Towards a Business-Driven Process Model for Knowledge Security Risk Management: Making Sense of Knowledge Risks

Towards a Business-Driven Process Model for Knowledge Security Risk Management: Making Sense of Knowledge Risks

Ilona Ilvonen, Jari J. Jussila, Hannu Kärkkäinen
DOI: 10.4018/978-1-5225-5481-3.ch014
(Individual Chapters)
No Current Special Offers


The purpose of this paper is to introduce a model to manage knowledge security risks in organizations. Knowledge security risk management is a sensemaking process that should be carried out by managers, and the proposed model works as a tool for the sensemaking process. The model is illustrated with an analytical case example. The process model helps to identify knowledge security risks and provides a comprehensive approach to evaluating and balancing the costs and benefits of knowledge sharing and knowledge risk management. The paper addresses calls for research on the emerging topic of knowledge security and the important topic of new knowledge sharing tools from the combined perspectives of business benefits and risk management. The results presented in this paper are preliminary and conceptual, and further research on the topic is suggested. The process model proposed in this paper can be a valuable tool for practitioners aiming to develop knowledge sharing practices in companies, and at the same time need to consider the security of knowledge.
Chapter Preview


Knowledge and its creation are important sources of competitive advantage and business opportunities for most contemporary organizations (Alavi & Leidner, 2001; Choo, 1996; Grant, 1996; Nonaka & Takeuchi, 1995). Although knowledge creation, sharing and management have been researched extensively (e.g. Bolisani & Scarso, 2014; Matayong & Mahmood, 2013; Tzortzaki & Mihiotis, 2014), there is one viewpoint to knowledge that has received less attention: knowledge security (Randeree, 2006; Shedden, Scheepers, Smith, & Ahmad, 2011). Despite the importance of knowledge and the need for knowledge protection, there is little literature on knowledge security (Shedden et al. 2010). In terms of knowledge security and risk analysis, most existing risk analysis methods can be regarded as providing a plain technical view on information and technological assets (Ahmad, Bosua, & Scheepers, 2014; A.M. Padyab, Paivarinta, & Harnesk, 2014; Shedden et al., 2011; Shedden, Smith, & Ahmad, 2010; Spears, 2006), ignoring that knowledge is bound to people (Shedden et al., 2010, 2011; Ilvonen, 2013; A.M. Padyab et al., 2014) and as a consequence people (Ilvonen, 2013; Trkman & Desouza, 2012; Shedden et al., 2011, 2010; Spears, 2006; Siponen, 2000; Spruit & Looijen, 1996) and especially their communication (Ilvonen, 2013; Padyab et al., 2014) are significant sources of knowledge security risks.

Since knowledge security risks have not received extensive attention in the existing literature (M. Jennex, 2014), there is need to look also for parallel fields in order to understand the principles of security risk management. Information security risk assessment (ISRA) methodologies are means by which organizations aim to manage information security risks (Baskerville, 1991; Siponen, 2005; Whitman & Mattord, 2011). However, typical perspectives on information security risk management, including most ISRA methodologies, largely ignore the business context of information systems (Shedden et al., 2010; Spremic, 2012), and are not framed in terms of competitive advantage (Ahmad et al., 2014). When the business perspective is considered (DeLoach, 2004; Siponen, 2005; Von Solms & Von Solms, 2004), it is mainly limited to the evaluation of individual risk mitigation techniques and their cost reasoning, rather than starting from a broad perspective of reasoning the business benefits of an activity compared to the risks connected to it.

Complete Chapter List

Search this Book: