Andrew Ysasi (MS CRM/CIGO FIP FIIM CIPM CISM PMP IGP CIP) is Vice President of Advocacy at Vital Records Control, where he is responsible for mentoring, educating, volunteering, lobbying, and all things related to information governance. He is also a lecturer at San Jose State University in their masters of Archives and Records Administration program.  He runs IG Guru, the global “watercooler” for those in the records management space. He is currently President of ICRM, the Institute of Certified Records Managers.

Here’s my summary of my OxyMorons conversation with Andrew. Any errors in transcription or curation are mine.

What's the most surprising song that would pop up on your Spotify or Pandora playlist?

You're definitely going to find some early 90s rap on there. But probably the most surprising to people is the music from the soundtrack of The Twilight series. Yes, that’s the Twilight series about vampires and werewolves. I just I like the music.

What do you think is the most important skill involved in bridging the gap between strategy and tactics?

This is a great question, and what makes it a great question is it can be answered a lot of different ways depending on the audience. But I'm going to go with wisdom. Wisdom accumulated during a career gives an individual the ability to not only look at an issue from the bottom up, but also from the top down. And by bridging the gap between top-down and bottom-up perspectives, I think gain a strong picture of not only what's occurring now within the organization, but also how a problem came to be and where you could potentially be going if you solved the problem.

How do you think the pandemic has affected the priority that organizations place on security?

The technologies to connect remote workers were certainly put in the forefront because of the pandemic. Any governance concerns were thrown out the window because organizations had to adapt. And if they didn't, they were going to suffer. There are now so many ways to connect to content and data, and so many transmission paths for that information. The idea of perimeter security is gone. It's dead. There is no perimeter anymore. But we do need more centralized thinking about security.

Right now, we’re seeing increasing numbers of individuals changing roles and rebooting their careers – the Great Resignation, if you will – and this creates an additional set of security and governance concerns.  If there wasn't already a concern about security and a plan to secure and control how information is handled, that needs to be a concern and priority today. Organizations that fail to do so will suffer a loss of significant information because of all the coming and goings of employees or contractors.

Do you think organizations see a difference between data governance and information governance?

It depends on the size of the organization. Security typically can be viewed in two ways – through infrastructure and applications. Large enterprises have the luxury of dividing these concerns and responsibilities. Smaller organizations don’t have that luxury. They need to rely on their software and service providers to provide not only infrastructure security but also application-level security. Disaster recovery and business continuity have been important concepts for a long time. But applying these concepts to different technologies and how they are used can sometimes be difficult.

Does IG have a seat at the table when people talk about security, or does IG get drowned out by some of the more traditional voices?

IG often does not have a solid individual seat at the table, a positioning where the perspective is represented and respected and has the autonomy to make decisions. Various aspects of IG are represented at the table, but there's a lack of cohesion and understanding of how to align IG priorities. And unfortunately, as we've seen with this pandemic, the cost of convenience is something that is often overlooked. If we rush to put out systems making it easier for people to work remotely without looking at business continuity or disaster recovery, then there will be a cost of that convenience that needs to be addressed later, under the governance umbrella. And if it's not addressed, organization will face potential risk and/or lost value. Organizations need to ask, “Who is asking these questions at our organization if it's not IG?”

What are you presenting on at the MER Conference?

The networking at the MER Conference is incredible, and the education is always top-notch. My session will be on Cybersecurity and IG. Organizations are faced with myriad security concerns, and at times understanding these concerns can be overwhelming. IG professionals are required to understand security threats to their organizations and the information they are charged to protect. My presentation will explore current threats and how an IG professional can help cyber security professionals protect data.  I’m going to focus on providing the attendees with a set of practical tools to help integrate cybersecurity and governance concerns in their organization.

——-

These posts might also be of interest…

• Reimagining Information Privacy.

• Reimagining Information Security.

• Reimagining Information Authenticity.

• Reimagining Information Retention and Disposition.

• Reimagining the Information Governance Profession.

• Utopia or Dystopia?

• Life is Complicated.

• Life in Complicated - Part 2.

• The OxyMorons - Meet Angela Watt.

• What is Truth?