Towards a knowledge perspective in information security risk assessments - an illustrative case study

Shedden, Piya, Smith, Wally, Scheepers, Rens and Ahmad, Atif 2009, Towards a knowledge perspective in information security risk assessments - an illustrative case study, in ACIS 2009 : Evolving Boundaries and New Frontiers: Defining the IS Discipline : proceedings of the 20th Australasian Conference on Information Systems, Association for Information Systems, [Melbourne, Vic.], pp. 74-84.

Attached Files
Name Description MIMEType Size Downloads

Title Towards a knowledge perspective in information security risk assessments - an illustrative case study
Author(s) Shedden, Piya
Smith, Wally
Scheepers, Rens
Ahmad, Atif
Conference name Australasian Conference on Information Systems (20th : 2009 : Melbourne, Vic.)
Conference location Melbourne, Vic.
Conference dates 2-4 Dec. 2009
Title of proceedings ACIS 2009 : Evolving Boundaries and New Frontiers: Defining the IS Discipline : proceedings of the 20th Australasian Conference on Information Systems
Editor(s) [Unknown]
Publication date 2009
Conference series Australasian Conference on Information Systems
Start page 74
End page 84
Publisher Association for Information Systems
Place of publication [Melbourne, Vic.]
Keyword(s) Information security
risk management
asset identification
knowledge protection
Summary Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information for a given organisation. We argue that the traditional orientation of these methodologies, towards the identification and assessment of technical information assets, obscures key risks associated with the cultivation and deployment of organisational knowledge. Our argument is developed through an illustrative case study in which a well-documented methodology is applied to a complex data back-up process. This process is seen to depend, in subtle and often informal ways, on knowledge to sustain operational complexity, handle exceptions and make frequent interventions. Although typical information security methodologies identify people as critical assets, we suggest a new approach might draw on more detailed accounts of individual knowledge, collective knowledge, and their relationship to organisational processes. Drawing on the knowledge management literature, we suggest mechanisms to incorporate these knowledge-based considerations into the scope of information security risk methodologies.
Language eng
Field of Research 089999 Information and Computing Sciences not elsewhere classified
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1.1 Full written paper - refereed
Copyright notice ©2009, The Authors
Persistent URL http://hdl.handle.net/10536/DRO/DU:30036294

Document type: Conference Paper
Collection: School of Information and Business Analytics
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 90 Abstract Views, 2 File Downloads  -  Detailed Statistics
Created: Thu, 11 Aug 2011, 10:24:17 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.