Information systems security from a knowledge management perspective
Abstract
Purpose
Information systems security management is a knowledge‐intensive activity that currently depends heavily on the experience of security experts. However, the knowledge dimension of IS security management has been neglected, both by research and industry. This paper aims to explore the sources of IS security knowledge and the potential role of an IS security knowledge management system.
Design/methodology/approach
The results of this paper are based on field research involving five organizations (public and private) and five security experts and consultants. A model to illustrate the structure of IS security knowledge in an organization is then proposed.
Findings
Successful security management largely depends on the involvement of users and other stakeholders in security analysis, design, and implementation, as well as in actively defending the IS. However, most stakeholders lack the required knowledge of IS security issues that would allow them to play an important role in IS security management.
Originality/value
In this paper, the knowledge management aspect of IS security management has been highlighted. Moreover, the basic sources of security‐related knowledge have been identified and a model of IS security knowledge has been created. Also, the activities to be supported by a security‐focused KM system have been identified. Thus, the basis for the development of specialized security KM systems has been set.
Keywords
Citation
Belsis, P., Kokolakis, S. and Kiountouzis, E. (2005), "Information systems security from a knowledge management perspective", Information Management & Computer Security, Vol. 13 No. 3, pp. 189-202. https://doi.org/10.1108/09685220510602013
Publisher
:Emerald Group Publishing Limited
Copyright © 2005, Emerald Group Publishing Limited