Abstract
Despite the widely recognized importance of information security as a vital asset in an organization, there has been lack of understanding of how organizations actually cultivate security culture amongst the employees in a particular environment. Based on previous researches, the vast majority of information security incidents are caused by human factor, and not by flawed technology. Knowledge has been highlighted as one important parameter of the human factor in information security. Previous literature has suggested the Knowledge Management (KM) approach as one of the approaches to implement information security management. However, the knowledge dimension of information security management in the healthcare industry has been neglected. The goal of this paper is to investigate the relationship between security culture and KM. Thus, a conceptual model has been proposed to describe the relationship. The findings suggest that security culture may have a positive relationship with knowledge creation, knowledge sharing, and knowledge use through security behaviour. The proposed conceptual model will be further evaluated with selected healthcare organizations in Malaysia.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Whitman, M.: Enemy at the gate: threats to information security. Commun. ACM 46(8), 91–95 (2003)
Adele, M., Elofe, J.: Information Security Culture Survey, pp. 203–214 (2002)
Furnell, S., Rajendran, A.: Understanding the influences on information security behaviour. Comput. Fraud Secur. 2012(3), 12–15 (2012)
Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47(2), 154–165 (2009). Elsevier B.V
Chhanabhai, P., Holt, A.: EHR security: the New Zealand publica perception. Conf. Soc. Sci. Res. Policy Mak. Bridg. Divid. 79 (2009)
King, T., Brankovic, L., Gillard, P.: Perspectives of Australian adults about protecting the privacy of their health information in statistical databases. Int. J. Med. Inform. 81(4), 279–289 (2012). Elsevier Ireland Ltd
Kerai, P., Wood, P., Martin, M.: A pilot study on the views of elderly regional Australians of personally controlled electronic health records. Int. J. Med. Inform. 83(3), 201–209 (2014). Elsevier Ireland Ltd
Landolt, S., Hirschel, J., Schlienger, T., Businger, W., Zbinden, A.M.: Assessing and comparing information security in swiss hospitals. Interact. J. Med. Res. 1(2), e11 (2012)
Bose, R.: Knowledge management-enabled health care management systems: capabilities, infrastructure, and decision-support. Expert Syst. Appl. 24(1), 59–71 (2003)
Thomson, K., Von Solms, R., Louw, L.: Cultivating an organizational information security culture. Comput. Fraud Secur. 49–50 (2006)
Van Niekerk, J.F., Von Solms, R.: Information security culture: A management perspective. Comput. Secur. 29(4), 476–486 (2010). Elsevier Ltd
Helokunnas, T., Kuusisto, R.: Information security culture in a value net. In: Proceedings of IEMC ’03, Proc. Manag. Technol. Driven Organ. Hum. Side Innov. Chang., pp. 190–194. IEEE (2003)
Dojkovski, S.: Fostering information security culture in small and medium size enterprises: an interpretive study in Australia. In: Proceedings of the 15th European Conference on Information Systems, pp. 1560–1571 (2007)
Talib, S., Clarke, N., Furnell, S.: Establishing a personalized information security culture. Int. J. Mob. Comput. Multimed. Commun. 3(1), 63–79 (2011)
Zakaria, O.: Internalisation of information security culture amongst employees through basic security knowledge. Secur. Priv. Dyn. Environ. 201, 437–441 (2006)
Appari, A., Johnson, M.: Information security and privacy in healthcare: current state of research. Int. J. Internet Enterp. Manag. 6(4), 279–314 (2010)
Long, D.W.D., Fahey, L.: Diagnosing cultural barriers to knowledge management. Acad. Manag. Exec. 14(4), 113–127 (2000)
Boisnier, A., Chatman, J.A.: The Role of Subcultures in Agile Organizations. Haas School of Business, Berkelely (2002)
Ipe, M.: Knowledge sharing in organizations: a conceptual framework. Hum. Resour. Dev. Rev. 2(4), 337–359 (2003)
Leidner, D., Kayworth, T.: A review of culture in information systems research: toward a theory of information technology culture conflict. MIS Q. 30(2), 357–399 (2006)
Majchrzak, A., Jarvenpaa, S.L.: Information security in cross-enterprise collaborative knowledge work. E:CO 6(4), 4–8 (2004)
Ramachandran, S.: Information security cultures of four professions: a comparative study. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, pp. 1–10 (2008)
Bloodgood, J.M., Salisbury, W.D.: Understanding the influence of organizational change strategies on information technology and knowledge management strategies. Decis. Support Syst. 31(1), 55–69 (2001)
Lee, H., Choi, B.: Knowledge Management Enablers, Processes, and Organizational Performance: An Integration and Empirical Examination (2000)
McEvily, S.K., Chakravarthy, B.: The persistence of knowledge-based advantage: an empirical test for product performance and technological knowledge. Strateg. Manag. J. 23(4), 285–305 (2002)
Vroom, C., von Solms, R.: Towards information security behavioural compliance. Comput. Secur. 23(3), 191–198 (2004)
Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards IS security policy compliance. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, IHICSS 2007, pp. 1–10 (2007)
Acknowledgments
This study was funded by Zamalah Scholarship from Universiti Teknologi Malaysia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Hassan, N.H., Ismail, Z., Maarop, N. (2014). Understanding Relationship Between Security Culture and Knowledge Management. In: Uden, L., Fuenzaliza Oshee, D., Ting, IH., Liberona, D. (eds) Knowledge Management in Organizations. KMO 2014. Lecture Notes in Business Information Processing, vol 185. Springer, Cham. https://doi.org/10.1007/978-3-319-08618-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-319-08618-7_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08617-0
Online ISBN: 978-3-319-08618-7
eBook Packages: Computer ScienceComputer Science (R0)