I am going to blog next week about a problematic item on the GARP health checkup which states, “Records managers responsible for papers records; IT responsible for electronic records.” I disagree with this statement and I believe that if records managers are concerned with electronic records security they need to be equipped to sit at the table with IT and the CISO. CIO.com has an article that I believe can be a helpful reference on that topic entitled, “Gartner Reveals Top 10 IT Security Myths” The ten myths are:
Myth #1: “It won’t happen to me”
Myth #2: “Infosec budgets are 10% of IT spend.”
Myth #3: “Security risks can be quantified”
Myth #4: A “We have physical security (or SSL) so you know your data is safe”
Myth #5: “Password expiration and complexity reduces risk”
Myth #6: “Moving the CISO outside of IT will automatically ensure good security”
Myth #7: “Adhering to security practices is the CISO’s problem”
Myth 8: “Buy this tool and it will solve all your problems”
Myth #9: “Let’s get the policy in place and we are good to go”
Myth #10: “Encryption is the best way to keep your sensitive files safe”

You can click on the link for the article to find out the causes and cures for each myth. As records managers, if we are concerned with protecting records and information, this is an area we need to pay close attention to.