An examination into the role of knowledge management and computer security in organizations

Abstract

Organisations develop their computer security procedures based on external guidelines such as ISO 17799 with very little provision to incorporate organisational knowledge in their security procedures. While these external guidelines make recommendations as to how an organisation should develop and implement best practices in computer security they often fail to provide a mechanism that links the security process to the organisational knowledge. The result is that often, security policies, procedures and controls are implemented that are neither strong nor consistent with the organisation's objectives. This study has examined the role of Knowledge Management in organisational Computer Security in 19 Australian SMEs. The study has determined that although the role of knowledge management in organisational computer security is currently limited, there appears to be evidence to argue that the application of knowledge management systems to organisational computer security development and management processes will considerably enhance performance and reduce costs. The study supports that future research is warranted to focus on how existing computer security standards and practices can be improved to allow for a stronger integration with organisational knowledge through the application of knowledge management systems.