File(s) under permanent embargo
Towards a knowledge perspective in information security risk assessments - an illustrative case study
conference contribution
posted on 2009-01-01, 00:00 authored by P Shedden, W Smith, Rens ScheepersRens Scheepers, A AhmadMany methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information for a given organisation. We argue that the traditional orientation of these methodologies, towards the identification and assessment of technical information assets, obscures key risks associated with the cultivation and deployment of organisational knowledge. Our argument is developed through an illustrative case study in which a well-documented methodology is applied to a complex data back-up process. This process is seen to depend, in subtle and often informal ways, on knowledge to sustain operational complexity, handle exceptions and make frequent interventions. Although typical information security methodologies identify people as critical assets, we suggest a new approach might draw on more detailed accounts of individual knowledge, collective knowledge, and their relationship to organisational processes. Drawing on the knowledge management literature, we suggest mechanisms to incorporate these knowledge-based considerations into the scope of information security risk methodologies.
History
Event
Australasian Conference on Information Systems (20th : 2009 : Melbourne, Vic.)Pagination
74 - 84Publisher
Association for Information SystemsLocation
Melbourne, Vic.Place of publication
[Melbourne, Vic.]Start date
2009-12-02End date
2009-12-04Language
engPublication classification
E1.1 Full written paper - refereedCopyright notice
2009, The AuthorsTitle of proceedings
ACIS 2009 : Evolving Boundaries and New Frontiers: Defining the IS Discipline : proceedings of the 20th Australasian Conference on Information SystemsUsage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC