KM & cybersecurity issues #question #cybersecurity
|
Matt Moore <innotecture@...>
Hi, I'm working on an article on the impact of cybersecurity for information professionals so I'd like to reach out to the different KM communities and pose the question: How are digital security issues impacting the work that you do? What do you see as being the biggest risks to the work that you do? Is it external actors? Disgruntled employees? Or the security teams themselves? Regards, Matt |
|
|
|
John Hovell <jhovell@...>
Happy to connect you to our KM leads, and/or other professionals, in our "Applied Intelligence" line of business, if that helps? Applied Intelligence is BAE Systems' cybersecurity business... Thanks, John BAE Systems On 2 Apr 2015, at 09:32, Matt Moore innotecture@... [sikmleaders] <sikmleaders@...> wrote:
|
|
|
|
Murray Jennex
I published a special issue in the International Journal of Knowledge
Management on KM and security. I've attached my article, I've basically
summarized the literature dealing with KM and security and looked at how we have
tied security into KM via our job postings. We also did a survey on
security issues. I'm additionally attaching a second article I did (both
in the last year) that looked at the issue of intellectual property protection
in the cloud, turns out that in the US this is a big issue.
Thanks...murray
Murray E. Jennex, Ph.D., P.E., CISSP, CSSLP, PMP
Professor MIS, San Diego State University
Editor in chief International Journal of Knowledge Management
Co-editor in chief International Journal of Information Systems for Crisis
Response and Management
In a message dated 4/2/2015 1:32:32 A.M. Pacific Daylight Time,
sikmleaders@... writes:
|
|
|
|
Matt Moore <innotecture@...>
Murray, Many thanks - good stuff - esp. the IJKM article (definitely going to reference that). Have you had much feedback to that article? Do you intend to take it further? Regards, Matt On Thursday, 2 April 2015, 19:46, "murphjen@... [sikmleaders]" wrote: I published a special issue in the International Journal of Knowledge
Management on KM and security. I've attached my article, I've basically
summarized the literature dealing with KM and security and looked at how we have
tied security into KM via our job postings. We also did a survey on
security issues. I'm additionally attaching a second article I did (both
in the last year) that looked at the issue of intellectual property protection
in the cloud, turns out that in the US this is a big issue.
Thanks...murray
Murray E. Jennex, Ph.D., P.E., CISSP, CSSLP, PMP
Professor MIS, San Diego State University
Editor in chief International Journal of Knowledge Management
Co-editor in chief International Journal of Information Systems for Crisis
Response and Management
In a message dated 4/2/2015 1:32:32 A.M. Pacific Daylight Time,
sikmleaders@... writes:
|
|
|
|
Murray Jennex
Actually Matt, Alexandra Durcikova and I have a minitrack at HICSS (Hawaii
International Conference on Systems Sciences) that focuses on KM and security,
I'll be posting a call for papers soon and will include this list server in the
call. We are also going to be expanding on the article, in particular the
survey and looking at how KM governance can incorporate security.
Interesting enough I don't get a lot of response from the KM community on
security. I figure its just a matter of time before this becomes an issue
with us, the response I do get is from the government KM people (defense in
particular) so they are seeing problems now and it will hit the rest of us
soon.
So to answer your questions, yes, I am planning on taking this further and
no, not a lot of response.
Keep me posted on what you are working on! Thanks...murray
In a message dated 4/2/2015 2:32:21 A.M. Pacific Daylight Time,
sikmleaders@... writes:
|
|
|
|
Albert Simard
In my experience, cyber security is both essential and problematic. Sensitive internal content must be protected whereas knowledge workers must be able to connect with their external professional colleagues. This contradiction poses a dilemma that cannot be resolved in an absolute sense. The only absolutely secure network is one with an air gap between it and the outside world which certainly precludes external collaboration. Conversely, experience demonstrates that an isolated network becomes disassociated from and falls behind external events and progress. For the public sector, this results in reduced service to citizens whereas for the private sector, it eventually results in business failure.
When a security breech occurs, the automatic, knee jerk reaction is to cut off all contact with the outside world. The security goal is to protect the network at any cost. If that means stopping work, so be it. However, professionals, still have deadlines to meet and need to get their work done. So, they work and connect from home or even cyber cafes and bring content back and forth on memory sticks. I once asked a security guru which work process posed the greater security risk – passing content through sophisticated agency filters that bits can barely squeeze through or working from home and carrying content back and forth. He simply rolled his eyes!
One solution is to have two separate networks – one only connected externally and another only connected internally. However, this requires a reasonable and secure process for transferring content from one network to the other. People will gravitate to the external network for general work because it will inevitably be more flexible, faster, and have better applications. A lot of convenient productivity applications cannot meet stringent security requirements. A process that strips all active code from content before it is transferred works well for this purpose.
Neither total isolation nor total openness are appropriate in a complex and rapidly changing world. The challenge is to balance risks and security requirements. Anyone will accept reasonable and balanced security inconveniences. Problems occur when security requirements significantly exceed the perceived risk. It is essential to understand that the key perception is in the mind of knowledge workers – not the IT security professionals.
|
|
|
|
Matt Moore <innotecture@...>
Hi,
toggle quoted message
Show quoted text
Some interesting responses Murray Jennex, Al Simard and others (many thanks to you). In (very brief) summary: - KM/IM people aren't especially focused on security (unless they have a gatekeeper role). - Security teams do not necessarily think thru the broad implications of their activities in terms of user behaviour and business impact. I'm finishing up the article now and will distribute when it's published later this year. In the interim, any further comments much appreciated. Regards, Matt On Thursday, 2 April 2015, 19:32, Matt Moore <innotecture@...> wrote:
Hi, I'm working on an article on the impact of cybersecurity for information professionals so I'd like to reach out to the different KM communities and pose the question: How are digital security issues impacting the work that you do? What do you see as being the biggest risks to the work that you do? Is it external actors? Disgruntled employees? Or the security teams themselves? Regards, Matt |
|
|