Skip to main content

A Knowledge Interface System for Information and Cyber Security Using Semantic Wiki

  • 1407 Accesses

Part of the Lecture Notes in Computer Science book series (LNISA,volume 10844)

Abstract

Resilience against information and cyber security threats has become an essential ability for organizations to maintain business continuity. As bullet-proof security is an unattainable goal, organizations need to concentrate to select optimal countermeasures against information and cyber security threats. Implementation of cyber risk management actions require special knowledge and resources, which especially small and medium-size enterprises often lack. Information and cyber security risk management establish knowledge intensive business processes, which can be assisted with a proper knowledge management system. This paper analyzes how Semantic MediaWiki could be used as a platform to assist organizations, especially small and medium-sized enterprises, in their information and cyber security risk management. The approach adopts design science research and service design methodologies in the derivation and evaluation of the system.

Keywords

  • Information security
  • Cyber security
  • Design science research
  • Knowledge management
  • Risk management

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-91800-6_21
  • Chapter length: 15 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-91800-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.

References

  1. Bahrs, J., Müller, C.: Modelling and analysis of knowledge intensive business processes. In: Althoff, K.-D., Dengel, A., Bergmann, R., Nick, M., Roth-Berghofer, T. (eds.) WM 2005. LNCS, vol. 3782, pp. 243–247. Springer, Heidelberg (2005). https://doi.org/10.1007/11590019_28

    CrossRef  Google Scholar 

  2. Baumeister, J., Striffler, A.: Knowledge-driven systems for episodic decision support. Knowl.-Based Syst. 88, 45–56 (2015)

    CrossRef  Google Scholar 

  3. Belsis, P., Kokolakis, S., Kiountouzis, E.: Information systems security from a knowledge management perspective. Inf. Manag. Comput. Secur. 13(3), 189–202 (2005)

    CrossRef  Google Scholar 

  4. Bhattacharya, D.: Leadership styles and information security in small businesses. Inf. Manag. Comput. Secur. 19(5), 300–312 (2011)

    CrossRef  Google Scholar 

  5. Bundesamt für Sicherheit in der Informationstechnik: IT-Grundschutz Catalogues, 15th edn (2015)

    Google Scholar 

  6. Cox, L.A., Babayev, D., Huber, W.: Some limitations of qualitative risk rating systems. Risk Anal. 25(3), 651–662 (2005)

    CrossRef  Google Scholar 

  7. dos Santos França, J.B., Netto, J.M., Barradas, R.G., Santoro, F., Baião, F.A.: Towards knowledge-intensive processes representation. In: La Rosa, M., Soffer, P. (eds.) BPM 2012. LNBIP, vol. 132, pp. 126–136. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36285-9_14

    CrossRef  Google Scholar 

  8. Edvardsson, B.: Quality in new service development: key concepts and a frame of reference. Int. J. Prod. Econ. 52(1), 31–46 (1997)

    CrossRef  Google Scholar 

  9. Fenz, S., Ekelhart, A.: Verification, validation, and evaluation in information security risk management. IEEE Secur. Priv. 9(2), 58–65 (2011)

    CrossRef  Google Scholar 

  10. Fenz, S., Heurix, J., Neubauer, T., Pechstein, F.: Current challenges in information security risk management. Inf. Manag. Comput. Secur. 22(5), 410–430 (2014)

    CrossRef  Google Scholar 

  11. Furnell, S.M., Clarke, N., Komatsu, A., Takagi, D., Takemura, T.: Human aspects of information security: an empirical study of intentional versus actual behavior. Inf. Manag. Comput. Secur. 21(1), 5–15 (2013)

    CrossRef  Google Scholar 

  12. Gregor, S., Maedche, A., Morana, S., Schacht, S.: Designing knowledge interface systems: past, present, and future. In: Breakthroughs and Emerging Insights from Ongoing Design Science Projects: Research-in-Progress Papers and Poster Presentations from the 11th International Conference on Design Science Research in Information Systems and Technology, DESRIST (2016)

    Google Scholar 

  13. Gupta, A., Hammond, R.: Information systems security issues and decisions for small businesses: an empirical examination. Inf. Manag. Comput. Secur. 13(4), 297–310 (2005)

    CrossRef  Google Scholar 

  14. Hall, J.H., Sarkani, S., Mazzuchi, T.A.: Impacts of organizational capabilities in information security. Inf. Manag. Comput. Secur. 19(3), 155–176 (2011)

    CrossRef  Google Scholar 

  15. Hevner, A.R.: A three cycle view of design science research. Scand. J. Inf. Syst. 19(2), 87–92 (2007)

    Google Scholar 

  16. Iivari, J.: A paradigmatic analysis of information systems as a design science. Scand. J. Inf. Syst. 19(2), 39–64 (2007)

    Google Scholar 

  17. Işik, Ö., Mertens, W., Van den Bergh, J.: Practices of knowledge intensive process management: quantitative insights. Bus. Process Manag. J. 19(3), 515–534 (2013)

    CrossRef  Google Scholar 

  18. ISO/IEC 27001:2013: Information technology – Security techniques – Information security management systems – Requirements. ISO copyright office, Geneva, Switzerland (2013)

    Google Scholar 

  19. ISO/IEC 27002:2013: Information technology – Security techniques – Information security management systems – Code of practice for information security management. ISO copyright office, Geneva, Switzerland (2013)

    Google Scholar 

  20. ISO/IEC 27032:2012: Information technology—Security techniques—Guidelines for cybersecurity. ISO copyright office, Geneva, Switzerland (2012)

