Knowledge management: securing the future

Knowledge management: securing thefuture

Ebrahim Randeree

Abstract

Purpose – Increased focus on knowledge within firms has not addressed the security implication. Thispaper aims to examine the implications of knowledge management for security.

Design/methodology/approach – This approach highlights the competitive advantage of knowledgewith an emphasis on security. This paper reviews security for data and information and explores the

dimensions of secure knowledge systems. The emphasis is on knowledge security and the developmentof future knowledge management systems.

Findings – This paper finds that there exists a general lack of focus on security in the knowledgemanagement framework – both in a research setting and in practical applications. Knowledge isdifferent from information and data and needs special consideration in firms.

Research implications/limitations – Designers of knowledge management systems can implementlevels of security for different types of knowledge that reside within the organization. The concept of‘‘secure knowledge management’’ has provided nascent models to address the management and

protection of knowledge resources. Information systems researchers that are investigating knowledgehave to include the protection and security of knowledge.

Originality/value – Knowledge management has moved to the forefront of both the research andcorporate agendas. Harnessing the information and knowledge contained within firm data warehousesis one method to achieve competitive advantage. Various types of knowledge require different solutions.Designers of knowledge management systems can implement levels of security for different types ofknowledge that reside within the organization. Future developments need to address securing the

knowledge of a corporation, its most valuable asset.

Keywords Knowledge management, Data security, Knowledge mining

Paper type Research paper

Purpose

The concept of ‘‘secure knowledge management’’ is still in the embryonic stage as many

organizations wrestle with information overload. While data and information management

has been the focus of significant research in the information systems field, the focus on

knowledge is relatively new. Knowledge management is increasingly becoming an integral

business function for many organizations as they realize that competitiveness hinges on

effective management of intellectual resources (Grover and Davenport, 2001).

Information systems researchers are currently looking at knowledge creation, knowledge

acquisition and knowledge sharing, but have yet to focus their attention on protecting and

securing knowledge. Protection of knowledge has received little attention in the literature

(Liebeskind, 1996; Bloodgood and Salisbury, 2001). Asllani and Luthans (2003) surveyed

307 knowledge managers about their job roles and found little or no evidence of security

issues in their jobs; their primary role was focused on communication within the organization.

King et al. (2002) surveyed 2,073 knowledge management practitioners using a three-stage

Delphi study approach and found that security issues relating to knowledge ranked tenth

among the respondents.

DOI 10.1108/13673270610679435 VOL. 10 NO. 4 2006, pp. 145-156, Q Emerald Group Publishing Limited, ISSN 1367-3270 j JOURNAL OF KNOWLEDGE MANAGEMENT j PAGE 145

Ebrahim Randeree is based

at the School of

Management, State

University of New York at

Buffalo, Buffalo, New York,

USA.

If knowledge is determined to be the most important resource of the firm, then clearly the need

to secure that resource must be a primary responsibility. Much of the delay in addressing

secure knowledge management is the misconception that securing knowledge is similar to

securing data and information. If knowledge is power and a source of competitive advantage

(Salisbury, 2003), then there needs to be special attention given to securing knowledge and

knowledge repositories within the firm to protect the core assets of the organization.

Managing the data, information and knowledge within the organization as well as using it to

gain a competitive advantage in an organization has developed into the field of knowledge

management. Knowledge management essentially consists of processes and tools to

effectively capture and share data as well as use the knowledge of individuals within an

organization. The last decade has witnessed an explosion of information generated within

companies due to the increase use of technology. Harnessing the information and knowledge

contained within data warehouses is one method to achieve industry-leading performance

(Matusik and Hill, 1998). Firms that develop and leverage knowledge resources achieve

greater success than firms who are more dependent on tangible resources (Autio et al., 2000).

The following sections will begin with an overview of the development of knowledge and then

proceed to explain the emergence of the knowledge-based view. The essence of the

knowledge-based view must be understood to appreciate the value of knowledge to the firm.

The paper will then review security for data and information and look at why knowledge is

different. In trying to protect knowledge, the dimensions of knowledge must be understood.

The different types of knowledge require different secure solutions. Finally, the focus will turn to

critical issues for research in the area of secure knowledge management. The emphasis will

be on knowledge security and the development of knowledge management systems.

Approach

Knowledge characteristics and the knowledge-based view

The common description of data, information and knowledge is presented in a hierarchical

view. At a fundamental level, knowledge is information possessed by individuals within the

organization. Similarly knowledge becomes information once it is articulated and presented

in explicit form. Systems designed to support knowledge may not appear to be radically

different from other forms of information systems, but will be aimed towards enabling users

to assign meaning to information and to capture their knowledge (Alavi and Leidner, 2001).

The definitions of knowledge have been studied in many contexts and through many

generations and can be problematic in its definition and scope. Researchers have defined

knowledge as: what you know and how you know it, individual competencies and information

(Zander and Kogut, 1995), and a factor of production (Nonaka and Takeuchi, 1995). The

properties of knowledge include:

B context specificity – the extent to which knowledge is contextualized and dependent on

the environment (Nelson and Winter, 1982);

B dispersion – how widely held is the knowledge (Weick and Roberts, 1993);

B tacitness – the extent to which the knowledge is codifiable or not (Nonaka and Takeuchi,

1995);

B transferability – transfer between and within firms (Grant, 1996b);

B reception or absorption – ability to absorb knowledge (Cohen and Levinthal, 1990); and

‘‘ If knowledge is determined to be the most important resourceof the firm, then clearly the need to secure that resource mustbe a primary responsibility. ’’

PAGE 146 j JOURNAL OF KNOWLEDGE MANAGEMENTj VOL. 10 NO. 4 2006

B complexity – difficulty in comprehending (Dierickx and Cool, 1989; McEvily and

Chakravarthy, 2002).

As organizations adjust to the new economy, their focus on creating and sustaining

competitive advantages revolves around leveraging their strengths. Above-average returns

come from the unique value that firms offer to customers. Firms have shifted their focus from

operational efficiencies to developing and deploying core capabilities (Eisenhardt and

Martin, 2000; Eisenhardt and Santos, 2001). Core capabilities revolve around the bundle of

technical ‘‘know-how’’ and operational ‘‘know-what’’ (Smith and Hansen, 2002; Kogut and

Zander, 1992). The recognition of internal knowledge resources can assist firms in exploiting

these resources to create and sustain advantages. Barney (1991) defined the nature of the

resources needed for generating competitive advantage. Acquiring or developing

resources is critical to improving the firm’s ability to generate consistent firm performance;

the more intangible the resource, the harder it is for competitors to imitate. The focus on

knowledge stems from the fact that it has the inherent characteristics defined in the

resource-based view (Wernerfelt, 1984; Barney, 1986). Kogut and Zander studied the

various ways that knowledge affects organization structure and performance, and the

variation in firm performance (Kogut and Zander, 1992, 1993, 1995; Zander and Kogut,

1995). Other researchers also focused on knowledge as a crucial resource (Cohen and

Levinthal, 1990; Spender and Grant, 1996; Nonaka, 1994; Zander and Kogut, 1995).

The emerging ‘‘knowledge-based view of the firm’’ (KBV) emphasizes the role of knowledge

as the focal resource and the driver of sustainable advantage (Grant, 1996a), linking of

knowledge to tasks (Becerra-Fernandez and Sabherwal, 2001), linking knowledge to

competitive advantage (Nidumolu et al., 2001), and examining knowledge from an

organizational view, i.e. technology, structure, and culture (Gold et al., 2001). Research also

addresses how knowledge assets are developed in response to environmental change and

organizational processes and is shared (Teece, 1998; Teece et al., 1997; McEvily et al.,

2000; Nelson and Cooprider, 1996).

How is data and information security different from knowledge security

While the concept of data as raw facts is easily understood, the confusion surrounding

information and knowledge is pervasive. Analysts and users tend to confuse information

management with knowledge management. Information management revolves around the

processing of data though spreadsheets, databases, application programs, etc. Most of the

concepts revolve around explicit representations and codified objects. Knowledge

management on the other hand is more intangible and less codified: the focus is on

learning, intelligence, innovation, etc. Neither the technology nor the performance measures

generated by knowledge management systems are primary; the focus is on the issues larger

than the data and the information available. The security of that information is vital to the

survival of the organization.

Numerous software vendors have addressed data and information security concerns. The

plurality of options available to firms testifies to the expertise that protects information.

Minimal security for data and information includes: encryption, secure logon through

passwords, remote network access control, authentication mechanisms, and physical

protections. Data and information security revolve around issues of collection, improper

access, errors, and unauthorized secondary usage (Milberg et al., 2000; Smith et al., 1996;

Milberg et al., 1995; Stewart and Segars, 2002). A primary difference in security is the fluid

nature of knowledge. It is usually difficult to pre-determine the types of knowledge requests

and the levels of information required (Hahn and Subramani, 2000).

