Strategies to Mitigate Knowledge Leakage Risk caused by the use of mobile devices: A Preliminary Study

Information and knowledge leakage has become a significant security risk to organizations. Each security incident in business costs an average US$2.8 million. Furthermore, organizations spend on average US$1.2 million investigating and assessing information breaches. The leakage of sensitive organizational knowledge occurs through different avenues, such as social media, cloud computing and mobile devices. In this study, we (1) analyze the knowledge leakage risk (KLR) caused by the use of mobile devices in knowledge-intensive organizations, (2) present a conceptual research model to explain the determinants that influence KLR through the use of mobile devices grounded in the literature, (3) conduct interviews with security and knowledge managers to understand what strategies they use to mitigate KLR caused by the use of mobile devices and (4) present preliminary findings drawing on the conceptual model and the interviews.

[1]  Werner Retschitzegger,et al.  Context-awareness on mobile devices - the hydrogen approach , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[2]  Shanton Chang,et al.  Information Leakage through Online Social Networking: Opening the Doorway for Advanced Persistence Threats , 2010, AISM 2010.

[3]  Rachelle Bosua,et al.  Guarding Against the Erosion of Competitive Advantage: A Knowledge Leakage Mitigation Model , 2015, ICIS.

[4]  Fenio Annansingh,et al.  Exploring the Risks of Knowledge Leakage: An Information Systems Case Study Approach , 2012 .

[5]  I. Nonaka,et al.  The Knowledge Creating Company , 2008 .

[6]  Nurul Nuha,et al.  Disclosure of Organizational Information by Employees on Facebook: Looking at the Potential for Information Security Risks , 2011 .

[7]  R. Grant,et al.  Knowledge and the firm: Overview , 1996 .

[8]  Roksana Boreli,et al.  Information leakage through mobile analytics services , 2014, HotMobile.

[9]  Lars Mathiassen,et al.  Using Computers in Qualitative Research , 1991 .

[10]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[11]  Rachelle Bosua,et al.  Mitigating Knowledge Leakage Risk in Organizations through Mobile Devices: A Contextual Approach , 2016, ACIS.

[12]  Rachelle Bosua,et al.  Protecting organizational competitive advantage: A knowledge leakage perspective , 2014, Comput. Secur..

[13]  Shengxiao Li,et al.  Knowledge search and open innovation performance in an emerging market , 2017 .

[14]  I. Ajzen The theory of planned behavior , 1991 .

[15]  Dorothy E. Leidner,et al.  Review: Knowledge Management and Knowledge Management Systems: Conceptual Foundations and Research Issues , 2001, MIS Q..

[16]  Lior Rokach,et al.  A Survey of Data Leakage Detection and Prevention Solutions , 2012, SpringerBriefs in Computer Science.

[17]  David G. Schwartz Aristotelian View of Knowledge Management , 2006 .

[18]  Carsten Sørensen,et al.  Exploring enterprise mobility: Lessons from the field , 2008, Inf. Knowl. Syst. Manag..

[19]  Kenneth L. Kraemer,et al.  Review: Information Technology and Organizational Performance: An Integrative Model of IT Business Value , 2004, MIS Q..

[20]  Robert D. Smith,et al.  Managing organizational knowledge as a strategic asset , 2001, J. Knowl. Manag..

[21]  Andrew Grantham,et al.  Understanding one aspect of the knowledge leakage concept: people , 2006 .

[22]  Nima Zahadat,et al.  BYOD security engineering: A framework and its analysis , 2015, Comput. Secur..

[23]  Gurpreet Dhillon,et al.  Principles of information systems security - text and cases , 2006 .

[24]  Sean B. Maynard,et al.  Teaching information security management: reflections and experiences , 2014, Inf. Manag. Comput. Secur..

[25]  Frédéric Hubert,et al.  Context-based mobile GeoBI: enhancing business analysis with contextual metrics/statistics and context-based reasoning , 2013, GeoInformatica.

[26]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[27]  R. Grant Toward a Knowledge-Based Theory of the Firm,” Strategic Management Journal (17), pp. , 1996 .

[28]  M. Boisot,et al.  Data, information and knowledge: have we got it right? , 2004 .

[29]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[30]  M. Stankosky,et al.  MANAGING KNOWLEDGE ASSETS FOR COMPETITIVENESS IN THE KNOWLEDGE ERA , 2010 .

[31]  Bill N. Schilit,et al.  Context-aware computing applications , 1994, Workshop on Mobile Computing Systems and Applications.

[32]  Bill Morrow,et al.  BYOD security challenges: control and protect your most sensitive data , 2012, Netw. Secur..

