The role of records and information management in information security

The main role of information and records management in information security is to present a consistent and known information environment so that security design processes can be effective.

The second - and arguably more important role - is in maintaining the consistent and known information environment so that a design can remain effective.

Security is like anything else that involves a design element.

A good design is only possible when the design conditions are known, and consistent.

Any design will break when exposed to conditions that it wasn't designed for.

So if your security architect has designed your systems to protect low-risk content, and you have high-risk content where it wasn't expected to be (because your information is a mess) - your security design won't adequately protect that information - it will break.

All security architects need from information and records managers, is a consistent and known information environment.