‘‘ Knowledge security should focus on current indicators ofknowledge as the basis for design. ’’

VOL. 10 NO. 4 2006 j JOURNAL OF KNOWLEDGE MANAGEMENTj PAGE 147

Issues

Issues surrounding secure knowledge management

The user is different and the structure of the knowledge management system has to be

flexible in order to be functional. The nascent stage of knowledge management systems

makes the definition of security difficult. Recent research has shown that effective

knowledge management requires a knowledge infrastructure (technology, culture, and

structure), and a knowledge process architecture (acquisition, conversion, application, and

protection) (Gold et al., 2001). For a firm to generate and preserve a competitive advantage,

it is vital that the knowledge be protected (Liebeskind, 1996; Helms et al., 2000).

Knowledge security should focus on current indicators of knowledge as a basis for design. A

firm’s indicator of knowledge advantage is its ability to control large amounts of knowledge

stock. Knowledge stock is an indication of tacit knowledge within the firm, but is an explicit

representation of knowledge. Stock is usually measured by R&D capabilities, patents, and

scientific citations attributable to the firm versus its competitors (Decarolis and Deeds,

1999). Patents and citations are reliable measures of R&D activities because they reflect the

output of R&D intensity and the capabilities developed within the firm (Mowery et al., 1996).

Similarly, firms that can codify and transfer knowledge stock are more successful than those

who do not. Codifying tacit knowledge allows for sharing and leveraging of these resources

within the firm. The fact that firms have exclusive access to the knowledge resources within

that firm gives it an advantage over competitors. As employees transform tacit knowledge to

explicit knowledge, the firm may no longer have a resource that is valuable, rare, inimitable,

and non-substitutable. Although the nature of tacit based knowledge is such that exact

duplication by another firm is difficult at best, codification and dissemination allows other

organizations to develop a substitute or to attempt to imitate. The absorptive capacity and

the learning capacity of the firm are critical to the exploitation of knowledge resources (Van

den Bosch et al., 1999; Cohen and Levinthal, 1990). The easiest knowledge to secure is that

which remains in the tacit form (Bloodgood and Salisbury, 2001).

Secure knowledge management activities include: limiting the number of employees who

have access to certain information, making sure no single employee has access to the

majority of information surrounding a new product, and maintaining a causal ambiguity around

a firm’s ability to successfully compete (Bloodgood and Salisbury, 2001). Limiting employees

with access provides a mechanism for firms to only give key personnel access to critical

knowledge. For example: line employees in a manufacturing setting should have access to

component knowledge and scheduling; administration should have access to cost and

employee skills; top management should have revenue forecasts and future enhancement

information. Limiting employee access can focus employees on the information they possess

making them more familiar with the content. It can also prevent information leakage to

competitors and may serve as a way to protect competitive advantage. Limiting employees

allows for implementation of detailed audit trails for management – finding out who reviewed

the knowledge and also facilitating greater access to employees who should be ‘‘in the loop.’’

A second security activity involves keeping all the information out of the hands of one

employee. This is done for competitive reasons. With increased mobility of employees

between firms, knowledge concentrated in one or a small group of individuals can be a threat

to the competitiveness of the firm. Employees can leave the firm taking the knowledge with

them – especially the tacit knowledge captured in the organization. Another concern with

concentrating knowledge in one individual occurs if that individual retires or is ill. This can

affect the operations of the firm. From a leverage standpoint, allowing a single employee

access to a large amount of knowledge can be a security risk. A third security concern

‘‘ The protection of knowledge may inhibit the transfer andsharing processes. ’’


involves causal ambiguity of a firm’s core skills. Maintaining causal ambiguity allows a firm to

mask its competencies from external threats. Causal ambiguity can form a foundation for firm

dominance (Simonin, 1999; Reed and Defillippi, 1990; Lippman and Rumelt, 1982). One

perspective suggests that causal ambiguity regarding competencies and performance is

necessary among internal and external managers for sustainable competitive advantage

because it severely limits imitation (King and Zeithaml, 2001).

The protection of knowledge may inhibit the transfer and sharing processes. The increased use

of virtual teams, outsourcing and alliances, require special considerations for the sharing of

knowledge. Information and data security considerations are not applicable for many reasons:

distributed, shared teamwork by multiple firms is not supported; the degree of collaboration or

coupling is higher; sharing is based on trust; and current measures focus on database and

data security (Damm and Schindler, 2002). Kesh provided a framework for analyzing

e-commerce security that provides a template for KM systems to emulate (Kesh et al., 2002).

The transfer of knowledge both within and between firms and the learning that a firm

undertakes is difficult to achieve. The ambiguity and tacitness of the knowledge make the

success of the transfer difficult. Securing knowledge should include planning for the

interactions between the variables that moderate the transfer mechanism. The interaction

between employees determines the extent of the relationship. The firm also plays a role in

creating an environment that fosters employee interaction, sharing, and learning. The

following macro-level dimensions (see Table I) should be explored in the development of

secure knowledge management systems.

