Knowledge management within information security: the case of Barings Bank

Managing the growing problem of computer fraud within organisations has led researchers and practitioners to emphasise the need to take into account the 'social' aspects of information security. In addition, wider organisational issues such as lack of communication have been associated with computer fraud. In trying to minimise 'opportunities' for computer fraud, this paper argues that managers' awareness and knowledge of how an organisation functions can significantly affect the effectiveness of management information security. This is because managers can send 'cues' to other employees, which influence how the latter perceive and abide by information security and other policies and procedures in their daily activities. Such perception and application are examples of tacit knowledge development and use. In developing the argument, this paper uses the case of Barings Bank together with Mintzberg's five functions of an organisation. Thus it contributes in effective management of information security from a knowledge management perspective.

[1]  A. R. Warman,et al.  Organizational computer security policy: the reality , 1992 .

[2]  G. Dhillon Managing information system security , 1997 .

[3]  Mikko T. Siponen,et al.  An Analysis of the Recent IS Security Development Approaches: Descriptive and Prescriptive Implications , 2001 .

[4]  Henry Mintzberg The rise and fall of strategic planning , 1993 .

[5]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[6]  Peter M. Senge,et al.  The Dance of Change: The Challenges to Sustaining Momentum in Learning Organizations , 1999 .

[7]  Dennis Adams,et al.  Managing an Information System , 1990 .

[8]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[9]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[10]  Karen D. Loch,et al.  Ethics and information technology use: a factor analysis of attitudes to computer use , 1995, Inf. Syst. J..

[11]  Detmar W. Straub,et al.  Security concerns of system users: a proposed study of user preceptions of the adequacy of security measures , 1989, [1989] Proceedings of the Twenty-Second Annual Hawaii International Conference on System Sciences. Volume IV: Emerging Technologies and Applications Track.

[12]  Keith W. Miller Computer security and human values interact , 1997, Proceedings Frontiers in Education 1997 27th Annual Conference. Teaching and Learning in an Era of Change.

[13]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[14]  Keith Jackson,et al.  Computer ethics: Cautionary tales and ethical dilemmas in computing , 1990 .

[15]  B. Kogut,et al.  Knowledge and the Speed of the Transfer and Imitation of Organizational Capabilities: An Empirical Test , 1995 .

[16]  Dean Call,et al.  Knowledge management - not rocket science , 2005, J. Knowl. Manag..

[17]  Adrian R. Warman Computer Security within Organizations , 1993 .

[18]  Leonard I. Krauss,et al.  Safe: Security Audit and Field Evaluation for Computer Facilities and Information Systems , 1981 .

[19]  Phillip W. Balsmeier,et al.  The ethics of sentencing white-collar criminals , 1996 .

[20]  Kenneth C. Laudon,et al.  Ethical concepts and information technology , 1995, CACM.

[21]  Kenneth L. Kraemer,et al.  Managing information systems , 1989 .

[22]  Henry Mintzberg,et al.  Strategy Formation in an Adhocracy. , 1985 .

[23]  Helen L. James,et al.  Managing information systems security: a soft approach , 1996, Proceedings of 1996 Information Systems Conference of New Zealand.

[24]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[25]  Susan Haugen,et al.  Identifying and controlling computer crime and employee fraud , 1999 .

[26]  Seth Earley,et al.  Practical knowledge management : the lotus knowledge discovery system , 2001 .

[27]  Ebrahim Randeree,et al.  Knowledge management: securing the future , 2006, J. Knowl. Manag..

[28]  Rossouw von Solms Information security management (1): why information security is so important , 1998, Inf. Manag. Comput. Secur..

[29]  R. Spinello Case studies in information and computer ethics , 1996 .

[30]  I. Nonaka,et al.  The Knowledge Creating Company , 2008 .

[31]  Jean Hitchings,et al.  Deficiencies of the traditional approach to information security and the requirements for a new methodology , 1995, Comput. Secur..

[32]  James Backhouse,et al.  Understanding Information: An Introduction , 1990 .

[33]  Hazel Croall Understanding White Collar Crime , 2001 .

[34]  Gurpreet Dhillon,et al.  Computer crime at CEFORMA: a case study , 2004, Int. J. Inf. Manag..

[35]  James Backhouse,et al.  Computer fraud: its management and control , 1995 .

[36]  James Backhouse,et al.  Structures of responsibility and security of information systems , 1996 .

[37]  Rossouw von Solms,et al.  Information security awareness: educating your users effectively , 1998, Inf. Manag. Comput. Secur..

[38]  Stephen Hinde The law, cybercrime, risk assessment and cyber protection , 2003, Comput. Secur..

[39]  Evangelos A. Kiountouzis,et al.  Information systems security from a knowledge management perspective , 2005, Inf. Manag. Comput. Security.

[40]  G. Dhillon Information Security Management: Global Challenges in the New Millennium , 2000 .

[41]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[42]  B. Chakravarthy,et al.  The persistence of knowledge‐based advantage: an empirical test for product performance and technological knowledge , 2002 .

[43]  Rossouw von Solms,et al.  Formalizing information security requirements , 2001, Inf. Manag. Comput. Secur..

[44]  日本規格協会 情報セキュリティマネジメントシステム : 仕様及び利用の手引 : 英国規格 : BS7799-2:2002 = Information security management systems : specification with guidance for use : british standards : BS 7799-2:2002 , 2002 .

[45]  S. Goodman Community Safety Partnership , 2010 .

[46]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[47]  John M. Mulvey,et al.  Accountability and computer decision systems , 1995, CACM.

[48]  M. Polanyi Chapter 7 – The Tacit Dimension , 1997 .

[49]  Judith Rawnsley Going For Broke: Nick Leeson And The Collapse Of Barings Bank , 1995 .