Towards a knowledge leakage Mitigation framework for mobile Devices in knowledge-intensive Organizations

The use of mobile devices in knowledge-intensive organizations while effective and cost-efficient also pose a challenging management problem. Often employees whether deliberately or inadvertently are the cause of knowledge leakage in organizations and the use of mobile devices further exacerbates it. This problem is the result of overly focusing on technical controls while neglecting human factors. Knowledge leakage is a multidimensional problem, and in this paper, we highlight the different dimensions that constitute it. In this study, our contributions are threefold. First, we study knowledge leakage risk (KLR) within the context of mobile devices in knowledge-intensive organizations in Australia. Second, we present a conceptual framework to explain and categorize the mitigation strategies to combat KLR through the use of mobile devices grounded in the literature. And third, we apply the framework to the findings from interviews with security and knowledge managers. Keywords: Knowledge Leakage, Knowledge Risk, Knowledge intensive, Mobile device.Comment: 22 pages, ECIS full paper 201

TOWARDS A KNOWLEDGE LEAKAGE MITIGATION FRAMEWORK FOR MOBILE DEVICES IN KNOWLEDGE-INTENSIVE ORGANIZATIONS

The use of mobile devices in knowledge-intensive organizations while effective and cost-efficient also pose a challenging management problem. Often employees whether deliberately or inadvertently are the cause of knowledge leakage in organizations and the use of mobile devices further exacerbates it. This problem is the result of overly focusing on technical controls neglecting human factors. Knowledge leakage is a multidimensional problem, and in this paper, we highlight the different dimensions that constitute it. In this study, our contributions are threefold. First, we study knowledge leakage risk (KLR) within the context of mobile devices in knowledge-intensive organizations in Australia. Second, we present a conceptual framework to explain and categorize the mitigation strategies to combat KLR through the use of mobile devices grounded in the literature. And third, we apply the framework to the findings from interviews with security and knowledge managers. Keywords: Knowledge Leakage, Knowledge Risk, Knowledge intensive, Mobile device

Mitigating the Risk of Knowledge Leakage in Knowledge Intensive Organizations: a Mobile Device Perspective

In the current knowledge economy, knowledge represents the most strategically significant resource of organizations. Knowledge-intensive activities advance innovation and create and sustain economic rent and competitive advantage. In order to sustain competitive advantage, organizations must protect knowledge from leakage to third parties, particularly competitors. However, the number and scale of leakage incidents reported in news media as well as industry whitepapers suggests that modern organizations struggle with the protection of sensitive data and organizational knowledge. The increasing use of mobile devices and technologies by knowledge workers across the organizational perimeter has dramatically increased the attack surface of organizations, and the corresponding level of risk exposure. While much of the literature has focused on technology risks that lead to information leakage, human risks that lead to knowledge leakage are relatively understudied. Further, not much is known about strategies to mitigate the risk of knowledge leakage using mobile devices, especially considering the human aspect. Specifically, this research study identified three gaps in the current literature (1) lack of in-depth studies that provide specific strategies for knowledge-intensive organizations based on their varied risk levels. Most of the analysed studies provide high-level strategies that are presented in a generalised manner and fail to identify specific strategies for different organizations and risk levels. (2) lack of research into management of knowledge in the context of mobile devices. And (3) lack of research into the tacit dimension of knowledge as the majority of the literature focuses on formal and informal strategies to protect explicit (codified) knowledge.Comment: The University of Melbourne PhD Thesi

Mitigating Knowledge Leakage Risk in Organizations through Mobile Devices: A Contextual Approach

The recent increase of mobile device adoption in the workplace as part of knowledge-sharing activities has caused a rise of knowledge leakage risk (KLR). KLR is a significant problem for knowledge-intensive organizations operating in highly-competitive environments. Accordingly, organizations have an increasing need to manage risk strategies in order to mitigate KLR. The contribution of this study is to provide a framework to (1) identify the determinants that influence (perceived) KLR through the use of mobile devices and (2) present how such perceptions inform organizational KLR mitigation strategies to safeguard against such incidents. We take a context-specific approach by drawing on literature in the area of mobile-device-usage-context, particularly “social context interaction framework” and “model of context in computer science”, organizing the constructs under human, organizational and technological perspectives to understand the contexts within which knowledge leakage occurs and finally, propose a theoretical model that can aid organizations in developing such strategies

Addressing Knowledge Leakage Risk caused by the use of mobile devices in Australian Organizations

