9 mahmood shah risk 4 3
TRANSCRIPT
Use of knowledge Management in
Information SecurityBy
Dr. Mahmood Hussain ShahLancashire Business School
University of Central Lancashire
Knowledge Management
Is the process of • Creating Knowledge• Storing Knowledge • Processing Knowledge• Sharing Knowledge
Knowledge Management and Information Security
• Managing information securely has become a big challenge for the companies throughout the globe.
• Organizations must be capable enough to handle and manage information securely and safely
• Information is one of the most important assets for the business organisations in today’s advanced world.
• Knowledge Management plays vital role in the field of information security.
Involvement of the users and other stakeholders in:
Management of information security relies on the involvement of the users and other stakeholders in:• Security analysis• Information security infrastructure design• And the implementation of Information Security Systems.
However, most stakeholders lack the required knowledge of information security issues that would allow them to play an important role in knowledge management and its uses.
Two Ongoing Research Projects in role of Knowledge Management in
Information Security
• 1. Investigation of Knowledge Transfer Process to Prevent Identity Theft inside the Organisation (Units within an organization)• 2. Investigation of Knowledge
Sharing Process to Prevent Identity Theft with external Organisations (i.e. Competitors, Partners)
Research Methods
The qualitative research methods using three case studies for each project are being conducted to explore the validity of factors identified in the framework.Data collection methods and sources
• Semi-Structured Interviews (10 to 15)• Analysis of internal documents of the organisation (memos,
survey reports of the organisation and their website)• Investigation of secondary sources such as news items and
electronic media.
Findings to date
• Staff working within organisations are unaware about knowledge sharing of;
Information security risks Prevention practice
• There is no environment of knowledge sharing for information security .
• An educational environment is needed to enhance the knowledge of staff for information security knowledge sharing.
• Needs develop the culture of knowledge sharing by facilitating trust• Needs to enhance trust level among individuals and between
departments.• Develop a system for knowledge transfer
Existing Practices of Knowledge Sharing in the Companies
Inductions to new comers Emails for updating employees Use e-learning system for updates of available
trainings Policy documents Share knowledge within departments Meetings of managers and staff
Existing Barriers for Sharing the Knowledge
• Lack of focus on enhancing e information security knowledge of employees
• Very basic trainings in induction (Use of existing system, use databases and create spreadsheets)
• Lack of trainings for information security and security departments• Almost no knowledge sharing among individuals or departments• No job rotation for enhancing knowledge of employees• Sensitivity of customers knowledge going to its rivals (loss of
competitive advantage)• Lack of trust among the organisations and need of formal
agreements for proper collaboration• Legal and ethical barriers in sharing of information
Recommendations
Company need to;• Develop employees’ education programmes to enhance awareness• Develop knowledge sharing systems • Job rotation• Increase the trust level between individuals and departments
(incentives?)• Develop a trusting and collaborative culture• Frameworks for internal and external knowledge sharing (industry
wide and beyond)• Seek clarity in dealing with legal and ethical issues and embed
them in training