Monash University, Sunway Campus, School of Business
Abstract
Organisations develop their computer security procedures based on external guidelines such as
ISO 17799 with very little provision to incorporate organisational knowledge in their security
procedures. While these external guidelines make recommendations as to how an organisation
should develop and implement best practices in computer security they often fail to provide a
mechanism that links the security process to the organisational knowledge. The result is that
often, security policies, procedures and controls are implemented that are neither strong nor
consistent with the organisation's objectives. This study has examined the role of Knowledge
Management in organisational Computer Security in 19 Australian SMEs. The study has
determined that although the role of knowledge management in organisational computer security
is currently limited, there appears to be evidence to argue that the application of knowledge
management systems to organisational computer security development and management
processes will considerably enhance performance and reduce costs.
The study supports that future research is warranted to focus on how existing computer security
standards and practices can be improved to allow for a stronger integration with organisational
knowledge through the application of knowledge management systems