Research

IS Security Leveraging the Concept of Knowledge Management


Reference:

Neville, K. M., 2010. IS Security Leveraging the Concept of Knowledge Management. Thesis (Doctor of Philosophy (PhD)). University of Bath.

Related documents:

[img]
Preview
PDF (UnivBath_PhD_2010_K_Neville.pdf) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (11MB) | Preview
    [img]
    Preview
    PDF (Neville_Fig2.5_p60.pdf) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
    Download (114kB) | Preview
      [img]
      Preview
      PDF (Neville_Table3.3p80.pdf) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
      Download (13kB) | Preview
        [img]
        Preview
        PDF (Neville_Fig7.1p222_.pdf) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
        Download (107kB) | Preview
          [img]
          Preview
          PDF (Neville_Fig7.8p277.pdf) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
          Download (403kB) | Preview

            Abstract

            IS Security (ISS) has become a key element of business risk management and can itself create competitive advantage. Thus, organisations seek practical approaches to protect the operation of the business. Protecting the functionality of an organisation is a difficult task but it is the responsibility of both senior management and ISS functions to do so. An analysis of the ISS literature reveals a paucity of research of ISS management, and a need for research to develop a holistic model for managing ISS knowledge to overcome the ever-increasing number of negative security incidents. The ISS research community is restrained by small-scale technical questions as the social aspects of ISS are ignored resulting in fragmented research across the IS field. While several possible methods are scattered throughout the literature – they focus on the development of information systems. ISS professionals require a range of skills encompassing business knowledge, legal awareness, and organisational processes as well as technical security knowledge. Research to date has failed to provide an integrated approach to managing ISS knowledge. This study investigates how ISS could leverage the concept of knowledge management. It proposes a theoretical model derived from the ISS and KM literatures. Thus to address this gap in research, this study adopts an exploratory interpretive holistic case study approach using interviews and document analysis as data gathering methods. The study will focus on the relationship between ISS and KM and the proposed benefits that an ISS KM initiative would produce. An analysis of the approaches used by these specialised structures in managing knowledge within and across the two case studies facilitated the development of an integrated model. The interplay between the functions provided rich description of the approaches used to manage knowledge. This research builds on previous studies documented in the ISS literature, by providing a much needed model against which practitioners may diagnose problems, plan action and implement solutions. ISS models and standards today do not exhibit much flexibility, therefore managers make ISS decisions in a vacuum. ISS problems can be managed or reduced when the ISS functions and management are aware of the full range of controls available and implement the most effective. Unfortunately, they often lack this knowledge and their subsequent actions to cope with threats are less effective. The focus of ISS research to date has been technical and grounded in positivism and few, if any, studies utilise a qualitative approach, therefore eliminating holistic, in-depth rich descriptions of core issues within the field. Comparatively little work has taken a managerial point of view, covering broad organisational and social issues. This study acknowledges these issues and provides a solid conceptual foundation for future studies on ISS by answering calls for a theoretical model to guide research in the area. The study also identifies the positive and negative impacts of compliance and describes how organisations can apply the model to overcome these negative effects.

            Details

            Item Type Thesis (Doctor of Philosophy (PhD))
            CreatorsNeville, K. M.
            Uncontrolled Keywordsis security, km, governance
            DepartmentsSchool of Management
            Publisher StatementUnivBath_PhD_2010_K_Neville.pdf: © The Author; Neville_Fig2.5_p60.pdf: © The Author; Neville_Table3.3p80.pdf: © The Author; Neville_Fig7.1p222_.pdf: © The Author; Neville_Fig7.8p277.pdf: © The Author
            StatusUnpublished
            ID Code22976

            Export

            Actions (login required)

            View Item

            Document Downloads

            More statistics for this item...