Use of knowledge Management in

Information SecurityBy

Dr. Mahmood Hussain ShahLancashire Business School

University of Central Lancashire

Knowledge Management

Is the process of • Creating Knowledge• Storing Knowledge • Processing Knowledge• Sharing Knowledge

Knowledge Management and Information Security

• Managing information securely has become a big challenge for the companies throughout the globe.

• Organizations must be capable enough to handle and manage information securely and safely

• Information is one of the most important assets for the business organisations in today’s advanced world.

• Knowledge Management plays vital role in the field of information security.

Involvement of the users and other stakeholders in:

Management of information security relies on the involvement of the users and other stakeholders in:• Security analysis• Information security infrastructure design• And the implementation of Information Security Systems.

However, most stakeholders lack the required knowledge of information security issues that would allow them to play an important role in knowledge management and its uses.

Two Ongoing Research Projects in role of Knowledge Management in

Information Security

• 1. Investigation of Knowledge Transfer Process to Prevent Identity Theft inside the Organisation (Units within an organization)• 2. Investigation of Knowledge

Sharing Process to Prevent Identity Theft with external Organisations (i.e. Competitors, Partners)

Research Methods

The qualitative research methods using three case studies for each project are being conducted to explore the validity of factors identified in the framework.Data collection methods and sources

• Semi-Structured Interviews (10 to 15)• Analysis of internal documents of the organisation (memos,

survey reports of the organisation and their website)• Investigation of secondary sources such as news items and

electronic media.

Findings to date

• Staff working within organisations are unaware about knowledge sharing of;

Information security risks Prevention practice

• There is no environment of knowledge sharing for information security .

• An educational environment is needed to enhance the knowledge of staff for information security knowledge sharing.

• Needs develop the culture of knowledge sharing by facilitating trust• Needs to enhance trust level among individuals and between

departments.• Develop a system for knowledge transfer

Existing Practices of Knowledge Sharing in the Companies

Inductions to new comers Emails for updating employees Use e-learning system for updates of available

trainings Policy documents Share knowledge within departments Meetings of managers and staff

Existing Barriers for Sharing the Knowledge

• Lack of focus on enhancing e information security knowledge of employees

• Very basic trainings in induction (Use of existing system, use databases and create spreadsheets)

• Lack of trainings for information security and security departments• Almost no knowledge sharing among individuals or departments• No job rotation for enhancing knowledge of employees• Sensitivity of customers knowledge going to its rivals (loss of

competitive advantage)• Lack of trust among the organisations and need of formal

agreements for proper collaboration• Legal and ethical barriers in sharing of information

Recommendations

Company need to;• Develop employees’ education programmes to enhance awareness• Develop knowledge sharing systems • Job rotation• Increase the trust level between individuals and departments

(incentives?)• Develop a trusting and collaborative culture• Frameworks for internal and external knowledge sharing (industry

wide and beyond)• Seek clarity in dealing with legal and ethical issues and embed

them in training