Exploring the conflict of interest between knowledge-sharing and information security practices: an empirical case study

Knowledge sharing and information security have become well-established concepts in academia and within organisations. Knowledge sharing aims to encourage individuals to share tacit and explicit knowledge with colleagues and stakeholders, yet on the other hand, information security initiatives aim to apply controls and restrictions to the knowledge that can be shared and how it can be shared, where the primary focus is usually on protecting explicit knowledge or information. This thesis draws attention to the largely unexplored and under-developed area of knowledge protection ; it investigates the paradoxical and concurrent nature of knowledge sharing and information security practices by exploring their relationship and understanding how this can affect an organisation and subsequently identifies ways of achieving a balance between the two practices. The empirical work was carried out through an interpretivist case study approach in the Energy Technologies Institute (ETI) an organisation that combines knowledge and expertise from partnerships with academia, industry and the UK government, in order to deliver innovative low carbon solutions. A novel team-based action learning approach was developed to generate individual, team and organisational learning and to help initiate change; the data was collected from three project teams about their knowledge and experiences of knowledge sharing and information security practices, which was then analysed and further supplemented with the ETI s organisational perspective and the researcher s own experience of collaborating with the ETI to contextualise the findings. Eight predominant overarching themes were identified that play an important role in and influence the organisation s knowledge sharing and information security practices. When looking at the practices of knowledge sharing and information security independently at the ETI, proactive and conscious efforts towards achieving the goals of each practice are evident. Knowledge is recognised as the ETI s core product and its effective dissemination is key for the organisation s success, which is why there is a keen attitude towards improving knowledge sharing internally and externally. On the other hand, a great deal of importance is given to protecting valuable knowledge and meeting stakeholders confidentiality requirements, thus, there are good systems, access controls, and information restrictions in place. In addition, strict legal and approval processes to protect information value and accuracy are implemented. However, when both knowledge sharing and information security - practices are compared from a broader perspective, evidence of issues arising from their conflicting nature is evident. Moreover, operating in a complex governance structure with various expectations and contractual agreements with stakeholders regarding confidentiality, has created a protective culture in the organisation surrounding its knowledge, which causes a hindrance to formal and informal knowledge sharing (including both, tacit and explicit forms) and makes identifying opportunities for fully exploiting knowledge and Intellectual Property an ongoing operational challenge. The research process facilitated the achievement of effective learning at individual, team and organisational level for the ETI about its practices, identification of challenges and areas of improvement, incorporation of learning and recommendations into its knowledge management strategy alongside existing activities to improve knowledge sharing. The contents of this thesis particularly the eight themes that have emerged from the research findings - are also contributing significantly to a project the organisation is carrying out to reflect on and review what has been learned from operating the ETI for the last 10 years. The thesis contributes to the existing body of knowledge, theoretically and practically, in the disciplines of knowledge management and information security; what was predominantly overlooked by previous literature, the empirical research findings surface evidence of the relationship between knowledge sharing and information security practices, showing their interconnectedness, and, the negative consequences of the two practices being treated and managed separately. For the action learning arena, a novel methodological approach underpinned by the action learning philosophy has been introduced that demonstrates how team action learning (i.e. using intact teams as opposed to conventional action learning teams) can be used to engage employees to share and combine their knowledge on real organisational issues, generate new learning and develop actions to initiate improvements in the organisation

Knowledge audit: findings from a case study in the energy sector

Knowledge audits are important processes through which organisations can understand what knowledge is needed, available and used for their current activities. They can also identify what knowledge is missing and how this omission restricts the organisation’s activities. Hence, knowledge audits can surface initiatives to improve the knowledge management (KM) processes of an organisation and, in turn, improve efficiency and effectiveness. An iterative cycle of knowledge audits allows for the organisation’s changing environment to be taken account of and for appropriate modifications to be made to the knowledge base. Despite the importance of knowledge audits, literature relating to their undertaking is sparse. This paper addresses the scarcity of such literature and reports the findings of a knowledge audit commissioned by an organisation that brings together public bodies and private organisations with the aim of maximising the collective knowledge, expertise and experience of its diverse members to address a nationally recognised research agenda. The audit included collecting qualitative data from a series of in-depth interviews with a representative sample of employees from the four main departments within the organisation. Interviewees were asked about their own roles, procedures and knowledge needs; they were also asked about their department’s knowledge requirements and about knowledge interfaces with external partners. Views about the culture and structure of the organisation were also sought. Results were analysed at a departmental level to form two knowledge maps per department – one illustrating the knowledge required by the department, the knowledge shared with other departments and the mechanisms for sharing this knowledge; the other illustrated knowledge flows with external partners. The maps were then used in conjunction with the interview transcripts to identify the strengths and weaknesses of each department’s knowledge activities. This process focussed on the impact of organisational culture and structure as well as the effectiveness of technological and ‘soft’ solutions for knowledge sharing. Following from the departmental analysis, a cross department comparison enabled best practices and company-wide weaknesses to be identified. Seven resulting recommendations were made that would support the sharing of departmental best practices and address organisational weaknesses: 1. Developing a holistic approach to knowledge sharing 2. Nurturing the organisational culture 3. Clarifying the strategic message 4. Improving the organisation of information 5. Improving the availability of staff 6. Developing inter-departmental communication 7. Commissioning future knowledge audits In addition to reporting the outcomes and outputs of the process, the paper also highlights challenges of the process and includes reflections on the suitability of the selected data collection and analysis methods for a knowledge audit

Knowledge sharing and information security: a paradox?

