles
(2008b)
SP 800-64 rev.2. Security considerations in the system development life cycle
(2011)
SP 800-39. Managing information security risk: organization, mission, and information system view
(2018d)
SP 800-37 rev. 2 (draft) risk management framework for information systems and organization: a system life cycle approach for security and privacy
B. Glaser (1992)
Basics of Grounded Theory Analysis: Emergence Vs. Forcing
(2018a)
Controlled unclassified information (CUI)
B. Glaser (1998)
Doing grounded theory : issues and discussions
L. Anselm, Strauss, Andrew Cerniglia (2008)
Excerpts from : The Discovery of Grounded Theory : Strategies for Qualitative Research
(2008a)
SP 800-60 vol. 2 rev.1. Guide for mapping types of information and information systems to security categories
(2018b)
Risk management
(2014b)
44 USC chapter 35, subchapter II: information security
(1974)
Privacy act
(2018c)
Publication schedule
(2015b)
SP 800-53 rev. 4. Security and privacy controls for federal information system and organizations
(2014)
SP 800-37 rev.1. Guide for applying the risk management framework to federal information system: a security life cycle approach
(2014a)
44 USC Ch. 15: federal register and code of federal regulations
(2010)
Executive order 13556: controlled unclassified information
(2017)
Glossary
(2012)
Managing government records directive
Elizabeth Lomas (2010)
Information governance: information security and access within a UK contextRecords Management Journal, 20
(2018b)
How should agencies apply the statutory definition of federal records
(2015)
Committee on national security system (CNSS) glossary
S.L. Xie (2013)
The nature of record and the information management crisis in the government of Canada
(2018c)
Creation, maintenance, and use of records
(2018a)
FISMA background
This paper aims to report on a study that aimed at analyzing the relationships between information security and records management (RM), both as programs/functions established in organizations. Similar studies were not found in relevant literature.Design/methodology/approachThe study used the classic grounded theory methodology. Pursuing the general curiosity about the information security-RM relationship in organizations, the study selected the United States (US) Federal Government as its field of entrance and followed the process of the classic grounded theory methodology that starts from the letting of the emergence of the research question to the formulation of a substantive theory that answered the question.FindingsOn the emergent question that why, despite the legislative establishment of agency RM programs and the use of the term records in their work, the US Federal Government information security community considered RM a candidate for deletion (CFD), the study coded the truncated application of the encompassing definition of records as the underlying reason. By this code, along with its three properties, i.e. limitations by the seemingly more encompassing coverage of information, insufficient legislative/regulatory support and the use of the terms of evidence and preservation in the records definition, the CFD consideration and the associated phenomena of unsound legislative/regulatory conceptualization, information shadow, information ignorance and archival shadow were explained.Research limitations/implicationsThe study results suggested the data for subsequent theoretical sampling to be the operational situations of individual agency RM programs.Practical implicationsThe rationale presented in the study regarding the encompassing nature of records and the comprehensive scope of RM program can be used for building strong RM business cases.Originality/valueThe study appears to be the first of its kind, which examined the RM–information security relationship in a very detailed setting.
Records Management Journal – Emerald Publishing
Published: Mar 7, 2019
Keywords: Records management; Information security; Archival shadow; Information ignorance; Information shadow; Records definition
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.