CityU Institutional Repository >
3_CityU Electronic Theses and Dissertations >
ETD - Dept. of Systems Engineering and Engineering Management >
SEEM - Doctor of Engineering >
Please use this identifier to cite or link to this item:
|Title: ||An exploration of knowledge-centric information security by community of practice|
|Other Titles: ||Ying yong shi wu she qun tan jiu yi zhi shi wei he xin de zi xun bao an|
|Authors: ||Fung, Sui Leung Walter ( 馮瑞良)|
|Department: ||Department of Systems Engineering and Engineering Management|
|Degree: ||Engineering Doctorate|
|Issue Date: ||2011|
|Publisher: ||City University of Hong Kong|
|Subjects: ||Knowledge management.|
|Notes: ||CityU Call Number: HD30.2 .F87 2011|
xvii, 165 leaves : ill. 30 cm.
Thesis (Eng.D.)--City University of Hong Kong, 2011.
Includes bibliographical references (leaves 155-165)
|Abstract: ||Increasing number of enterprises consider information security (InfoSec) as a key success factor whereas threats can originate from any part of the world over internet. The incident of 11th September of 2001 and many hacker horror stories have repeatedly alerted enterprises that they should review their fragile InfoSec mechanisms. Traditionally InfoSec relies heavily on technology for technical reinforcement, by investing large amount of money on software and hardware. In the last decade information security management system (ISMS) such as ISO27001 has been introduced to refine the roles of people, organization and process. Many organizations since then have adopted such ISMS trying to improve their InfoSec competence. Indeed some improvements have been observed that enterprises seem to have equipped with better defined InfoSec policies and procedures nowadays. Nevertheless serious information security incidents continue to be reported by the public and private sectors. Many of these incidents are discovered to be caused by human factors that practitioners either neglect or ignore fundamental InfoSec disciplines or practices. Having an ISO27001 certificate in hand does not directly reflect the InfoSec capability of an organization.
Knowledge management (KM) is another management discipline many enterprises employ for creating business value and generating competitive advantage. Knowledge assets can help corporate innovations; as well they can also be vulnerable for espionage activities. There are however few researches about KM and InfoSec interactions. While knowledge assets may be protected by InfoSec mechanism, KM can also act as catalyst to enhance the InfoSec maturity. A knowledge-centric Information Security (KCIS) model is proposed to establish inter-relations between KM and InfoSec, with emphasis on how KM can drive InfoSec to better maturity level. To further explore the applicability of KCIS, a community of practice (CoP) is constructed for inter-organizational InfoSec practitioners to share and reuse the InfoSec related knowledge. The practitioners are expected to improve their InfoSec security knowledge from the CoP, easing their InfoSec planning and operations at work. A conceptual model is referenced from the activity theory which is then refined into a research implementation model, combining the ISMS elements and the Information Security Knowledge Architecture (ISKA) (Kesh & Ratnasingam, 2007).
The research results intend to validate whether KM can strengthen the maturity of InfoSec by improving practitioners‟ knowledge level. Moreover the research tries to evaluate what factors may influence the KM and InfoSec interactions. A new mapping between Nonaka SECI model to other business processes, Communication, Quality, Automation, and Learning (CQAL) is developed. This CQAL mapping can help enterprises to redesign their business processes more effectively, when dealing with the InfoSec or similar processes.|
|Online Catalog Link: ||http://lib.cityu.edu.hk/record=b4086919|
|Appears in Collections:||SEEM - Doctor of Engineering|
Items in CityU IR are protected by copyright, with all rights reserved, unless otherwise indicated.