Search results

1 – 10 of over 61000
To view the access options for this content please click here
Article
Publication date: 31 March 2020

Ivano Bongiovanni, Karen Renaud and George Cairns

To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.

Abstract

Purpose

To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.

Design/methodology/approach

The authors gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. They conducted interviews with key stakeholders in Australian universities in order to validate these links.

Findings

The authors’ investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.

Research limitations/implications

There is a need to acknowledge the different roles played by actors within the university and the relevance of information security to IC-related preservation.

Practical implications

Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.

Originality/value

This is one of the first studies to explore the connections between data and information security and the three core components of IC's knowledge security in the university context.

Details

Journal of Intellectual Capital, vol. 21 no. 3
Type: Research Article
ISSN: 1469-1930

Keywords

To view the access options for this content please click here
Article
Publication date: 1 July 2006

Ebrahim Randeree

Increased focus on knowledge within firms has not addressed the security implication. This paper aims to examine the implications of knowledge management for security.

Downloads
15186

Abstract

Purpose

Increased focus on knowledge within firms has not addressed the security implication. This paper aims to examine the implications of knowledge management for security.

Design/methodology/approach

This approach highlights the competitive advantage of knowledge with an emphasis on security. This paper reviews security for data and information and explores the dimensions of secure knowledge systems. The emphasis is on knowledge security and the development of future knowledge management systems.

Findings

This paper finds that there exists a general lack of focus on security in the knowledge management framework – both in a research setting and in practical applications. Knowledge is different from information and data and needs special consideration in firms.

Research implications/limitations

Designers of knowledge management systems can implement levels of security for different types of knowledge that reside within the organization. The concept of “secure knowledge management” has provided nascent models to address the management and protection of knowledge resources. Information systems researchers that are investigating knowledge have to include the protection and security of knowledge.

Originality/value

Knowledge management has moved to the forefront of both the research and corporate agendas. Harnessing the information and knowledge contained within firm data warehouses is one method to achieve competitive advantage. Various types of knowledge require different solutions. Designers of knowledge management systems can implement levels of security for different types of knowledge that reside within the organization. Future developments need to address securing the knowledge of a corporation, its most valuable asset.

Details

Journal of Knowledge Management, vol. 10 no. 4
Type: Research Article
ISSN: 1367-3270

Keywords

To view the access options for this content please click here
Article
Publication date: 24 September 2019

Karen Renaud, Basie Von Solms and Rossouw Von Solms

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements…

Downloads
1132

Abstract

Purpose

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements of intellectual capital to help boards of directors (BoDs) and executive management teams to understand their responsibilities and accountabilities in this respect.

Design/methodology/approach

The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital and to outline actions to be taken by BoDs to do so.

Findings

Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance and merits attention from BoDs.

Research limitations/implications

This paper clarifies BoDs intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.

Practical implications

The authors hope that BoDs will benefit from the clarifications, and especially from the positioning of intellectual capital in cyber space.

Social implications

If BoDs know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.

Originality/value

This paper extends a previous paper published by Von Solms and Von Solms, which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from security researchers.

Details

Journal of Intellectual Capital, vol. 20 no. 5
Type: Research Article
ISSN: 1469-1930

Keywords

To view the access options for this content please click here
Article
Publication date: 6 June 2020

Areej Alhogail

Sharing information security best practices between experts via knowledge management systems is valuable for improving information security practices, exchanging…

Abstract

Purpose

Sharing information security best practices between experts via knowledge management systems is valuable for improving information security practices, exchanging expertise, mitigating security risks, spreading knowledge, reducing costs and saving efforts. The purpose of this paper is developing a conceptual model to enhance the transfer of information security best practices between professionals in virtual communities through a Web-based knowledge management system to exchange their successful experience in handling different information security situations.

Design/methodology/approach

The model is validated by surveying 17 experts’ reviews on the correctness of the model’s structure and its related components through applying deep rich peer debriefing to test suitability. Quantitative data has been collected to achieve confirmatory results.

