Preventing Social Engineering and Espionage in Collaborative Knowledge Management Systems (KMSs)

Preventing Social Engineering and Espionage in Collaborative Knowledge Management Systems (KMSs)

Oluwafemi S. Ogunseye (University of Agriculture, Nigeria), Olusegun Folorunso (University of Agriculture, Nigeria) and Jeff Zhang (Ball State University, USA)
Copyright: © 2011 |Pages: 8
DOI: 10.4018/jea.2011100104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Insider attack and espionage on computer-based information is a major problem for business organizations and governments. Knowledge Management Systems (KMSs) are not exempt from this threat. Prior research presented the Congenial Access Control Model (CAC), a relationship-based access control model, as a better access control method for KMS because it reduces the adverse effect of stringent security measures on the usability of KMSs. However, the CAC model, like other models, e.g., Role Based Access Control (RBAC), Time-Based Access Control (TBAC), and History Based Access Control (HBAC), does not provide adequate protection against privilege abuse by authorized users that can lead to industrial espionage. In this paper, the authors provide an Espionage Prevention Model (EP) that uses Semantic web-based annotations on knowledge assets to store relevant information and compares it to the Friend-Of-A-Friend (FOAF) data of the potential recipient of the resource. It can serve as an additional layer to previous access control models, preferably the Congenial Access Control (CAC) model.
Article Preview

1. Introduction

If business organizations and governments were cars, knowledge will be the fuel they require to achieve the purpose of their creation, which is movement. As on point as this analogy is, it seems to undermine the importance of knowledge to the different sectors of the world. While we will prevent harping on the issue, we live in a world of competition where there seems to be a conscious agreement (with few exceptions) that in order for knowledge to be valuable for competition, it must be rare, non-imitable and non-substitutable (Uren et al., 2005). Knowledge management concentrates on the processing and storage of documents and the business processes that build on them. These documents provide a rich resource describing what an organization knows (Uren et al., 2005; Sure et al., 2003). They are believed to account for 80-85% of the information stored by many companies. Uren et al. (2005) and Sure et al. (2003) cited contracts, consulting reports, and consumer surveys as examples of documents that can be stored as knowledge resources. Regular web pages can also be formats for knowledge assets.

For systems and organizations to remain relevant and competitive, these knowledge assets must be protected and made scarce to the outside world (Desouza & Vanapalli, 2005). Most research on security of knowledge assets has focused on security against threats from outside sources. These external threats, called intrusions, are handled by access control methods and other techniques. However, the Federal Bureau of Investigation in the US estimated that corporations lose $100 billion, annually, to industrial espionage (Winkler, 1996). This makes clear the fact that insider threats also pose a major problem to business and government systems. This issue of extrusion and insider abuse becomes more delicate when we consider the fact that there is now a continuous rise in alliances between organizations and arguably increasing interests in outsourcing (Desouza & Vanapalli, 2005). Employees, who have all requisite access rights, can send valuable knowledge resource(s) to remote locations or even to partnering (competing) organizations at the detriment of the source organization. In partnering organizations, if two companies A & B are partnering on a project, Company A’s employees with access right to company B’s Knowledge Systems can abuse that right; stealing valuable knowledge resources from B’s organization. As KMSs become more and more semantic web compliant in nature and design, the advantages provided by the design and framework of semantic web can be put to good use in enhancing security for KMSs. Explored in this work are advantages and opportunities, such as this.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 9: 2 Issues (2017)
Volume 8: 2 Issues (2016)
Volume 7: 2 Issues (2015)
Volume 6: 2 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing