Understanding Relationship Between Security Culture and Knowledge Management

  • Noor Hafizah Hassan
  • Zuraini Ismail
  • Nurazean Maarop
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 185)


Despite the widely recognized importance of information security as a vital asset in an organization, there has been lack of understanding of how organizations actually cultivate security culture amongst the employees in a particular environment. Based on previous researches, the vast majority of information security incidents are caused by human factor, and not by flawed technology. Knowledge has been highlighted as one important parameter of the human factor in information security. Previous literature has suggested the Knowledge Management (KM) approach as one of the approaches to implement information security management. However, the knowledge dimension of information security management in the healthcare industry has been neglected. The goal of this paper is to investigate the relationship between security culture and KM. Thus, a conceptual model has been proposed to describe the relationship. The findings suggest that security culture may have a positive relationship with knowledge creation, knowledge sharing, and knowledge use through security behaviour. The proposed conceptual model will be further evaluated with selected healthcare organizations in Malaysia.


Knowledge management Security culture Knowledge sharing Knowledge creation Knowledge use Healthcare informatics 



This study was funded by Zamalah Scholarship from Universiti Teknologi Malaysia.


  1. 1.
    Whitman, M.: Enemy at the gate: threats to information security. Commun. ACM 46(8), 91–95 (2003)CrossRefGoogle Scholar
  2. 2.
    Adele, M., Elofe, J.: Information Security Culture Survey, pp. 203–214 (2002)Google Scholar
  3. 3.
    Furnell, S., Rajendran, A.: Understanding the influences on information security behaviour. Comput. Fraud Secur. 2012(3), 12–15 (2012)CrossRefGoogle Scholar
  4. 4.
    Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47(2), 154–165 (2009). Elsevier B.VCrossRefGoogle Scholar
  5. 5.
    Chhanabhai, P., Holt, A.: EHR security: the New Zealand publica perception. Conf. Soc. Sci. Res. Policy Mak. Bridg. Divid. 79 (2009)Google Scholar
  6. 6.
    King, T., Brankovic, L., Gillard, P.: Perspectives of Australian adults about protecting the privacy of their health information in statistical databases. Int. J. Med. Inform. 81(4), 279–289 (2012). Elsevier Ireland LtdCrossRefGoogle Scholar
  7. 7.
    Kerai, P., Wood, P., Martin, M.: A pilot study on the views of elderly regional Australians of personally controlled electronic health records. Int. J. Med. Inform. 83(3), 201–209 (2014). Elsevier Ireland LtdCrossRefGoogle Scholar
  8. 8.
    Landolt, S., Hirschel, J., Schlienger, T., Businger, W., Zbinden, A.M.: Assessing and comparing information security in swiss hospitals. Interact. J. Med. Res. 1(2), e11 (2012)CrossRefGoogle Scholar
  9. 9.
    Bose, R.: Knowledge management-enabled health care management systems: capabilities, infrastructure, and decision-support. Expert Syst. Appl. 24(1), 59–71 (2003)CrossRefGoogle Scholar
  10. 10.
    Thomson, K., Von Solms, R., Louw, L.: Cultivating an organizational information security culture. Comput. Fraud Secur. 49–50 (2006)Google Scholar
  11. 11.
    Van Niekerk, J.F., Von Solms, R.: Information security culture: A management perspective. Comput. Secur. 29(4), 476–486 (2010). Elsevier LtdCrossRefGoogle Scholar
  12. 12.
    Helokunnas, T., Kuusisto, R.: Information security culture in a value net. In: Proceedings of IEMC ’03, Proc. Manag. Technol. Driven Organ. Hum. Side Innov. Chang., pp. 190–194. IEEE (2003)Google Scholar
  13. 13.
    Dojkovski, S.: Fostering information security culture in small and medium size enterprises: an interpretive study in Australia. In: Proceedings of the 15th European Conference on Information Systems, pp. 1560–1571 (2007)Google Scholar
  14. 14.
    Talib, S., Clarke, N., Furnell, S.: Establishing a personalized information security culture. Int. J. Mob. Comput. Multimed. Commun. 3(1), 63–79 (2011)CrossRefGoogle Scholar
  15. 15.
    Zakaria, O.: Internalisation of information security culture amongst employees through basic security knowledge. Secur. Priv. Dyn. Environ. 201, 437–441 (2006)CrossRefGoogle Scholar
  16. 16.
    Appari, A., Johnson, M.: Information security and privacy in healthcare: current state of research. Int. J. Internet Enterp. Manag. 6(4), 279–314 (2010)CrossRefGoogle Scholar
  17. 17.
    Long, D.W.D., Fahey, L.: Diagnosing cultural barriers to knowledge management. Acad. Manag. Exec. 14(4), 113–127 (2000)Google Scholar
  18. 18.
    Boisnier, A., Chatman, J.A.: The Role of Subcultures in Agile Organizations. Haas School of Business, Berkelely (2002)Google Scholar
  19. 19.
    Ipe, M.: Knowledge sharing in organizations: a conceptual framework. Hum. Resour. Dev. Rev. 2(4), 337–359 (2003)CrossRefGoogle Scholar
  20. 20.
    Leidner, D., Kayworth, T.: A review of culture in information systems research: toward a theory of information technology culture conflict. MIS Q. 30(2), 357–399 (2006)Google Scholar
  21. 21.
    Majchrzak, A., Jarvenpaa, S.L.: Information security in cross-enterprise collaborative knowledge work. E:CO 6(4), 4–8 (2004)Google Scholar
  22. 22.
    Ramachandran, S.: Information security cultures of four professions: a comparative study. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, pp. 1–10 (2008)Google Scholar
  23. 23.
    Bloodgood, J.M., Salisbury, W.D.: Understanding the influence of organizational change strategies on information technology and knowledge management strategies. Decis. Support Syst. 31(1), 55–69 (2001)CrossRefGoogle Scholar
  24. 24.
    Lee, H., Choi, B.: Knowledge Management Enablers, Processes, and Organizational Performance: An Integration and Empirical Examination (2000)Google Scholar
  25. 25.
    McEvily, S.K., Chakravarthy, B.: The persistence of knowledge-based advantage: an empirical test for product performance and technological knowledge. Strateg. Manag. J. 23(4), 285–305 (2002)CrossRefGoogle Scholar
  26. 26.
    Vroom, C., von Solms, R.: Towards information security behavioural compliance. Comput. Secur. 23(3), 191–198 (2004)CrossRefGoogle Scholar
  27. 27.
    Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards IS security policy compliance. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, IHICSS 2007, pp. 1–10 (2007)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Noor Hafizah Hassan
    • 1
  • Zuraini Ismail
    • 1
  • Nurazean Maarop
    • 1
  1. 1.Advanced Informatics School (AIS)Universiti Teknologi MalaysiaKuala LumpurMalaysia

Personalised recommendations