Abstract
Resilience against information and cyber security threats has become an essential ability for organizations to maintain business continuity. As bullet-proof security is an unattainable goal, organizations need to concentrate to select optimal countermeasures against information and cyber security threats. Implementation of cyber risk management actions require special knowledge and resources, which especially small and medium-size enterprises often lack. Information and cyber security risk management establish knowledge intensive business processes, which can be assisted with a proper knowledge management system. This paper analyzes how Semantic MediaWiki could be used as a platform to assist organizations, especially small and medium-sized enterprises, in their information and cyber security risk management. The approach adopts design science research and service design methodologies in the derivation and evaluation of the system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bahrs, J., Müller, C.: Modelling and analysis of knowledge intensive business processes. In: Althoff, K.-D., Dengel, A., Bergmann, R., Nick, M., Roth-Berghofer, T. (eds.) WM 2005. LNCS, vol. 3782, pp. 243–247. Springer, Heidelberg (2005). https://doi.org/10.1007/11590019_28
Baumeister, J., Striffler, A.: Knowledge-driven systems for episodic decision support. Knowl.-Based Syst. 88, 45–56 (2015)
Belsis, P., Kokolakis, S., Kiountouzis, E.: Information systems security from a knowledge management perspective. Inf. Manag. Comput. Secur. 13(3), 189–202 (2005)
Bhattacharya, D.: Leadership styles and information security in small businesses. Inf. Manag. Comput. Secur. 19(5), 300–312 (2011)
Bundesamt für Sicherheit in der Informationstechnik: IT-Grundschutz Catalogues, 15th edn (2015)
Cox, L.A., Babayev, D., Huber, W.: Some limitations of qualitative risk rating systems. Risk Anal. 25(3), 651–662 (2005)
dos Santos França, J.B., Netto, J.M., Barradas, R.G., Santoro, F., Baião, F.A.: Towards knowledge-intensive processes representation. In: La Rosa, M., Soffer, P. (eds.) BPM 2012. LNBIP, vol. 132, pp. 126–136. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36285-9_14
Edvardsson, B.: Quality in new service development: key concepts and a frame of reference. Int. J. Prod. Econ. 52(1), 31–46 (1997)
Fenz, S., Ekelhart, A.: Verification, validation, and evaluation in information security risk management. IEEE Secur. Priv. 9(2), 58–65 (2011)
Fenz, S., Heurix, J., Neubauer, T., Pechstein, F.: Current challenges in information security risk management. Inf. Manag. Comput. Secur. 22(5), 410–430 (2014)
Furnell, S.M., Clarke, N., Komatsu, A., Takagi, D., Takemura, T.: Human aspects of information security: an empirical study of intentional versus actual behavior. Inf. Manag. Comput. Secur. 21(1), 5–15 (2013)
Gregor, S., Maedche, A., Morana, S., Schacht, S.: Designing knowledge interface systems: past, present, and future. In: Breakthroughs and Emerging Insights from Ongoing Design Science Projects: Research-in-Progress Papers and Poster Presentations from the 11th International Conference on Design Science Research in Information Systems and Technology, DESRIST (2016)
Gupta, A., Hammond, R.: Information systems security issues and decisions for small businesses: an empirical examination. Inf. Manag. Comput. Secur. 13(4), 297–310 (2005)
Hall, J.H., Sarkani, S., Mazzuchi, T.A.: Impacts of organizational capabilities in information security. Inf. Manag. Comput. Secur. 19(3), 155–176 (2011)
Hevner, A.R.: A three cycle view of design science research. Scand. J. Inf. Syst. 19(2), 87–92 (2007)
Iivari, J.: A paradigmatic analysis of information systems as a design science. Scand. J. Inf. Syst. 19(2), 39–64 (2007)
Işik, Ö., Mertens, W., Van den Bergh, J.: Practices of knowledge intensive process management: quantitative insights. Bus. Process Manag. J. 19(3), 515–534 (2013)
ISO/IEC 27001:2013: Information technology – Security techniques – Information security management systems – Requirements. ISO copyright office, Geneva, Switzerland (2013)
ISO/IEC 27002:2013: Information technology – Security techniques – Information security management systems – Code of practice for information security management. ISO copyright office, Geneva, Switzerland (2013)
ISO/IEC 27032:2012: Information technology—Security techniques—Guidelines for cybersecurity. ISO copyright office, Geneva, Switzerland (2012)