Information and knowledge leakage has become a significant security risk to Australian organizations. Each security incident in Australian business cost an average US$2.8 million. Furthermore, Australian organisations spend the second most worldwide (US$1.2 million each on average) on investigating and assessing information breaches. The leakage of sensitive organizational information occurs through different avenues, such as social media, cloud computing and mobile devices. In this study, we (1) analyze the knowledge leakage risk (KLR) caused by the use of mobile devices in knowledge-intensive Australian organizations, (2) present a conceptual research model to explain the determinants that influence KLR through the use of mobile devices grounded in the literature, (3) conduct interviews with security and knowledge managers to understand what strategies they use to mitigate KLR caused by the use of mobile devices and (4) use content analysis and the conceptual model to frame the preliminary findings from the interviews

Addressing Knowledge Leakage Risk caused by the use of mobile devices in Australian Organizations

Information and knowledge leakage has become a significant security risk to Australian organizations. Each security incident in Australian business cost an average US$\$$2.8 million. Furthermore, Australian organisations spend the second most worldwide (US$\$$1.2 million each on average) on investigating and assessing information breaches. The leakage of sensitive organizational information occurs through different avenues, such as social media, cloud computing and mobile devices. In this study, we (1) analyze the knowledge leakage risk (KLR) caused by the use of mobile devices in knowledge-intensive Australian organizations, (2) present a conceptual research model to explain the determinants that influence KLR through the use of mobile devices grounded in the literature, (3) conduct interviews with security and knowledge managers to understand what strategies they use to mitigate KLR caused by the use of mobile devices and (4) use content analysis and the conceptual model to frame the preliminary findings from the interviews. Keywords: Knowledge leakage, mobile devices, mobile contexts, knowledge leakage riskComment: Pages 14. arXiv admin note: text overlap with arXiv:1606.0145

Exploring Knowledge Leakage Risk in Knowledge-Intensive Organisations: behavioural aspects and key controls

Knowledge leakage poses a critical risk to the competitive advantage of knowledge-intensive organisations. Although knowledge leakage is a human-centric security issue, little is known about leakage resulting from individual behaviour and the protective strategies and controls that could be effective in mitigating leakage risk. Therefore, this research explores the perspectives of security practitioners on the key factors that influence knowledge leakage risk in the context of knowledge-intensive organisations. We conduct two focus groups to explore these perspectives. The research highlights three types of behavioural controls that mitigate the risk of knowledge leakage: human resource management practices, knowledge security training and awareness practices, and compartmentalisation practices

A Framework for Mitigating Leakage of Competitively Sensitive Knowledge in Start-ups

The current wave of digitalization has important implications for many organizations. In this article, we study how manufacturing companies can apply value co-creation as a comprehensive approach to embrace the potential of digitalization trends. By means of two case examples, we show the potential of better integrating shopfloor workers in the shaping of digital solutions and managerial actions. The improved consideration of cognitive needs and the provision of opportunities for social connection to a community of workers makes them feel more valued, confident, empowered and integrated. This can balance other forms of frustrations and negative emotions, leading to a better perception of the overall relationship experience at the shopfloor

Knowledge Leakage in Collaborative Projects: Application of the ISM-MICMAC Model

In this paper, we propose a holistic model that highlights the interrelationships among factors that contribute to knowledge leakage in collaborative projects using the interpretive structural modeling (ISM) technique and cross-impact matrix multiplication (MICMAC) analysis. Our study suggests that nine relevant factors influence knowledge leakage in collaborative projects. Incomplete contracts and insufficient technological competence are the root cause of knowledge leakage. Furthermore, the nine factors are categorized into two main clusters, namely dependency cluster - strong dependence power with weak driving power, and independent cluster - weak dependence power with strong driving power. Our study contributes several valuable insights to both theory and practice

A Survey of Data Security: Practices from Cybersecurity and Challenges of Machine Learning

Machine learning (ML) is increasingly being deployed in critical systems. The data dependence of ML makes securing data used to train and test ML-enabled systems of utmost importance. While the field of cybersecurity has well-established practices for securing information, ML-enabled systems create new attack vectors. Furthermore, data science and cybersecurity domains adhere to their own set of skills and terminologies. This survey aims to present background information for experts in both domains in topics such as cryptography, access control, zero trust architectures, homomorphic encryption, differential privacy for machine learning, and federated learning to establish shared foundations and promote advancements in data security