In the March 2017 issue of the Business Information Review, Paul Pedley wrote about the “Relevance
of privacy for corporate library and information services.” I find myself
in an interesting position in regards to the intersection of library and
information services with information privacy and security. After enjoying
library work for almost 15 years in a variety of settings, I decided to make a
career move towards the information security industry. I suspected that
librarians and information professionals have the skills to be integral to the
security processes of an organization, and I keep finding opportunities to
confirm this. Pedley’s article resonated with me because I’m essentially living
in that intersection of LIS and security.
In the information security world, I often give talks,
podcasts, and write about how security professionals can utilize principles
from library and information science for their work. Given my unique
perspective, I will share some insight on how library and information services
professionals can be proactive to help their organizations with security. To
compliment Paul Pedley’s article, I’ve rounded up three practical, every day security
practices that can help librarians and information professionals become allies
on the security front of their organizations.
(
Get to know the IT or security team at your
organization. Before you try to execute any activities yourself, talk to
the people within your organization who handle data privacy and information
security matters. Find out what their pain points are and ask how your two
departments can collaborate.
Understand the basic vocabulary of security.
Do you know what a DDoS is? How about an 0day? Do you know the differences
between phishing, spear phishing, and whaling? You don’t need to know the
technology behind these terms, but it can be helpful if you can have at least a
basic understanding of the terminology used. Learning these terms can also help
you do more comprehensive research for your clients or users. If you are asked
to research a specific company and you see a headline with that company’s name
and the letters DDoS in the headline, that’s important and you should understand
how that affects the business. The National Institute of Standards and
Technology has a glossary
of terms. However, it is very technical, so for the less-technically
inclined, utilize a resource like the National
Cyber Security Alliance.
( Passwords. Most libraries and on-site
information professionals have a role in managing passwords for their users, as
it pertains to databases and subscriptions that fall under the jurisdiction of
the library. Many law firm libraries, for example, utilize enterprise
electronic resource management software like Onelog.
In addition to tracking usage, resources like that are also password managers. That
is a great opportunity to encourage users to create long and strong passwords,
and flag any duplicate usage. (Which, by the way, is a discourage password
practice from a security standpoint.) Librarians and information professionals
are too busy to become the “password police,” but they have a unique
opportunity to help the security goals of the organization by being on the
front lines of password defense when dealing with users.
I’m not suggesting that librarians
and information professionals need to become security specialists, in addition
to their primary jobs. What I’m advocating for is becoming security allies
within organizations, be collaborative with the IT people, and learn some of
the lingo in order to better service users or clients. Corporate and law firm
libraries are often in a constant battle to justify their existence within an
organization, to prove their value. Security and privacy issues are only going
to be more prevalent. Librarians and information professionals have a unique
position to gain a little bit of knowledge in this area in order to cement
their position of value within an organization.
No comments:
Post a Comment