Friday, 17 March 2017

Privacy, Security and the crossover with Information Services

Author Tracy Maleeff, Sherpa Intelligence LLC and BIR Editorial Board Member

In the March 2017 issue of the Business Information Review, Paul Pedley wrote about the “Relevance of privacy for corporate library and information services.” I find myself in an interesting position in regards to the intersection of library and information services with information privacy and security. After enjoying library work for almost 15 years in a variety of settings, I decided to make a career move towards the information security industry. I suspected that librarians and information professionals have the skills to be integral to the security processes of an organization, and I keep finding opportunities to confirm this. Pedley’s article resonated with me because I’m essentially living in that intersection of LIS and security.

In the information security world, I often give talks, podcasts, and write about how security professionals can utilize principles from library and information science for their work. Given my unique perspective, I will share some insight on how library and information services professionals can be proactive to help their organizations with security. To compliment Paul Pedley’s article, I’ve rounded up three practical, every day security practices that can help librarians and information professionals become allies on the security front of their organizations.
(
       Get to know the IT or security team at your organization. Before you try to execute any activities yourself, talk to the people within your organization who handle data privacy and information security matters. Find out what their pain points are and ask how your two departments can collaborate.

       Understand the basic vocabulary of security. Do you know what a DDoS is? How about an 0day? Do you know the differences between phishing, spear phishing, and whaling? You don’t need to know the technology behind these terms, but it can be helpful if you can have at least a basic understanding of the terminology used. Learning these terms can also help you do more comprehensive research for your clients or users. If you are asked to research a specific company and you see a headline with that company’s name and the letters DDoS in the headline, that’s important and you should understand how that affects the business. The National Institute of Standards and Technology has a glossary of terms. However, it is very technical, so for the less-technically inclined, utilize a resource like the National Cyber Security Alliance.

(      Passwords. Most libraries and on-site information professionals have a role in managing passwords for their users, as it pertains to databases and subscriptions that fall under the jurisdiction of the library. Many law firm libraries, for example, utilize enterprise electronic resource management software like Onelog. In addition to tracking usage, resources like that are also password managers. That is a great opportunity to encourage users to create long and strong passwords, and flag any duplicate usage. (Which, by the way, is a discourage password practice from a security standpoint.) Librarians and information professionals are too busy to become the “password police,” but they have a unique opportunity to help the security goals of the organization by being on the front lines of password defense when dealing with users.

       I’m not suggesting that librarians and information professionals need to become security specialists, in addition to their primary jobs. What I’m advocating for is becoming security allies within organizations, be collaborative with the IT people, and learn some of the lingo in order to better service users or clients. Corporate and law firm libraries are often in a constant battle to justify their existence within an organization, to prove their value. Security and privacy issues are only going to be more prevalent. Librarians and information professionals have a unique position to gain a little bit of knowledge in this area in order to cement their position of value within an organization.


Tuesday, 7 March 2017

March 2017 Business Information Review

We're pleased to announce the publication of the March edition of Business Information Review. 

Paul Pedley looks at the effect of technology in corporate libraries on privacy, is it an issue, should it be an issue? In his paper, Paul considers the developments in business information software which enable personalization and portability which comes along with greater usage of cloud computing. This means more recording and storage of personal data which creates privacy risks. He argues that good vendor management is important, ensuring that vendors know what privacy concerns there are. Regular data protection/privacy audits are also important.

In his second paper for BIR, Ian Hunter develops further his piece on leveraged finance. December’s issue covered researching the market size and trends. In this article, he focusses on how to find leveraged finance documents. It is an interesting paper reviewing what sources are available and how to find them, an important read for anyone starting out in corporate finance information teams.

Next is a paper from Lindsay Harris and journal board member Mary Peterson. Entitled The economic value and clinical impact of the South Australian Health Library Service 2011–2016, the paper explores one Australian state’s Health Department library service attempts to measure the economic value and clinical impact of its professional services and online resources. Developed as a case study of performance management, the paper outlines the context for the development of evaluation strategies and the key success indicators that emerged in relation to economic value. They note that “measuring in return on investment (ROI) in a cost quantifiable manner for entities such as libraries, whose central role is with the retrieval and dissemination of the abstract concept of ‘information’, shall likely always be demanding and complex to achieve. Nevertheless, libraries must now make the effort to measure and evaluate their performance in whatever ways work best for their particular conditions.” The paper presents a valuable study of the experience of measuring and communicating value to stakeholders beyond the information profession.

Our next article from Malawi, Professor Winner Chawinga, lecturer in the Department of Library and Information Science at Mzuzu University and his colleague George Chipeta, senior lecturer in the Department of Library and Information Science (LIS) at Mzuzu University, investigates how the synergy of knowledge management and competitive intelligence may be a key success driver in small and medium business enterprises (SMEs). They consider the turbulent environment that SMEs now need to operate in and the importance of identifying and gaining competitive advantage. Knowledge management techniques and competitive intelligence research are investigated as a way to achieve competitive advantage.

Out of the Box makes a one off appearance in this issue, addressing developments in AI and the challenge to professional roles. While AI is a technology that has long been on the horizon, the increasing adoption of AI technologies within professional and business services contexts points to a challenging future for a range of professional fields. Out of the box explores the latest development in the use of AI in commercial contexts and discusses the future of professional fields. A one-off feature, we hope out of the box will return in a more regular form in the near future to explore all aspects of technology in commercial contexts.

Perspectives – Martin White’s article in this issue reviews a number of interesting articles. Subjects covered include information overload – does age have an effect? The development and use of personas – how they are used in human computer design (HCD), whether or not they are a useful tool in the design process and what best practice methods to use to make the use of this tool as effective as possible. Also covered is a paper on the balance between employee autonomy and corporate control. A highly interesting subject the paper explores the increasing need for collaborative working and the tools and social networks available to achieve this against the need for corporate governance and control. What is the best way to work in the digital workplace? This paper in particular is highly recommended by Martin to read in context of your own organization.

Initiatives – We’re sad to announce that this long running column of Allan’s, which has been a fantastic contribution over the last 10 years, is going to be his last contribution to BIR. Allan has been with the journal since the beginning and up until last year had also been responsible for the annual business information survey that has been running since 1991, giving a detailed picture on developments within and the state of the information profession, delivery and use of business information. The initiatives column has run in many guises since late 1990s. Allan’s contributions started in 2007 and have provided consistent and detailed overviews of what is current and important in the information profession at the time. In his last column, Allan takes a brief look back at his time with BIR as well as updating us on the latest initiatives in the profession. Luke and I would like to take this opportunity to say a big thank-you to Allan from us and on behalf of Sage for his valuable contributions and insights over the last 33 years.

You can find the March 2017 edition here: http://journals.sagepub.com/toc/bir/current