    Google Scholar 

  21. Jennex, M.E., Zyngier, S.: Security as a contributor to knowledge management success. Inf. Syst. Front. 9(5), 493–504 (2007)

    CrossRef  Google Scholar 

  22. Mansfield-Devine, S.: Securing small and medium-size businesses. Netw. Secur. 2016(7), 14–20 (2016)

    CrossRef  Google Scholar 

  23. Mejias, R.J.: An integrative model of information security awareness for assessing information systems security risk. In: Proceedings of 2012 45th Hawaii International Conference on System Sciences, pp. 3258–3267 (2012)

    Google Scholar 

  24. Miles, I., Kastrinos, N., Bilderbeek, R., Den Hertog, P., Flanagan, K., Huntink, W., Bouman, M.: Knowledge-intensive business services: users, carriers and sources of innovation. European Innovation Monitoring System (EIMS) Reports (1995)

    Google Scholar 

  25. Morelli, N.: Developing new product service systems (PSS): methodologies and operational tools. J. Clean. Prod. 14(17), 1495–1501 (2006)

    CrossRef  Google Scholar 

  26. Mundbrod, N., Reichert, M.: Process-aware task management support for knowledge-intensive business processes: findings, challenges, requirements (2014)

    Google Scholar 

  27. NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems and Organizations Revision 3 (2009)

    Google Scholar 

  28. Nykänen, R., Kärkkäinen, T.: Supporting cyber resilience with semantic wiki. In: Proceedings of OpenSym, pp. 21:1–21:8. ACM, New York (2016)

    Google Scholar 

  29. Nykänen, R., Kärkkäinen, T.: Tailorable representation of security control catalog on semantic wiki. In: Lehto, M., Neittaanmäki, P. (eds.) Intelligent Systems, Control and Automation: Science and Engineering: Cyber Security: Power and Technology. Springer, Heidelberg (2018)

    Google Scholar 

  30. Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)

    CrossRef  Google Scholar 

  31. Pei Lyn Grace, T.: Wikis as a knowledge management tool. J. Knowl. Manag. 13(4), 64–74 (2009)

    CrossRef  Google Scholar 

  32. Randeree, E.: Knowledge management: securing the future. J. Knowl. Manag. 10(4), 145–156 (2006)

    CrossRef  Google Scholar 

  33. Renaud, K.: How smaller businesses struggle with security advice. Comput. Fraud Secur. 2016(8), 10–18 (2016)

    CrossRef  Google Scholar 

  34. Rohn, E., Sabari, G., Leshem, G.: Explaining small business InfoSec posture using social theories. Inf. Comput. Secur. 24(5), 534–556 (2016)

    CrossRef  Google Scholar 

  35. Royce, W.W.: Managing the development of large software systems. In: Proceedings of IEEE WESCON, Los Angeles, vol. 26, pp. 328–338 (1970)

    Google Scholar 

  36. Sein, M.K., Henfridsson, O., Purao, S., Rossi, M., Lindgren, R.: Action design research. MIS Q. 35(1), 37–56 (2011)

    CrossRef  Google Scholar 

  37. Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14–30 (2016)

    CrossRef  Google Scholar 

  38. Siponen, M.: Information security standards focus on the existence of process, not its content. Commun. ACM 49(8), 97–100 (2006)

    CrossRef  Google Scholar 

  39. Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Q. 34(3), 503–522 (2010)

    CrossRef  Google Scholar 

  40. Tatar, Ü., Karabacak, B.: An hierarchical asset valuation method for information security risk analysis. In: 2012 International Conference on Information Society, i-Society (2012)

    Google Scholar 

  41. Vaculin, R., Hull, R., Heath, T., Cochran, C., Nigam, A., Sukaviriya, P.: Declarative business artifact centric modeling of decision and knowledge intensive business processes. In: 15th IEEE International IEEE Proceedings of Enterprise Distributed Object Computing Conference, EDOC, pp. 151–160 (2011)

    Google Scholar 

  42. Venable, J.R.: Design science research post Hevner et al.: criteria, standards, guidelines, and expectations. In: Winter, R., Zhao, J.L., Aier, S. (eds.) DESRIST 2010. LNCS, vol. 6105, pp. 109–123. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13335-0_8

    CrossRef  Google Scholar 

  43. Venable, J.R.: Five and ten years on: have DSR standards changed? In: Donnellan, B., Helfert, M., Kenneally, J., VanderMeer, D., Rothenberger, M., Winter, R. (eds.) DESRIST 2015. LNCS, vol. 9073, pp. 264–279. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18714-3_17

    CrossRef  Google Scholar 

  44. von Solms, R., van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)

    CrossRef  Google Scholar 

  45. Yeniman, Y.E., Akalp, G., Aytac, S., Bayram, N.: Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int. J. Inf. Manag. 31(4), 360–365 (2011)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Riku Nykänen .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Nykänen, R., Kärkkäinen, T. (2018). A Knowledge Interface System for Information and Cyber Security Using Semantic Wiki. In: Chatterjee, S., Dutta, K., Sundarraj, R. (eds) Designing for a Digital and Globalized World. DESRIST 2018. Lecture Notes in Computer Science(), vol 10844. Springer, Cham. https://doi.org/10.1007/978-3-319-91800-6_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-91800-6_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-91799-3

  • Online ISBN: 978-3-319-91800-6

  • eBook Packages: Computer ScienceComputer Science (R0)