Are We Missing the Cybersecurity Factors in Recordkeeping?

Abstract

When creating, storing, and maintaining sensitive records, such as government data or records that reflect citizen rights or represent their health data, those records need to be trustworthy and secure. Since organizations are creating huge digital records, security in recordkeeping grows in complexity, and the relationship between the cybersecurity and recordkeeping domains is also expanding. While integrity and appraisal of records have always been considered important for records, existing standards and security discussions are missing some essential perspectives. Thus, research is needed to understand cybersecurity factors (different cybersecurity standards, techniques, protocols, etc.) for recordkeeping and the potential consequences of ignoring factors. With this goal, we explore two core standards, International Organization for Standardization ISO 15489 and ISO 27001, and selected relevant recent literature. This study makes a case for a universal standard for these cross-domain aspects of recordkeeping and cybersecurity by considering the existing standards and identifying the missing cybersecurity factors in recordkeeping. It also discusses relevant challenges and future research directions.