This paper presents the findings of a knowledge sharing and information security literature review and identifies an interesting research gap in the intersection of the two practices. In a fast changing environment where there is increasing need to understand customers’ demands and competitors’ strategies (Lin et al, 2012), knowledge sharing is recognised as an essential activity for organisational success (Wasko and Faraj, 2005; Renzl, 2008). Organisations continuously aim to exploit existing knowledge, seek new ways to improve and increase knowledge sharing activities, as well as to identify and reduce possible knowledge sharing barriers. However, albeit the integral role and benefits of knowledge sharing having been widely recognised, the security or protection of knowledge has not received the same level of attention. Although the importance of protecting knowledge has been stressed by some researchers (e.g. Gold et al, 2001; Desouza and Awazu, 2004; Desouza 2006; Ryan, 2006), research into the ‘softer’ or the human behaviour aspects of knowledge protection is scarce. Information security is another field that has grown tremendously and is now a globally recognised discipline (Gifford, 2009) receiving attention from academics and practitioners (Wiant, 2005). Information security measures aim to prevent the loss or leakage of an organisation’s valuable information and manage the resulting cost of any loss. Despite organisations’ investments in prevention measures, information security breaches are still common where humans are often seen as the weakest link and ‘incorrect’ human behaviour as the most common point of failure. However, much of the research carried out to prevent information security breaches focuses on technical facets (Gordon and Loeb, 2006; Coles-Kemp, 2009). From the literature review, it is evident that knowledge sharing and information security have become well-established concepts in academia and within organisations. However, the middle ground between these two equally important, and adjacent, practices, has received inadequate attention. Knowledge sharing aims to encourage individuals to share knowledge with colleagues, organisational partners and suppliers; on the other hand, information security initiatives aim to apply controls and restrictions to the knowledge that can be shared and how it is shared. This paper draws attention to the perceived paradoxical nature of knowledge sharing and information security and raises awareness of the potential conflict that could compromise the protection of knowledge, or alternatively, reduce the openness of knowledge sharing

Knowledge sharing in project teams: a research model underpinned by action learning

Project environments are highly knowledge-intensive as project teams are intentionally formed with a diverse range of members with specialist knowledge, skillsets and experiences in order to collaborate and produce a unique product or service. Due to their specialist expertise, individually, project team members do not have all of the knowledge a project requires and must acquire this knowledge from their peers in order to accomplish their work. So, effective knowledge sharing by team members is a fundamental component in projects that leads to better performance. Essential learning from each project is vital in order for the team to develop and can be acquired from sharing of tacit knowledge, for example, post-project reviews or sharing of lessons learned which typically take place after project completion. Learning is ‘cradled in the task’ and occurs through reflection on the experience. However, reflection does not occur easily or naturally, as it requires a space in which individuals are able to stand back and relax their presuppositions. This is a greater challenge in team environments where efforts to generate reflection often fail. Action learning (AL) takes place in a mutually supportive team where individuals can openly share experiences and problems, which enables a team to learn, develop, and make decisions on appropriate courses of action during the project lifecycle. Thus, in AL teams, reflection occurs naturally and continuously because of the time and conditions that are deliberately carved for reflection and listening. In addition to the learning that is generated, action learning also provides benefits such as team building, increasing learning capacity, empowering employees and transforming organisational culture. However, from an extensive literature review it has become evident that there is a lack of a ‘standard’ definition of or approach to action learning. Despite the wide variety of action learning applications and approaches, it is primarily being used as a pragmatic instrument in research where its philosophical roots are often overlooked. Thus, in this paper, we propose a novel qualitative research approach, philosophically underpinned by AL, which will enable effective knowledge sharing, reflection and learning in cross-functional project teams

Innovative contribution to organisational knowledge management strategy: a team action learning initiative

The paradoxical requirements of knowledge sharing and information security bring various knowledge management (KM) issues that affect both individuals’ day-to-day work and the overall organisation’s performance. This was the basis of a case study tackled by a team from Loughborough University. The Energy Technologies Institute (ETI) is an organisation that combines knowledge and expertise from partnerships with academia, industry and the UK government, in order to deliver innovative low carbon solutions. Operating within a complex governance structure, the organisation works to meet the expectations of various stakeholders, comply with legal parameters of its membership model (to protect its unique knowledge and arising intellectual property), deliver innovative solutions many of which are of a competitive nature, and, disseminate this knowledge effectively and on time. Thus, the management of both, ‘knowledge sharing’ and ‘information security’, is an operational challenge for the ETI. The aim of the KM initiative was to (i) understand the current knowledge sharing and information security practices at the ETI and (ii) identify ways of improving knowledge sharing within and beyond the organisation. The KM initiative consisted of the development of an innovative and creative Action Learning (AL) approach through which ETI project teams combined their knowledge and experiences to identify their organisation’s current knowledge sharing and information security practices and collectively devised practical solutions. Thus, through the combined effort of its project teams, the ETI was able to learn effectively and efficiently as an organisation about its challenges and the subsequent changes required, incorporate these in its KM strategy and initiate relevant changes to improve its KM. In addition to the value and benefits it has brought for the ETI, this innovative initiative has made methodological, theoretical and practical contributions to and received excellent feedback from international KM and AL communities