Findings

The resulting model incorporates five main components that support the formal mechanism for the acquisition and dissemination of knowledge: identification, classification, storage, validation and sharing. The success of knowledge sharing is highly dependent on the active collaboration of community members and highly influenced by motivation. Validating transferred knowledge is vital for ensuring the credibility of the system.

Originality/value

To the best of the author’s knowledge, this paper is one of the first to highlight the role of integrating knowledge management to enhance the effective share and reuse of information security best practices knowledge. The research results can support researchers investigating the topic and generate trustworthy literature to guide information security virtual community developers.

Details

VINE Journal of Information and Knowledge Management Systems, vol. 51 no. 4
Type: Research Article
ISSN: 2059-5891

Keywords

To view the access options for this content please click here
Article
Publication date: 11 March 2019

Uchenna Daniel Ani, Hongmei He and Ashutosh Tiwari

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within…

Downloads
1263

Abstract

Purpose

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting human-factor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.

Design/methodology/approach

A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.

Findings

Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.

Practical implications

The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.

Originality/value

This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.

Details

Journal of Systems and Information Technology, vol. 21 no. 1
Type: Research Article
ISSN: 1328-7265

Keywords

To view the access options for this content please click here
Article
Publication date: 17 May 2011

Piya Shedden, Rens Scheepers, Wally Smith and Atif Ahmad

Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information used by organisations. This paper

Downloads
1985

Abstract

Purpose

Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information used by organisations. This paper argues that these methodologies have a traditional orientation towards the identification and assessment of technical information assets. This obscures key risks associated with the cultivation and deployment of organisational knowledge. The purpose of this paper is to explore how security risk assessment methods can more effectively identify and treat the knowledge associated with business processes.

Design/methodology/approach

The argument was developed through an illustrative case study in which a well‐documented traditional methodology is applied to a complex data backup process. Follow‐up interviews were conducted with the organisation's security managers to explore the results of the assessment and the nature of knowledge “assets” within a business process.

Findings

It was discovered that the backup process depended, in subtle and often informal ways, on tacit knowledge to sustain operational complexity, handle exceptions and make frequent interventions. Although typical information security methodologies identify people as critical assets, this study suggests a new approach might draw on more detailed accounts of individual knowledge, collective knowledge and their relationship to organisational processes.

Originality/value

Drawing on the knowledge management literature, the paper suggests mechanisms to incorporate these knowledge‐based considerations into the scope of information security risk methodologies. A knowledge protection model is presented as a result of this research. This model outlines ways in which organisations can effectively identify and treat risks around process knowledge critical to the business.

Details

VINE, vol. 41 no. 2
Type: Research Article
ISSN: 0305-5728

Keywords

To view the access options for this content please click here
Article
Publication date: 1 July 2005

Petros Belsis, Spyros Kokolakis and Evangelos Kiountouzis

Information systems security management is a knowledge‐intensive activity that currently depends heavily on the experience of security experts. However, the knowledge

Downloads
7032

Abstract

Purpose

Information systems security management is a knowledge‐intensive activity that currently depends heavily on the experience of security experts. However, the knowledge dimension of IS security management has been neglected, both by research and industry. This paper aims to explore the sources of IS security knowledge and the potential role of an IS security knowledge management system.

Design/methodology/approach

The results of this paper are based on field research involving five organizations (public and private) and five security experts and consultants. A model to illustrate the structure of IS security knowledge in an organization is then proposed.

Findings

Successful security management largely depends on the involvement of users and other stakeholders in security analysis, design, and implementation, as well as in actively defending the IS. However, most stakeholders lack the required knowledge of IS security issues that would allow them to play an important role in IS security management.

Originality/value

In this paper, the knowledge management aspect of IS security management has been highlighted. Moreover, the basic sources of security‐related knowledge have been identified and a model of IS security knowledge has been created. Also, the activities to be supported by a security‐focused KM system have been identified. Thus, the basis for the development of specialized security KM systems has been set.

