As knowledge is recognized as intellectual (or intangible) assets that can enhance an organization’s competitive capability, how to effectively manage knowledge assets has become an important issue in the information age (Alavi, 2000). Literature in knowledge management (KM) emphasizes issues on knowledge creation, knowledge codification, knowledge sharing, and knowledge utilization; however, security perspectives on assuring knowledge confidentiality and knowledge integrity are left unaddressed. This article takes an initial step to address different perspectives of security centric knowledge management. This article first presents the background of security-based knowledge management. It then discusses sources of security threats in knowledge-based organizations and identi- fies challenges in four aspects of knowledge management practices, which are culture-based, strategy-based, contentbased (or standard-based), and technology-based, along with a discussion of 10 corresponding security domains. Real-world cases are intertwined with the challenges faced by knowledge-based organizations. This article ends with further envisioning the future trends of the security-based knowledge management.
Sources Of Information Threats
Threats against information security can be intentional or unintentional. These threats can be further differentiated into internal threats and externals threats. Sources of security threats are tabulated in Figure 1.
Sources of threats to information security
Key Terms in this Chapter
Symmetric cryptography: A technique using the same secret key to encrypt and decrypt a message. Also called secret-key cryptography or conventional cryptography.
Denial-of-Service (DOS) Attack: A type of attack that intends to deprive legitimate users of access to services of a resource they would normally have.
Identification (ID) Theft: Illegally obtaining other’s personal information such as social security number, credit card number, and password without authorized access and permission. ID theft is related to ID fraud.
Buffer Overflow Attacks: A technique an attacker use to overwrite the data. Buffer overflow occurs when the program writes more information into the space than the buffer has in its memory. This allows the attackers to control the program and execute the code they wrote.
Knowledge Management: Refers to the managerial process of acquiring, storing and transferring knowledge intra- or inter-organizationally with the purposes of fulfilling tasks and enhancing competitiveness.
Cryptography: A technique that encrypts and decrypts a message for ensuring security and privacy during the exchange and communication process.
Information Security: Policy, procedure and techniques used to protect information from unauthorized use or other misconducts.
Asymmetric cryptography: A technique using different keys to encrypt and decrypt messages. Usually, a public key is used to encrypt a message, and a private key is used to decrypt it.
Identification (ID) Fraud: Unauthorized use of other’s personal information to commit crimes, usually in exchange of economic gains.
Trojan Horse Attacks: A maliciously security-breaking backdoor program that is disguised as benign so that dangerous program can be unleashed. It could result in damage to the disk, ID theft, a denial-of-service attack, and so on.