Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations

Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations

Janine L. Spears (DePaul University, Chicago, IL, USA) and Tonia San Nicolas-Rocca (School of Information, San Jose State University, San Jose, CA, USA)
Copyright: © 2015 |Pages: 18
DOI: 10.4018/IJKM.2015100104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Community-based organizations (CBOs) in the health and human services sector handle very sensitive client information, such as psychiatric, HIV testing, criminal justice, and financial records. With annual revenue often in the range of $1 to $10 million, these organizations typically lack the financial, labor, and technical resources to identify and manage information security risks within their environment. Therefore, information security risk assessments were conducted at CBOs as part of a university service learning course intended to ultimately improve security within participating CBOs. Knowledge transfer between trainees and trainers is essential in order for security improvements to be realized. Therefore, this paper constructs a theoretical model of knowledge transfer that is used as a lens through which to examine initial study results of the CBO interventions as part of an exploratory study.
Article Preview

Introduction

Nonprofit organizations provide a range of health, educational, welfare, and cultural services to meet societal needs. For example, nonprofit organizations in the health and human services provide foster care and other services for at-risk youths, behavioral health services, HIV/AIDS testing, work training programs, and transitional housing assistance. In short, these nonprofit organizations provide a safety net for society, filling in the gap of addressing societal needs in areas the private and government sectors are not structurally or otherwise feasibly able to carry out (Berman, 2010). Such organizations are often located in low-income communities where their services are accessible to those in need (Minzner et al., 2014).

Given the nature of their respective missions, community-based organizations (CBOs) typically handle very sensitive client information, such as detailed psychiatric records of parents with children living in a children’s home; felony records of clients transitioning back into the work force; financial and mortgage records of clients at risk of home foreclosure; alcohol and substance abuse and other mental health records. Intuitively, these data are far more sensitive than credit card information from U.S. bank accounts: if credit card information is accessed by unauthorized parties, the banks will typically bear any associated loss. However, if behavioral or mental health information is compromised, significant reputational, and indirectly, financial loss may occur. Indeed, some state governments classify drug and substance abuse, mental health, and HIV/AIDS data as “super” electronic protected records (Pennsylvania eHealth Partnership Authority, 2015). Given the sensitivity of the data handled by CBOs, and the state and federal regulations that serve to protect these data, it is crucial that CBOs do due diligence in preserving the confidentiality, integrity and availability of the data with which they have been entrusted.

While CBO management may intuitively realize the need for data protection, they generally do not have the resources (i.e., staff, technical expertise, or funding) to assess information security risk, implement security safeguards, or train staff on information security. For example, in a study that surveyed 78 individuals working for nonprofit organizations in Chicago and Southern Illinois with average annual budgets of $1.3 million, Imboden et al. (2013) found that only 56% of respondents indicated their organization had an information security policy, while 67% reported being aware of their organization having at least one information security incident. Non-profit organizations within the study sample that had larger budgets were more likely to have a security policy.

Capacity building initiatives, funded by external entities, are intended to help CBOs fill managerial gaps by providing some intervention intended to help develop infrastructures that aid in sustaining and growing their organizations. Capacity building is defined as “training and educational activities that aim to build the management skills of staff or focus on organizational processes that are necessary to promote growth and demonstrate effectiveness” (Sobeck, 2008). The breadth of capacity building projects is wide and has included implementations of financial controls, policies and procedures related to staffing and governance, grant-writing, strategic planning, and program evaluation (Minzer et al., 2014; Sobeck, 2008; Wetta-Hall et al., 2004). Outcomes studied have included written strategic plans, written and implemented program evaluation mechanisms, new funding source identification, increased grant submissions, and expanded program services (Minzer et al., 2014; Sobeck, 2008; Wetta-Hall et al., 2004). Examples of capacity building activities include information and education sessions, coaching, and technological assistance tailored to the organization (Sobeck, 2008; Kindred & Petrescu, 2015). Private foundations, as well as local, state, and federal governments typically fund capacity building initiatives. Universities also participate in capacity building initiatives, for example, acting as an intermediary between government funders and CBO recipients. In such arrangements, the university develops and administers the capacity building initiative in response to a request for proposal issued by a government funding agency (Kindred & Petrescu, 2015).

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 13: 4 Issues (2017): 3 Released, 1 Forthcoming
Volume 12: 4 Issues (2016)
Volume 11: 4 Issues (2015)
Volume 10: 4 Issues (2014)
Volume 9: 4 Issues (2013)
Volume 8: 4 Issues (2012)
Volume 7: 4 Issues (2011)
Volume 6: 4 Issues (2010)
Volume 5: 4 Issues (2009)
Volume 4: 4 Issues (2008)
Volume 3: 4 Issues (2007)
Volume 2: 4 Issues (2006)
Volume 1: 4 Issues (2005)
View Complete Journal Contents Listing