Skip to main content
SpringerLink
Log in

A Knowledge Interface System for Information and Cyber Security Using Semantic Wiki

  • Conference paper
  • First Online:
Book cover Designing for a Digital and Globalized World (DESRIST 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10844))

Abstract

Resilience against information and cyber security threats has become an essential ability for organizations to maintain business continuity. As bullet-proof security is an unattainable goal, organizations need to concentrate to select optimal countermeasures against information and cyber security threats. Implementation of cyber risk management actions require special knowledge and resources, which especially small and medium-size enterprises often lack. Information and cyber security risk management establish knowledge intensive business processes, which can be assisted with a proper knowledge management system. This paper analyzes how Semantic MediaWiki could be used as a platform to assist organizations, especially small and medium-sized enterprises, in their information and cyber security risk management. The approach adopts design science research and service design methodologies in the derivation and evaluation of the system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bahrs, J., Müller, C.: Modelling and analysis of knowledge intensive business processes. In: Althoff, K.-D., Dengel, A., Bergmann, R., Nick, M., Roth-Berghofer, T. (eds.) WM 2005. LNCS, vol. 3782, pp. 243–247. Springer, Heidelberg (2005). https://doi.org/10.1007/11590019_28

    Chapter  Google Scholar 

  2. Baumeister, J., Striffler, A.: Knowledge-driven systems for episodic decision support. Knowl.-Based Syst. 88, 45–56 (2015)

    Article  Google Scholar 

  3. Belsis, P., Kokolakis, S., Kiountouzis, E.: Information systems security from a knowledge management perspective. Inf. Manag. Comput. Secur. 13(3), 189–202 (2005)

    Article  Google Scholar 

  4. Bhattacharya, D.: Leadership styles and information security in small businesses. Inf. Manag. Comput. Secur. 19(5), 300–312 (2011)

    Article  Google Scholar 

  5. Bundesamt für Sicherheit in der Informationstechnik: IT-Grundschutz Catalogues, 15th edn (2015)

    Google Scholar 

  6. Cox, L.A., Babayev, D., Huber, W.: Some limitations of qualitative risk rating systems. Risk Anal. 25(3), 651–662 (2005)

    Article  Google Scholar 

  7. dos Santos França, J.B., Netto, J.M., Barradas, R.G., Santoro, F., Baião, F.A.: Towards knowledge-intensive processes representation. In: La Rosa, M., Soffer, P. (eds.) BPM 2012. LNBIP, vol. 132, pp. 126–136. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36285-9_14

    Chapter  Google Scholar 

  8. Edvardsson, B.: Quality in new service development: key concepts and a frame of reference. Int. J. Prod. Econ. 52(1), 31–46 (1997)

    Article  Google Scholar 

  9. Fenz, S., Ekelhart, A.: Verification, validation, and evaluation in information security risk management. IEEE Secur. Priv. 9(2), 58–65 (2011)

    Article  Google Scholar 

  10. Fenz, S., Heurix, J., Neubauer, T., Pechstein, F.: Current challenges in information security risk management. Inf. Manag. Comput. Secur. 22(5), 410–430 (2014)

    Article  Google Scholar 

  11. Furnell, S.M., Clarke, N., Komatsu, A., Takagi, D., Takemura, T.: Human aspects of information security: an empirical study of intentional versus actual behavior. Inf. Manag. Comput. Secur. 21(1), 5–15 (2013)

    Article  Google Scholar 

  12. Gregor, S., Maedche, A., Morana, S., Schacht, S.: Designing knowledge interface systems: past, present, and future. In: Breakthroughs and Emerging Insights from Ongoing Design Science Projects: Research-in-Progress Papers and Poster Presentations from the 11th International Conference on Design Science Research in Information Systems and Technology, DESRIST (2016)

    Google Scholar 

  13. Gupta, A., Hammond, R.: Information systems security issues and decisions for small businesses: an empirical examination. Inf. Manag. Comput. Secur. 13(4), 297–310 (2005)

    Article  Google Scholar 

  14. Hall, J.H., Sarkani, S., Mazzuchi, T.A.: Impacts of organizational capabilities in information security. Inf. Manag. Comput. Secur. 19(3), 155–176 (2011)

    Article  Google Scholar 

  15. Hevner, A.R.: A three cycle view of design science research. Scand. J. Inf. Syst. 19(2), 87–92 (2007)

    Google Scholar 

  16. Iivari, J.: A paradigmatic analysis of information systems as a design science. Scand. J. Inf. Syst. 19(2), 39–64 (2007)

    Google Scholar 

  17. Işik, Ö., Mertens, W., Van den Bergh, J.: Practices of knowledge intensive process management: quantitative insights. Bus. Process Manag. J. 19(3), 515–534 (2013)

    Article  Google Scholar 

  18. ISO/IEC 27001:2013: Information technology – Security techniques – Information security management systems – Requirements. ISO copyright office, Geneva, Switzerland (2013)

    Google Scholar 

  19. ISO/IEC 27002:2013: Information technology – Security techniques – Information security management systems – Code of practice for information security management. ISO copyright office, Geneva, Switzerland (2013)

    Google Scholar 

  20. ISO/IEC 27032:2012: Information technology—Security techniques—Guidelines for cybersecurity. ISO copyright office, Geneva, Switzerland (2012)

    Google Scholar 

  21. Jennex, M.E., Zyngier, S.: Security as a contributor to knowledge management success. Inf. Syst. Front. 9(5), 493–504 (2007)

