With the explosion of the Internet and Web technologies as a medium of exchange, issues such as knowledge coordination problems, knowledge transfer problems, and knowledge reuse problems related in IT security knowledge management have been growing exponentially. These problems arise from the complexities faced by individuals, groups, and organizations in recognizing the nature of knowledge needed to solve problems or make decisions. Knowledge management (KM) provides a formal mechanism for identifying and distributing knowledge. It is the discipline that focuses on capturing, organizing, sharing, and retaining key corporate knowledge as an asset (McManus & Snyder, 2002). KM ensures that the right knowledge is available in the right representation to the right processors (humans or machines) at the right time for the right costs (Holsapple & Singh, 2005). Benefits of proper KM include improved organizational effectiveness, delivery of customer value and satisfaction, and added product and service innovation. There is no reason to believe that IT security will be an exception in the context of KM and IT. It has been recognized that the first step in the KM process is to identify or define knowledge needs. This article aims to discuss the role of knowledge management categories, namely knowledge resources, knowledge characteristics, knowledge dimensions, and stakeholders in IT security and their relationship to security services. We develop a theoretical framework by integrating IT security services pertaining to confidentiality, integrity, authentication, non-repudiation, access controls, and availability of IT systems with the knowledge management categories. The study extends the theory on knowledge management and the importance of maintaining IT security. We conclude the article with the contributions of the framework to theory and practitioners leading to directions for future research. The next section introduces the categories of knowledge management and IT security services. We begin with the definition of knowledge management from previous research. We then provide a discussion of the categories of knowledge management leading to the development of an integrated IT security framework of knowledge management.
Knowledge management (KM) is the generation representing storage, transfer, transformation, and application, embedding, and protecting organizational knowledge (Alavi & Leidner, 2001). In fact, KM is an IT practice that is implemented in the faith that doing so will lead to higher levels of organizational performance (Ribiere & Tuggle, 2005).
Nonaka and Tekuichi (1995) introduced the four modes in the knowledge management process, namely socialization, externalization, combination, and internalization. While socialization converts tacit to tacit knowledge, externalization converts tacit to explicit knowledge, and internalization converts explicit to tacit knowledge. Socialization is where sharing of IT security experiences among employees and other stakeholders occur that in turn creates tacit knowledge. Externalization is the articulation of tacit knowledge into explicit concepts (documenting knowledge). Combination aims at systemizing the concepts into a knowledge system. New knowledge can be created by combining different forms of explicit knowledge and reconfiguring existing information through sorting, adding, combining, and categorizing. Finally, internalization embodies knowledge into tacit knowledge and is closely related to learning by doing, when socialized, externalized, and combined knowledge is internalized into employee’s tacit knowledge bases, and it then becomes a valuable asset.
Knowledge management is the application of knowledge in an organized systematic process of generating and disseminating information, and selecting, distilling, and deploying explicit and tacit knowledge to create unique value that can be used to achieve a competitive advantage. Alavi and Leidner (2001) suggest that there are many unresolved issues, challenges, and opportunities in the domain of knowledge management. Previous research suggests that the dimensions of knowledge management include knowledge resources, knowledge dimensions, knowledge characteristics, and stakeholders of knowledge.
Table 1 provides the definition of knowledge management and its relationship to knowledge management categories.
Key Terms in this Chapter
Integrity: Provides assurance that the business messages and transactions are complete, accurate, and unaltered.
Access Controls: Provide legitimate access to IT systems and deliver information only to authorized users when required without any interruptions.
Authentication: Establishes the users as who they claim they are.
Knowledge Management: A formal mechanism for identifying and distributing knowledge.
Confidentiality: Protects the privacy of information and reveals data only to authorized parties who have the legitimate need to access the system.
Knowledge Characteristics: Refer to the classification of knowledge as in tacit versus explicit.
Non-Repudiation: Prevents the receiver or originator of the transactions from denying that the transaction was received or sent.
Knowledge Resources: Knowledge stores that organizations can draw information for solving any business problems.
Knowledge Dimensions: Refer to the “right security information” component. These are categories of knowledge needed by an individual user or a group of users for making effective decision.