Integrating Knowledge Management into Information Security

Au, Cheuk Hang; Fung, Walter

doi:10.4018/ijkm.2019010103

Cited by 17 publications

(14 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Dari masing-masing variabel memiliki indikator atau pertanyaan menyangkut survei penelitian pada anggota organisasi dengan catatan menyesuaikan hasil wawancara dengan pihak manajemen. Indikator pertanyaan kuesioner bersumber dari penelitian oleh [2], [11], [13], [14], [15], [16], [17], dan beberapa indikator untuk pengembangan penelitian.…”

Section: Penyusunan Instrumenunclassified

Kepedulian Keamanan Informasi di Pemerintahan: Praktik Manajemen dan Dampaknya

Fachriandi

Dirgahayu

2021

JAMIKA

View full text Add to dashboard Cite

Currently the organization is facing challenges due to the Covid19 pandemic which has caused changes in work patterns for all members of the organization. The priority of management is to give more attention to information security, especially for members and government organizations in general. Various information security practices have been carried out, but there are obstacles that occur such as the lack of awareness of information security, work behavior, work culture and the lack of human resources available and this can have a negative impact on the level of information security concern in the organization. Information security practices carried out by management do not always have an impact on changes in the behavior of organizational members. From the data obtained, there are many information security practices that may have been implemented by management. But do members of the organization care about the practice. Therefore, it is important to conduct research with the aim of knowing the practice of information security concern that has been carried out by management whether it has an impact on organizational members, especially the organization itself. This study used qualitative and quantitative interpretive approaches as a data collection process in three government organizations. Qualitative is used to obtain data from management and processed using the SAP-LAP model through interviews. Then an online survey was conducted with members of the organization to determine the impact of implementing information security care practices on the organization. The results show that organizational members have a high level of concern for the management's information security practices.

show abstract

Section: Penyusunan Instrumenunclassified

Kepedulian Keamanan Informasi di Pemerintahan: Praktik Manajemen dan Dampaknya

Fachriandi

Dirgahayu

2021

JAMIKA

View full text Add to dashboard Cite

show abstract

“…It is expected to have a promising positive influence on ISM and the effectiveness of best practices’ transfer. KM systems can be used to capture and store best practices’ knowledge (Hislop et al , 2018; Au and Fung, 2019) so that it is accessible by security practitioners to assist them in making rational decisions and in their day-to-day operations (Mittal et al , 2010).…”

Section: Background and Related Studiesmentioning

confidence: 99%

“…For instance, Alhogail and Berri (2012) presented a knowledge architecture to capture the security-related knowledge of handling security incidents and make it available to be shared across the organization, to minimize the dependency on security expert personnel. Au and Fung (2019) have proposed InfoSec audit model to promote knowledge-centric information security. Studies that focus on presenting information security knowledge through ontology, such as study by Belsis et al (2005) that modeled the security knowledge in an organization through three structured layers, namely, policy, guidelines and measures. Feledi et al (2013) presented a Web portal for sharing information security knowledge.…”

Section: Background and Related Studiesmentioning

confidence: 99%

“…The field of ISM is a knowledge-intensive domain that highly depends on the security experts’ skills and experiences. Nevertheless, using KM in information security field has been largely neglected by research and industry and very few studies have explored the use of KM to enhance the sharing and exchanging of information security knowledge (Belsis et al , 2005; Mittal et al , 2010; AlHogail and Berri, 2012; Feledi et al , 2013; Rocha Flores et al , 2014; Safa and Von Solms, 2016; Au and Fung, 2019; Eslamkhah and Hosseini Seno, 2019; Jennex and Durcikova, 2019). To the best of the authors’ knowledge, no studies have explored the use of Web-based KM systems to enhance the exchange of information security best practices among experts to enhance its benefits.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Enhancing information security best practices sharing in virtual knowledge communities

Alhogail

2020

VJIKMS

View full text Add to dashboard Cite

Purpose Sharing information security best practices between experts via knowledge management systems is valuable for improving information security practices, exchanging expertise, mitigating security risks, spreading knowledge, reducing costs and saving efforts. The purpose of this paper is developing a conceptual model to enhance the transfer of information security best practices between professionals in virtual communities through a Web-based knowledge management system to exchange their successful experience in handling different information security situations. Design/methodology/approach The model is validated by surveying 17 experts’ reviews on the correctness of the model’s structure and its related components through applying deep rich peer debriefing to test suitability. Quantitative data has been collected to achieve confirmatory results. Findings The resulting model incorporates five main components that support the formal mechanism for the acquisition and dissemination of knowledge: identification, classification, storage, validation and sharing. The success of knowledge sharing is highly dependent on the active collaboration of community members and highly influenced by motivation. Validating transferred knowledge is vital for ensuring the credibility of the system. Originality/value To the best of the author’s knowledge, this paper is one of the first to highlight the role of integrating knowledge management to enhance the effective share and reuse of information security best practices knowledge. The research results can support researchers investigating the topic and generate trustworthy literature to guide information security virtual community developers.

show abstract

“…Trust management plays an important role to provide reliable data merging [33]. It also helps to eliminate the risk of user privacy [34] and information security [35]. In this section, a literature survey has been conducted on the existing trust management mechanisms.…”

Section: Literature Reviewmentioning

confidence: 99%

RobustTrust – A Pro-Privacy Robust Distributed Trust Management Mechanism for Internet of Things

et al. 2019

View full text Add to dashboard Cite

In the promising time of the Internet, connected things have the ability to communicate and share information. The Internet of Things (IoT) cannot be implemented unless the security-related concerns have been resolved. Sharing information among different devices can compromise the private information of users. Thus, a suitable mechanism is needed to exclude the risk of malicious and compromised nodes. As follows, trust has been proposed in the literature as a useful technology to maintain users' security. Prior studies have proposed diverse trust management mechanisms to achieve adequate trust. The approach of cross-domain trust management is neglected that requires enormous considerations to address the difficulties related to cross-domain communication. In this paper, a cross-domain robust distributed trust management (RobustTrust) system is proposed, which makes a device fit for assessing trust towards different devices locally. In this system, the trust is divided into three components of security that help IoT nodes to become robust against compromised and malicious devices/nodes. The novelty of the proposed mechanism can be summarized in these aspects: A highly scalable trust mechanism, multiple components of evaluation to enhance robustness against attacks, and use of recommendations along with the feedback to build knowledge. Furthermore, the proposed mechanism is event-driven that helps nodes to evaluate trust more effectively as well as enhance the system efficiency. The proposed work is compared with the available trust evaluation schemes by concentrating on various attributes, such as trustworthiness, usability, and accuracy among others. The RobustTrust is validated by the extensive simulations considering absolute trust value's performance, the accuracy of trust estimation, and several potential attacks.

show abstract

Integrating Knowledge Management into Information Security

Cited by 17 publications

References 46 publications

Kepedulian Keamanan Informasi di Pemerintahan: Praktik Manajemen dan Dampaknya

Kepedulian Keamanan Informasi di Pemerintahan: Praktik Manajemen dan Dampaknya

Enhancing information security best practices sharing in virtual knowledge communities

RobustTrust – A Pro-Privacy Robust Distributed Trust Management Mechanism for Internet of Things

Contact Info

Product

Resources

About