We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Integrating Knowledge Management into Information Security: From Audit to Practice.
- Authors
Cheuk Hang Au; Fung, Walter S. L.
- Abstract
Repeated information security (InfoSec) incidents have harmed the confidence of people on enterprises' InfoSec capability. While most organisations adopt control frameworks such as ISO27001 and COBIT, the role and contribution of knowledge management on InfoSec was inadequately considered. The authors integrated the concepts of knowledge-centric information security and IT Governance (ITG) into an ITG-driven knowledge framework (ITGKF) for reinforcing InfoSec maturity and auditability of enterprises. The authors also tried to assess whether ITG can embrace proper knowledge circulation within the InfoSec community. The authors confirmed the positive influence of IT governance on knowledge-centric information security (KCIS) and information security maturity and audit result (ISMAR), the positive influence of KCIS on ISMAR, and the mediating role of KCIS between ITG and ISMAR. These indicated the significance of KM in InfoSec area. Based on the findings, they proposed possible changes of integrating KM in different InfoSec practices and audit standard.
- Subjects
KNOWLEDGE management; INFORMATION technology security; AUDITING; UNITED States. Office of Information Security; COBIT (Information technology management standard)
- Publication
International Journal of Knowledge Management, 2019, Vol 15, Issue 1, p37
- ISSN
1548-0666
- Publication type
Article
- DOI
10.4018/IJKM.2019010103