Details

Information Management & Computer Security, vol. 13 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article
Publication date: 12 November 2021

Xianchun Zhang, Zhu Yao, Wan Qunchao and Fu-Sheng Tsai

Time pressure is the most common kind of work pressure that employees face in the workplace; the existing research results on the effect of time pressure are highly…

Downloads
78

Abstract

Purpose

Time pressure is the most common kind of work pressure that employees face in the workplace; the existing research results on the effect of time pressure are highly controversial (positive, negative, inverted U-shaped). Especially in the era of knowledge economy, there remains a research gap in the impact of time pressure on individual knowledge hiding. The purpose of this paper is to explore the impact of different time pressure (challenge and hindrance) on knowledge hiding and to explain why there is controversy about the effect of time pressure in the academics.

Design/methodology/approach

The authors collected two waves of data and surveyed 341 R&D employees in China. Moreover, they used regression analysis, bootstrapping and Johnson–Neyman statistical technique to verify research hypotheses.

Findings

The results show that challenge time pressure (CTP) has a significant negative effect on knowledge hiding, whereas hindrance time pressure (HTP) has a significant positive effect on knowledge hiding; job security mediates the relationship between time pressure and knowledge hiding; temporal leadership strengthen the positive impact of CTP on job security; temporal leadership can mitigate the negative impact of HTP on job security.

Originality/value

The findings not only respond to the academic debate about the effect of time pressure and point out the reasons for the controversy but also enhance the scholars’ attention and understanding of the internal mechanism between time pressure and knowledge hiding.

Details

Journal of Knowledge Management, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1367-3270

Keywords

To view the access options for this content please click here
Article
Publication date: 12 June 2017

Prashanth Rajivan, Pablo Moriano, Timothy Kelley and L. Jean Camp

The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and…

Abstract

Purpose

The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and interactions in the security and privacy context. Standardized, externally valid instruments for measuring end-user security expertise are non-existent.

Design/methodology/approach

A questionnaire encompassing skills and knowledge-based questions was developed to identify critical factors that constitute expertise in end users. Exploratory factor analysis was applied on the results from 898 participants from a wide range of populations. Cluster analysis was applied to characterize the relationship between computer and security expertise. Ordered logistic regression models were applied to measure efficacy of the proposed security and computing factors in predicting user comprehension of security concepts: phishing and certificates.

Findings

There are levels to peoples’ computer and security expertise that could be reasonably measured and operationalized. Four factors that constitute computer security-related skills and knowledge are, namely, basic computer skills, advanced computer skills, security knowledge and advanced security skills, and these are identified as determinants of computer expertise.

Practical implications

Findings from this work can be used to guide the design of security interfaces such that it caters to people with different expertise levels and does not force users to exercise more cognitive processes than required.

Originality/value

This work identified four factors that constitute security expertise in end users. Findings from this work were integrated to propose a framework called Security SRK for guiding further research on security expertise. This work posits that security expertise instrument for end user should measure three cognitive dimensions: security skills, rules and knowledge.

Details

Information & Computer Security, vol. 25 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 13 June 2016

Timothy Kelley and Bennett I. Bertenthal

Modern browsers are designed to inform users as to whether it is secure to login to a website, but most users are not aware of this information and even those who are…

Abstract

Purpose

Modern browsers are designed to inform users as to whether it is secure to login to a website, but most users are not aware of this information and even those who are sometimes ignore it. This study aims to assess users’ knowledge of security warnings communicated via browser indicators and the likelihood that their online decision-making adheres to this knowledge.

Design/methodology/approach

Participants from Amazon’s Mechanical Turk visited a series of secure and insecure websites and decided as quickly and as accurately as possible whether it was safe to login. An online survey was then used to assess their knowledge of information security.

Findings

Knowledge of information security was not necessarily a good predictor of decisions regarding whether to sign-in to a website. Moreover, these decisions were modulated by attention to security indicators, familiarity of the website and psychosocial stress induced by bonus payments determined by response times and accuracy.

Practical implications

Even individuals with security knowledge are unable to draw the necessary conclusions about digital risks when browsing the web. Users are being educated through daily use to ignore recommended security indicators.

Originality/value

This study represents a new way to entice participants into risky behavior by monetizing both speed and accuracy. This approach could be broadly useful as a way to study risky environments without placing participants at risk.

Details

Information & Computer Security, vol. 24 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 10 of over 61000