A systematic review of Information security knowledge-sharing research

It is crucial for knowledge to be shared in the information security domain. In effect, sharing ensures that knowledge and skills are propagated through the organisation. Here, we report on a systematic literature review we carried out to gain insight into the literature related to information security knowledge sharing within organisations. The literature highlights the importance of security knowledge sharing in terms of enhancing organisational security awareness, and identifies gaps that can be addressed by researchers in the area

Exploring Knowledge Sharing Practices for Raising Security Awareness

This study aims to explore the types of information can be effectively communicated in three knowledge-sharing methods and their impact on employees’ security practice. On one end, guarding the organisation’s information system against cyber-attacks is critical and improving users’ knowledge and skills is a common approach to any security program. On the other end, organisations lack a clear understanding in determining what types of security information should be delivered through various methods of communication to be effective in boosting users’ knowledge and compliance behaviour. The study employed a qualitative method using semi-structured interviews with business users in Vietnam. The initial findings indicate a single method of knowledge and skill development is not sufficient to assist users to deal with complex and constant changing security needs. It is necessary to further experiment methods of encouraging formal and peer knowledge sharing that can support individual effort in complying with security policies

Lessons Learned from an Information Security Incident: A Practical Recommendation to Involve Employees in Information Security

With the increasingly negative impact of information security attacks, measures of information security, which address the weakest link in the information security chain, namely the employee, have become a necessity for today’s business world. One way to improve employees’ - yet limited - information security awareness is to learn from past information security incidents. This study theoretically builds upon the so called involvement theory to extend the existing research on information security awareness. Insights gained from 34 interviews suggest that involvement accompanied with a detailed review of past security incidents has a positive effect on staff’s information security awareness. Employees, directly affected by an information security incident, gain significant information security expertise and knowledge which they can, again, share with their colleagues. Moreover, constructive team work in the light of information security risks as well as an adequate adjustment of security-related measures is fostered

Preventing identity theft:identifying major barriers to knowledge-sharing in online retail organisations

Purpose: Knowledge-sharing (KS) for preventing identity theft has become a major challenge for organisations. The purpose of this paper is to fill a gap in the literature by investigating barriers to effective KS in preventing identity theft in online retail organisations. Design/methodology/approach: A framework was proposed based on a reconceptualisation and extension of the KS enablers framework (Chong et al., 2011). A qualitative case study research method was used for the data collection. In total, 34 semi-structured interviews were conducted in three online retail organisations in the UK. Findings: The findings suggest that the major barriers to effective KS for preventing identify theft in online retail organisations are: lack of leadership support; lack of employee willingness to share knowledge; lack of employee awareness of KS; inadequate learning opportunities; lack of trust in colleagues; insufficient information-sourcing opportunities and information and communications technology infrastructure; a weak KS culture; lack of feedback on performance; and lack of job rotation. Practical implications: The research provides solutions for removing existing barriers to KS in preventing identity theft. This is important to reduce the number of cases of identity theft in the UK. Originality/value: This research extends knowledge of KS in a new context: preventing identity theft in online retail organisations. The proposed framework extends the KS enablers framework by identifying major barriers to KS in the context of preventing identity theft

A Survey on the Usability and User Experience of the Open Community Web Portals

Web-based portals enable a new communication paradigm that could provide variety of benefits and support to both the customers and companies. Customers can have continuous access to the services, information, support, and payments on the portal with the possibility of personalisation. This paper presents a survey on the usability and user experience studies relevant to open community web portals and information sharing platforms. The objective of the work presented in this paper was to produce an overview of how literature reported on usability in relation to information sharing web portals. A systematic mapping method has been applied to identify and quantify primary studies focusing on the usability and user experience of the open community web portals

Foundations for an Intelligence-driven Information Security Risk-management System

Information security risk management (ISRM) methods aim to protect organizational information infrastructure from a range of security threats by using the most effective and cost-efficient means. We reviewed the literature and found three common deficiencies in ISRM practice: 1) information security risk identification is commonly perfunctory, 2) information security risks are commonly estimated with little reference to the organization’s actual situation, and 3) information security risk assessment is commonly performed on an intermittent, non-historical basis. These deficiencies indicate that, despite implementing ISRM best-practice, organizations are likely to have inadequate situation awareness (SA) regarding their information security risk environments. This paper presents a management system design that organizations can use to support SA in their ISRM efforts

Information security collaboration formation in organisations

This is an accepted manuscript of an article published by The Institution of Engineering and Technology in IET Information Security, available online: https://doi.org/10.1049/iet-ifs.2017.0257 The accepted version of the publication may differ from the final published version.Collaboration between employees in the domain of information security efficiently mitigates the effect of information security attacks on organisations. Collaboration means working together to do or to fulfil a shared goal, the target of which in this paper is the protection of the information assets in organisations. Information Security Collaboration (ISC) aims to aggregate the employees’ contribution against information security threats. This study clarifies how ISC is to be developed and how it helps to reduce the effect of attacks. The socialisation of collaboration in the domain of information security applies two essential theories: Social Bond Theory (SBT) and the Theory of Planned Behaviour (TPB). The results of the data analysis revealed that personal norms, involvement, and commitment significantly influence the employees’ attitude towards ISC intention. However, contrary to our expectation, attachment does not influence the attitude of employees towards ISC. In addition, attitudes towards ISC, perceived behavioural control, and personal norms significantly affect the intention towards ISC. The findings also show that the intention for ISC and organisational support positively influence ISC, but that trust does not significantly affect ISC behaviour.Published versio

Organizational practices as antecedents of the information security management performance

ABSTRACT: Purpose The purpose of this paper is to expand current knowledge about the security organizational practices and analyze its effects on the information security management performance. Design/methodology/approach Based on the literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 111 responses from CEOs at manufacturing small- and medium-sized enterprises (SMEs) that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with EQS 6.1 software. Findings Results validate that information security knowledge sharing, information security education and information security visibility, as well as security organizational practices, have a positive effect on the information security management performance. Research limitations/implications The consideration of organizational aspects of information security should be taken into account by academics, practitioners and policymakers in SMEs. Besides, the work helps validate novel constructs used in recent research (information security knowledge sharing and information security visibility). Practical implications The authors extend previous works by analyzing how security organizational practices affect the performance of information security. The results suggest that an improved performance of information security in the industrial SMEs requires innovative practices to foster knowledge sharing among employees. Originality/value The literature recognizes the need to develop empirical research on information security focused on SMEs. Besides the need to identify organizational practices that improve information security, this paper empirically investigates SMEs' organizational practices in the security of information and analyzes its effects on the performance of information security