Jennex, M.E., Zyngier, S.: Security as a contributor to knowledge management success. Inf. Syst. Front. 9(5), 493–504 (2007)
Mansfield-Devine, S.: Securing small and medium-size businesses. Netw. Secur. 2016(7), 14–20 (2016)
Mejias, R.J.: An integrative model of information security awareness for assessing information systems security risk. In: Proceedings of 2012 45th Hawaii International Conference on System Sciences, pp. 3258–3267 (2012)
Miles, I., Kastrinos, N., Bilderbeek, R., Den Hertog, P., Flanagan, K., Huntink, W., Bouman, M.: Knowledge-intensive business services: users, carriers and sources of innovation. European Innovation Monitoring System (EIMS) Reports (1995)
Morelli, N.: Developing new product service systems (PSS): methodologies and operational tools. J. Clean. Prod. 14(17), 1495–1501 (2006)
Mundbrod, N., Reichert, M.: Process-aware task management support for knowledge-intensive business processes: findings, challenges, requirements (2014)
NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems and Organizations Revision 3 (2009)
Nykänen, R., Kärkkäinen, T.: Supporting cyber resilience with semantic wiki. In: Proceedings of OpenSym, pp. 21:1–21:8. ACM, New York (2016)
Nykänen, R., Kärkkäinen, T.: Tailorable representation of security control catalog on semantic wiki. In: Lehto, M., Neittaanmäki, P. (eds.) Intelligent Systems, Control and Automation: Science and Engineering: Cyber Security: Power and Technology. Springer, Heidelberg (2018)
Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)
Pei Lyn Grace, T.: Wikis as a knowledge management tool. J. Knowl. Manag. 13(4), 64–74 (2009)
Randeree, E.: Knowledge management: securing the future. J. Knowl. Manag. 10(4), 145–156 (2006)
Renaud, K.: How smaller businesses struggle with security advice. Comput. Fraud Secur. 2016(8), 10–18 (2016)
Rohn, E., Sabari, G., Leshem, G.: Explaining small business InfoSec posture using social theories. Inf. Comput. Secur. 24(5), 534–556 (2016)
Royce, W.W.: Managing the development of large software systems. In: Proceedings of IEEE WESCON, Los Angeles, vol. 26, pp. 328–338 (1970)
Sein, M.K., Henfridsson, O., Purao, S., Rossi, M., Lindgren, R.: Action design research. MIS Q. 35(1), 37–56 (2011)
Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14–30 (2016)
Siponen, M.: Information security standards focus on the existence of process, not its content. Commun. ACM 49(8), 97–100 (2006)
Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Q. 34(3), 503–522 (2010)
Tatar, Ü., Karabacak, B.: An hierarchical asset valuation method for information security risk analysis. In: 2012 International Conference on Information Society, i-Society (2012)
Vaculin, R., Hull, R., Heath, T., Cochran, C., Nigam, A., Sukaviriya, P.: Declarative business artifact centric modeling of decision and knowledge intensive business processes. In: 15th IEEE International IEEE Proceedings of Enterprise Distributed Object Computing Conference, EDOC, pp. 151–160 (2011)
Venable, J.R.: Design science research post Hevner et al.: criteria, standards, guidelines, and expectations. In: Winter, R., Zhao, J.L., Aier, S. (eds.) DESRIST 2010. LNCS, vol. 6105, pp. 109–123. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13335-0_8
Venable, J.R.: Five and ten years on: have DSR standards changed? In: Donnellan, B., Helfert, M., Kenneally, J., VanderMeer, D., Rothenberger, M., Winter, R. (eds.) DESRIST 2015. LNCS, vol. 9073, pp. 264–279. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18714-3_17
von Solms, R., van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)
Yeniman, Y.E., Akalp, G., Aytac, S., Bayram, N.: Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int. J. Inf. Manag. 31(4), 360–365 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Nykänen, R., Kärkkäinen, T. (2018). A Knowledge Interface System for Information and Cyber Security Using Semantic Wiki. In: Chatterjee, S., Dutta, K., Sundarraj, R. (eds) Designing for a Digital and Globalized World. DESRIST 2018. Lecture Notes in Computer Science(), vol 10844. Springer, Cham. https://doi.org/10.1007/978-3-319-91800-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-91800-6_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-91799-3
Online ISBN: 978-3-319-91800-6
eBook Packages: Computer ScienceComputer Science (R0)