Article Preview
Top1. Introduction
December 2013 saw major retailer Target breached with approximately 40 million credit and debit card accounts exposed and financial and personnel data on up to 110 million customers accessed (Committee on Commerce, Science, and Transportation, 2014). While this was not a breach of a knowledge management system (KMS), the magnitude and fallout from this massive security breach also raises questions on the security of the knowledge stored in KMS. Information System (IS) security is about protecting IS assets, networks, data, information, computers, and applications by restricting access to the assets and preventing unauthorized modification or destruction. Knowledge management (KM) focuses on sharing and transferring knowledge from knowledge providers to knowledge users. It is not intuitive that security and KM are related as KM is about providing access while IS Security is about restricting access. However, it is our position, and the position of this paper, that KM and IS Security are complementary. While KM can be used to improve security performance, training and awareness (Lee, Davis, and7 Lee, 2000), this paper focuses on the use of security in KM. Knowledge has value and items of value are targets of theft or attack. This paper posits that KM does not have close enough links with IS Security. It is posited that this is evidenced by a lack of research literature addressing the integration of KM and IS Security and a lack of interest in integrating KM and IS Security by KM practitioners. To investigate the links between KM and IT Security this paper performs a review of the KM research literature with respect to IS Security. Additionally, to assess how KM practitioners’ value IS Security skills and capabilities 50 KM job postings from spring 2013 are analyzed to determine what skills and capabilities are desired in new KM position hires. Finally, to explore KM practitioner attitudes with respect to the role of IT Security in KM an exploratory survey is generated and presented in this paper.
The value of this paper is in providing insight into perceptions and attitudes with respect to integrating IS Security into KM. The concern is that there is too little integration and that KM practitioners and researchers need to put more effort into creating secure KM. We believe this is necessary given the threat level in our cyber environment. As cyber threat is growing so is the cost associated with a breach. The Ponemon Cost of Cybercrime Report shows that the cost of data breeches has risen to an average cost of $8.9 million per breech in 2012, a 6% increase from 2011 (note that this is for the organizations in their survey) (Ponemon Institute, 2012). The 2013 Ponemon Cost of Cybercrime report shows that the average cost per record breached rose from $188.00 in 2012 to $195.00 in 2013 (Ponemon Institute, 2013, 2014). In addition, the financial cost of a security breach, there is also the good will of all customers that is affected by it. Why then, as the case of Target breach illustrates, even if evidence of a breach is at hands, responsible managers don’t take action? This paper proposes that the lack of security awareness and knowledge by non-security practitioners, those practitioners responsible for sales, operations, and the performance of the organization; leads to poor security decision making. Our proposal is also supported by increased regulatory pressure on organizations to improve security awareness of their decision makers (Committee on Commerce, Science, and Transportation, 2014).