Securing a collaborative information management system is divided between technical forms of security, such as firewalling and encryption, and social forms of security, such as trust. In order to properly provide security to a system, both aspects must be addressed in relation to each other, not one after the other or each one by separate committees. Even more, not having everyone on the same page about what security means and the responsibility to achieve and maintain it, can jeopardise the long-term security of a collaborative information management system.
Guiding Questions
Who is responsible for the collaborative platform’s security? Technology? Designers? Responders? The host?
Where in the system is security maintained? Is it in the system architecture? The data links? The network? With the users? In the governance?
What is the purpose of the system’s security? Supporting privacy? Sharing? Democratic deliberation?
When can security be guaranteed? When entering data? While data is stored? While it is used?
Are the three main goals of information security (availability, integrity, confidentiality) considered? If not, why not?
What is the relation between security and privacy or informational self-determination, i.e. the ability to decide what information about persons goes where?
Do the rules for security stay the same as data crosses boundaries?