[33]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[34]  Shanton Chang,et al.  Exploring The Use Of Online Social Networking By Employees: Looking At The Potential For Information Leakage , 2011, PACIS.

[35]  Balachander Krishnamurthy,et al.  On the leakage of personally identifiable information via online social networks , 2010, Comput. Commun. Rev..

[36]  H. F,et al.  Towards Context-awareness Mobile Geospatial Bi (geobi) Applications , 2022 .

[37]  M. Thompson,et al.  Placing Knowledge Management in Context , 2004 .

[38]  Atif Ahmad,et al.  Understanding the Factors of Information Leakage through Online Social Networking to Safeguard Organizational Information , 2010 .

[39]  Key Pousttchi,et al.  Mobile Technology for Knowledge Management , 2011, Encyclopedia of Knowledge Management.

[40]  F. Blackler Knowledge, Knowledge Work and Organizations: An Overview and Interpretation , 1995 .

[41]  Eric Tsui,et al.  AHP-Driven Knowledge Leakage Risk Assessment Model: A Construct-Apply-Control Cycle Approach , 2016, Int. J. Knowl. Syst. Sci..

[42]  Shashikant Rai,et al.  BRING YOUR OWN DEVICE (BYOD): SECURITY RISKS AND MITIGATING STRATEGIES , 2013 .

[43]  Rachelle Bosua,et al.  Understanding Knowledge Leakage & BYOD (Bring Your Own Device): A Mobile Worker Perspective , 2016, ArXiv.

[44]  Shelley L. MacDougall,et al.  Identifying tangible costs, benefits and risks of an investment in intellectual capital , 2005 .

[45]  Pankaj C. Patel,et al.  The dark side of knowledge transfer: Exploring knowledge leakage in joint R&D projects , 2015 .

[46]  Lei-da Chen,et al.  A socio-technical perspective of mobile work , 2008, Inf. Knowl. Syst. Manag..

[47]  Ikujiro Nonaka,et al.  The knowledge-creating theory revisited: knowledge creation as a synthesizing process , 2003 .

[48]  I. Nonaka,et al.  The Concept of “Ba”: Building a Foundation for Knowledge Creation , 1998 .

[49]  Carmen Mezura-Godoy,et al.  Context-Aware Mobile Collaborative Systems: Conceptual Modeling and Case Study , 2012, Sensors.

[50]  Xu Jiang,et al.  Partner trustworthiness, knowledge flow in strategic alliances, and firm competitiveness: A contingency perspective , 2016 .

[51]  Magnus Nilsson,et al.  Firm performance in the periphery: on the relation between firm-internal knowledge and local knowledge spillovers , 2017 .

[52]  Susanne Durst,et al.  Understanding knowledge leakage: a review of previous studies , 2015 .

[53]  Mark D. Dunlop,et al.  Toward a Multidisciplinary Model of Context to Support Context-Aware Computing , 2005, Hum. Comput. Interact..

[54]  Kim Hua Information and Knowledge Leakage in Supply Chain , 2016 .

[55]  S. Furnell,et al.  Understanding the influences on information security behaviour , 2012 .

[56]  Eric Tsui,et al.  Journal of Knowledge Management Knowledge retention and aging workforce in the oil and gas industry : a multi perspective study , 2017 .

[57]  Jaideep Motwani,et al.  How Can Knowledge Leakage be Stopped: A Socio-Technical System Design Approach to Risk Management , 2017, Int. J. Sociotechnology Knowl. Dev..

[58]  D. Leonard-Barton CORE CAPABILITIES AND CORE RIGIDITIES: A PARADOX IN MANAGING NEW PRODUCT DEVELOPMENT , 1992 .

[59]  A. Bandura Self-efficacy: toward a unifying theory of behavioral change. , 1977, Psychology Review.

[60]  Fenio Annansingh,et al.  Knowledge management issues in knowledge-intensive SMEs , 2006, J. Documentation.

[61]  Xu Jiang,et al.  Managing knowledge leakage in strategic alliances: The effects of trust and formal contracts , 2013 .

[62]  Antonio F. Gómez-Skarmeta,et al.  Information and Hybrid Architecture Model of the OCP Contextual Information Management System , 2006, J. Univers. Comput. Sci..

[63]  Thomas H. Davenport,et al.  Book review:Working knowledge: How organizations manage what they know. Thomas H. Davenport and Laurence Prusak. Harvard Business School Press, 1998. $29.95US. ISBN 0‐87584‐655‐6 , 1998 .

[64]  Anders Kofod-Petersen,et al.  Using Activity Theory to Model Context Awareness , 2005, MRC.

[65]  Yong Wook Lee,et al.  Innovation Strategies Against Knowledge Leakage: Externality Effects of Non-competes Enforcement , 2017 .