Understanding relationship between security culture and knowledge management

Abstract

Despite the widely recognized importance of information security as a vital asset in an organization, there has been lack of understanding of how organizations actually cultivate security culture amongst the employees in a particular environment. Based on previous researches, the vast majority of information security incidents are caused by human factor, and not by flawed technology. Knowledge has been highlighted as one important parameter of the human factor in information security. Previous literature has suggested the Knowledge Management (KM) approach as one of the approaches to implement information security management. However, the knowledge dimension of information security management in the healthcare industry has been neglected. The goal of this paper is to investigate the relationship between security culture and KM. Thus, a conceptual model has been proposed to describe the relationship. The findings suggest that security culture may have a positive relationship with knowledge creation, knowledge sharing, and knowledge use through security behaviour. The proposed conceptual model will be further evaluated with selected healthcare organizations in Malaysia.