Understanding Relationship Between Security Culture and Knowledge Management
Despite the widely recognized importance of information security as a vital asset in an organization, there has been lack of understanding of how organizations actually cultivate security culture amongst the employees in a particular environment. Based on previous researches, the vast majority of information security incidents are caused by human factor, and not by flawed technology. Knowledge has been highlighted as one important parameter of the human factor in information security. Previous literature has suggested the Knowledge Management (KM) approach as one of the approaches to implement information security management. However, the knowledge dimension of information security management in the healthcare industry has been neglected. The goal of this paper is to investigate the relationship between security culture and KM. Thus, a conceptual model has been proposed to describe the relationship. The findings suggest that security culture may have a positive relationship with knowledge creation, knowledge sharing, and knowledge use through security behaviour. The proposed conceptual model will be further evaluated with selected healthcare organizations in Malaysia.
KeywordsKnowledge management Security culture Knowledge sharing Knowledge creation Knowledge use Healthcare informatics
This study was funded by Zamalah Scholarship from Universiti Teknologi Malaysia.
- 2.Adele, M., Elofe, J.: Information Security Culture Survey, pp. 203–214 (2002)Google Scholar
- 5.Chhanabhai, P., Holt, A.: EHR security: the New Zealand publica perception. Conf. Soc. Sci. Res. Policy Mak. Bridg. Divid. 79 (2009)Google Scholar
- 10.Thomson, K., Von Solms, R., Louw, L.: Cultivating an organizational information security culture. Comput. Fraud Secur. 49–50 (2006)Google Scholar
- 12.Helokunnas, T., Kuusisto, R.: Information security culture in a value net. In: Proceedings of IEMC ’03, Proc. Manag. Technol. Driven Organ. Hum. Side Innov. Chang., pp. 190–194. IEEE (2003)Google Scholar
- 13.Dojkovski, S.: Fostering information security culture in small and medium size enterprises: an interpretive study in Australia. In: Proceedings of the 15th European Conference on Information Systems, pp. 1560–1571 (2007)Google Scholar
- 17.Long, D.W.D., Fahey, L.: Diagnosing cultural barriers to knowledge management. Acad. Manag. Exec. 14(4), 113–127 (2000)Google Scholar
- 18.Boisnier, A., Chatman, J.A.: The Role of Subcultures in Agile Organizations. Haas School of Business, Berkelely (2002)Google Scholar
- 20.Leidner, D., Kayworth, T.: A review of culture in information systems research: toward a theory of information technology culture conflict. MIS Q. 30(2), 357–399 (2006)Google Scholar
- 21.Majchrzak, A., Jarvenpaa, S.L.: Information security in cross-enterprise collaborative knowledge work. E:CO 6(4), 4–8 (2004)Google Scholar
- 22.Ramachandran, S.: Information security cultures of four professions: a comparative study. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, pp. 1–10 (2008)Google Scholar
- 24.Lee, H., Choi, B.: Knowledge Management Enablers, Processes, and Organizational Performance: An Integration and Empirical Examination (2000)Google Scholar
- 27.Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards IS security policy compliance. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, IHICSS 2007, pp. 1–10 (2007)Google Scholar