    Article  Google Scholar 

  22. Mansfield-Devine, S.: Securing small and medium-size businesses. Netw. Secur. 2016(7), 14–20 (2016)

    Article  Google Scholar 

  23. Mejias, R.J.: An integrative model of information security awareness for assessing information systems security risk. In: Proceedings of 2012 45th Hawaii International Conference on System Sciences, pp. 3258–3267 (2012)

    Google Scholar 

  24. Miles, I., Kastrinos, N., Bilderbeek, R., Den Hertog, P., Flanagan, K., Huntink, W., Bouman, M.: Knowledge-intensive business services: users, carriers and sources of innovation. European Innovation Monitoring System (EIMS) Reports (1995)

    Google Scholar 

  25. Morelli, N.: Developing new product service systems (PSS): methodologies and operational tools. J. Clean. Prod. 14(17), 1495–1501 (2006)

    Article  Google Scholar 

  26. Mundbrod, N., Reichert, M.: Process-aware task management support for knowledge-intensive business processes: findings, challenges, requirements (2014)

    Google Scholar 

  27. NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems and Organizations Revision 3 (2009)

    Google Scholar 

  28. Nykänen, R., Kärkkäinen, T.: Supporting cyber resilience with semantic wiki. In: Proceedings of OpenSym, pp. 21:1–21:8. ACM, New York (2016)

    Google Scholar 

  29. Nykänen, R., Kärkkäinen, T.: Tailorable representation of security control catalog on semantic wiki. In: Lehto, M., Neittaanmäki, P. (eds.) Intelligent Systems, Control and Automation: Science and Engineering: Cyber Security: Power and Technology. Springer, Heidelberg (2018)

    Google Scholar 

  30. Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)

    Article  Google Scholar 

  31. Pei Lyn Grace, T.: Wikis as a knowledge management tool. J. Knowl. Manag. 13(4), 64–74 (2009)

    Article  Google Scholar 

  32. Randeree, E.: Knowledge management: securing the future. J. Knowl. Manag. 10(4), 145–156 (2006)

    Article  Google Scholar 

  33. Renaud, K.: How smaller businesses struggle with security advice. Comput. Fraud Secur. 2016(8), 10–18 (2016)

    Article  Google Scholar 

  34. Rohn, E., Sabari, G., Leshem, G.: Explaining small business InfoSec posture using social theories. Inf. Comput. Secur. 24(5), 534–556 (2016)

    Article  Google Scholar 

  35. Royce, W.W.: Managing the development of large software systems. In: Proceedings of IEEE WESCON, Los Angeles, vol. 26, pp. 328–338 (1970)

    Google Scholar 

  36. Sein, M.K., Henfridsson, O., Purao, S., Rossi, M., Lindgren, R.: Action design research. MIS Q. 35(1), 37–56 (2011)

    Article  Google Scholar 

  37. Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14–30 (2016)

    Article  Google Scholar 

  38. Siponen, M.: Information security standards focus on the existence of process, not its content. Commun. ACM 49(8), 97–100 (2006)

    Article  Google Scholar 

  39. Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Q. 34(3), 503–522 (2010)

    Article  Google Scholar 

  40. Tatar, Ü., Karabacak, B.: An hierarchical asset valuation method for information security risk analysis. In: 2012 International Conference on Information Society, i-Society (2012)

    Google Scholar 

  41. Vaculin, R., Hull, R., Heath, T., Cochran, C., Nigam, A., Sukaviriya, P.: Declarative business artifact centric modeling of decision and knowledge intensive business processes. In: 15th IEEE International IEEE Proceedings of Enterprise Distributed Object Computing Conference, EDOC, pp. 151–160 (2011)

    Google Scholar 

  42. Venable, J.R.: Design science research post Hevner et al.: criteria, standards, guidelines, and expectations. In: Winter, R., Zhao, J.L., Aier, S. (eds.) DESRIST 2010. LNCS, vol. 6105, pp. 109–123. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13335-0_8

    Chapter  Google Scholar 

  43. Venable, J.R.: Five and ten years on: have DSR standards changed? In: Donnellan, B., Helfert, M., Kenneally, J., VanderMeer, D., Rothenberger, M., Winter, R. (eds.) DESRIST 2015. LNCS, vol. 9073, pp. 264–279. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18714-3_17

    Chapter  Google Scholar 

  44. von Solms, R., van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)

    Article  Google Scholar 

  45. Yeniman, Y.E., Akalp, G., Aytac, S., Bayram, N.: Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int. J. Inf. Manag. 31(4), 360–365 (2011)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Jyväskylä, Jyväskylä, Finland

    Riku Nykänen & Tommi Kärkkäinen

Authors
  1. Riku Nykänen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tommi Kärkkäinen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Riku Nykänen .

Editor information

Editors and Affiliations

  1. School of Information Systems and Technology, Claremont Graduate University, Claremont, California, USA

    Samir Chatterjee

  2. Muma College of Business, University of South Florida, Tampa, Florida, USA

    Kaushik Dutta

  3. Department of Management Studies, IIT Madras, Chennai, Tamil Nadu, India

    Rangaraja P. Sundarraj

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nykänen, R., Kärkkäinen, T. (2018). A Knowledge Interface System for Information and Cyber Security Using Semantic Wiki. In: Chatterjee, S., Dutta, K., Sundarraj, R. (eds) Designing for a Digital and Globalized World. DESRIST 2018. Lecture Notes in Computer Science(), vol 10844. Springer, Cham. https://doi.org/10.1007/978-3-319-91800-6_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-91800-6_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-91799-3

  • Online ISBN: 978-3-319-91800-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation