IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v9y2007i5d10.1007_s10796-007-9052-5.html
   My bibliography  Save this article

Overcoming organizational challenges to secure knowledge management

Author

Listed:
  • Finn Olav Sveen

    (Agder University College
    University of Navarra)

  • Eliot Rich

    (University at Albany)

  • Matthew Jager

    (University at Albany)

Abstract

Incident management systems have the potential to improve security dramatically but often experience problems stemming from organizational, interpersonal and social constraints that limit their effectiveness. These limits may cause underreporting of incidents, leading to erroneous perceptions of the actual safety and security situation of the organization. The true security situation may be better understood and underreporting may be reduced if underlying systemic issues surrounding security incident management are taken into account. A dynamic simulation, based on the parallel experience of industrial incident management systems, illustrates the cumulative effects of rewards, learning, and retributions on the fate of a hypothetical knowledge management system designed to collect information about events and incidents. Simulation studies are part of an ongoing research project to develop sustainable knowledge and knowledge transfer tools that support the development of a security culture.

Suggested Citation

  • Finn Olav Sveen & Eliot Rich & Matthew Jager, 2007. "Overcoming organizational challenges to secure knowledge management," Information Systems Frontiers, Springer, vol. 9(5), pages 481-492, November.
    • Handle: RePEc:spr:infosf:v:9:y:2007:i:5:d:10.1007_s10796-007-9052-5
    DOI: 10.1007/s10796-007-9052-5
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-007-9052-5
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-007-9052-5?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Barlas, Yaman, 1989. "Multiple tests for validation of system dynamics type of simulation models," European Journal of Operational Research, Elsevier, vol. 42(1), pages 59-87, September.
    2. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    3. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
    4. C.W. Holsapple & K.D. Joshi, 2004. "A formal knowledge management ontology: Conduct, activities, resources, and influences," Journal of the American Society for Information Science and Technology, Association for Information Science & Technology, vol. 55(7), pages 593-612, May.
    5. Viswanath Venkatesh & Fred D. Davis, 2000. "A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies," Management Science, INFORMS, vol. 46(2), pages 186-204, February.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Nicholas C. Georgantzas & Evangelos G. Katsamakas, 2008. "Information systems research with system dynamics," System Dynamics Review, System Dynamics Society, vol. 24(3), pages 247-264, September.
    2. Fariborz Farahmand & Eugene H. Spafford, 2013. "Understanding insiders: An analysis of risk-taking behavior," Information Systems Frontiers, Springer, vol. 15(1), pages 5-15, March.
    3. Jaatun, Martin Gilje & Albrechtsen, Eirik & Line, Maria B. & Tøndel, Inger Anne & Longva, Odd Helge, 2009. "A framework for incident response management in the petroleum industry," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(1), pages 26-37.
    4. Chulhwan Chris Bang, 2015. "Information systems frontiers: Keyword analysis and classification," Information Systems Frontiers, Springer, vol. 17(1), pages 217-237, February.
    5. Devaki Rau & Thorvald Haerem, 2010. "Applying an organizational learning perspective to new technology deployment by technological gatekeepers: A theoretical model and key issues for future research," Information Systems Frontiers, Springer, vol. 12(3), pages 287-297, July.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    2. Huseyin Cavusoglu & Srinivasan Raghunathan & Hasan Cavusoglu, 2009. "Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems," Information Systems Research, INFORMS, vol. 20(2), pages 198-217, June.
    3. Xiaotong Li, 2022. "An evolutionary game‐theoretic analysis of enterprise information security investment based on information sharing platform," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(3), pages 595-606, April.
    4. Kjell Hausken, 2018. "Proactivity and Retroactivity of Firms and Information Sharing of Hackers," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 20(01), pages 1-30, March.
    5. Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
    6. Xing Gao & Weijun Zhong & Shue Mei, 2014. "A game-theoretic analysis of information sharing and security investment for complementary firms," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 65(11), pages 1682-1691, November.
    7. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    8. Paul, Jomon A. & Zhang, Minjiao, 2021. "Decision support model for cybersecurity risk planning: A two-stage stochastic programming framework featuring firms, government, and attacker," European Journal of Operational Research, Elsevier, vol. 291(1), pages 349-364.
    9. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    10. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    11. Guang Zhu & Hu Liu & Mining Feng, 2018. "An Evolutionary Game-Theoretic Approach for Assessing Privacy Protection in mHealth Systems," IJERPH, MDPI, vol. 15(10), pages 1-27, October.
    12. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    13. Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
    14. Xing Gao & Weijun Zhong, 2016. "Economic incentives in security information sharing: the effects of market structures," Information Technology and Management, Springer, vol. 17(4), pages 361-377, December.
    15. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    16. Meilin He & Laura Devine & Jun Zhuang, 2018. "Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision‐Theoretic Approach," Risk Analysis, John Wiley & Sons, vol. 38(2), pages 215-225, February.
    17. Kjell Hausken, 2017. "Information Sharing Among Cyber Hackers in Successive Attacks," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 19(02), pages 1-33, June.
    18. Hulisi Öğüt & Srinivasan Raghunathan & Nirup Menon, 2011. "Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self‐Protection," Risk Analysis, John Wiley & Sons, vol. 31(3), pages 497-512, March.
    19. Tania Wallis & Rafał Leszczyna, 2022. "EE-ISAC—Practical Cybersecurity Solution for the Energy Sector," Energies, MDPI, vol. 15(6), pages 1-23, March.
    20. Nizovtsev, Dmitri & Thursby, Marie, 2007. "To disclose or not? An analysis of software user behavior," Information Economics and Policy, Elsevier, vol. 19(1), pages 43-64, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:9:y:2007:i:5:d:10.1007_s10796-007-9052-5. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.