1. Use of knowledge
Management in
Information Security
By
Dr. Mahmood Hussain Shah
Lancashire Business School
University of Central Lancashire
2. Knowledge Management
Is the process of
• Creating Knowledge
• Storing Knowledge
• Processing Knowledge
• Sharing Knowledge
3. Knowledge Management and
Information Security
• Managing information securely has become a big
challenge for the companies throughout the globe.
• Organizations must be capable enough to handle and
manage information securely and safely
• Information is one of the most important assets for the
business organisations in today’s advanced world.
• Knowledge Management plays vital role in the field of
information security.
4. Involvement of the users and other stakeholders in:
Management of information security relies on the involvement of the users and other
stakeholders in:
• Security analysis
• Information security infrastructure design
• And the implementation of Information Security Systems.
However, most stakeholders lack the required knowledge of information
security issues that would allow them to play an important role in knowledge
management and its uses.
5. Two Ongoing Research Projects in
role of Knowledge Management in
Information Security
• 1. Investigation of Knowledge Transfer Process
to Prevent Identity Theft inside the
Organisation (Units within an organization)
• 2. Investigation of Knowledge Sharing Process
to Prevent Identity Theft with external
Organisations (i.e. Competitors, Partners)
6. Research Methods
The qualitative research methods using three case studies for
each project are being conducted to explore the validity of
factors identified in the framework.
Data collection methods and sources
• Semi-Structured Interviews (10 to 15)
• Analysis of internal documents of the organisation (memos, survey
reports of the organisation and their website)
• Investigation of secondary sources such as news items and
electronic media.
7. Findings to date
• Staff working within organisations are unaware about knowledge sharing of;
Information security risks
Prevention practice
• There is no environment of knowledge sharing for information security .
• An educational environment is needed to enhance the knowledge of staff for
information security knowledge sharing.
• Needs develop the culture of knowledge sharing by facilitating trust
• Needs to enhance trust level among individuals and between departments.
• Develop a system for knowledge transfer
8. Existing Practices of Knowledge
Sharing in the Companies
Inductions to new comers
Emails for updating employees
Use e-learning system for updates of available trainings
Policy documents
Share knowledge within departments
Meetings of managers and staff
9. Existing Barriers for Sharing the
Knowledge
• Lack of focus on enhancing e information security knowledge of employees
• Very basic trainings in induction (Use of existing system, use databases and
create spreadsheets)
• Lack of trainings for information security and security departments
• Almost no knowledge sharing among individuals or departments
• No job rotation for enhancing knowledge of employees
• Sensitivity of customers knowledge going to its rivals (loss of competitive
advantage)
• Lack of trust among the organisations and need of formal agreements for
proper collaboration
• Legal and ethical barriers in sharing of information
10. Recommendations
Company need to;
• Develop employees’ education programmes to enhance awareness
• Develop knowledge sharing systems
• Job rotation
• Increase the trust level between individuals and departments (incentives?)
• Develop a trusting and collaborative culture
• Frameworks for internal and external knowledge sharing (industry wide and
beyond)
• Seek clarity in dealing with legal and ethical issues and embed them in training