Table I Dimensions for creating secure KM systems

Macro-level dimension Definition and previous research

Relationship capital Refers to the measure of the trust and partnerships that embodies theemployees within the firm. The close interaction at the personal levelbetween employees affects performance (Kale et al., 2000). Highrelationship capital will foster more knowledge transfer betweenemployees. Security should focus on building trust

Asset protections Refers to the measure of the extent to which the firm protects its coreknow-how or assets (Kale et al., 2000). While relationship capitalalleviates the need for asset protection, a firm that seeks to protect itsassets will show that it recognizes core knowledge resources

Knowledge environment Refers to the measure of the extent to which the firm creates anenvironment of learning. Fostering employee learning and creatingenvironments where the exchanges of ideas are shared helps toincrease the likelihood of knowledge transfer and externalization ofknowledge. Trust was found to an antecedent to sharing (Nelson andCooprider, 1996; Roberts, 2000)

Knowledge transfer Refers to the measure of the strength of the firm’s ability to transferknowledge into the firm from the employees. Knowledge transferdepends on how easily that knowledge can be transported, interpreted,and absorbed (Simonin, 1999). Mechanisms for security should notinhibit this process but should guard against unauthorized transfers

Ambiguity Refers to the item measure of the competency and transferability ofemployee knowledge (Simonin, 1999; Reed and Defillippi, 1990). Astrong barrier to imitation originates from the inability of competitors tocomprehend the competencies that are sources of competitiveadvantages. Expanding on Lippman and Rumelt’s (1982) concept ofcausal ambiguity

Tacitness Refers to the measure of the perceived view of the tacitness ofknowledge within the firm (Simonin, 1999). Defined as the implicit andnon-codifiable accumulation of skills that result from learning by doing


Issues for research in secure knowledge management

The firm exists as a repository of knowledge over time (Zander and Kogut, 1995). The

variables capture the degree to which a capability can be communicated and understood.

Drawing on the seminal work of Rogers, the dimensions of knowledge that constitute a firm’s

capabilities includes codifiability, teachability, and observability (Rogers, 1995). Knowledge

intensity and imitability can contribute to its causal nature and lead to competitive

advantages. Key dimensions or characteristics of knowledge can form the basis of future

research (see Table II). The characteristics defined in Table II form the future for research on

security issues. Initially, organizations must review the codified knowledge that currently

resides within the firm in manuals, databases, reports, publications, and other artifacts.

These codified entities must then be protected through security mechanisms. The

abundance of codified material is one of the biggest risks to organizations. For example,

companies tend to display their knowledge through websites that may be providing both

hackers and competitors with information that should be protected. Researchers should

focus on how firms create codified knowledge and the level of codification that is sufficient

for knowledge sharing, while still maintaining security. Sharing knowledge can be very easy

– protections need to be initiated to reflect what is being shared and with whom. In a long

term view, the firm should decide on how to prevent competitors from recruiting their

employees with knowledge of the firm’s processes, products, and competitive advantages.

Researchers can investigate the level of security placed on different employees similar to the

levels implemented at national intelligence organizations. The impacts on the firm of ‘‘skilled

and knowledgeable’’ employees leaving the firm should be quantified and addressed.

The prevalence of outsourcing and the use of reverse engineering can allow competitors to

extract knowledge from the organization. Product and service information should be

reviewed for potential knowledge outflows. Researchers in outsourcing should investigate

the role of knowledge outflows and the use of governance and contracts to protect

proprietary information from non-secure entities that exist beyond the scope of the

outsourcing agreement. The observability and imitability of the knowledge can lead to

Table II Basis for future research in KM systems

Characteristics Definition

Codifiability Refers to the extent to which knowledge of firm processes and operations areexplicitly documented. This knowledge may be substantive, e.g. in blueprints, orit may be procedural, e.g. in a recipe for carrying out a task (Kogut and Zander,1992, 1993; Zander and Kogut, 1995). Knowledge that is easily codifiable is nottacit

Teachability Refers to the ease by which know-how within the firm is shared with newemployees. To the extent that this know-how is easily taught, the transfer is morefeasible and can be expedited (Kogut and Zander, 1992, 1993; Zander andKogut, 1995). If the knowledge within the firm is easily shared, the tacit dimensionis low

Observability Refers to the extent to which capabilities of the firm can be ascertained throughreverse engineering or through published documentation (Kogut and Zander,1992, 1993; Zander and Kogut, 1995). Highly observable capabilities reduce theextent of tacit knowledge resources

Imitability Refers to the extent whereby outsiders could easily copy the firm’s coreprocesses/technologies (Autio et al., 2000). Initially suggested by Zander andKogut (1995), it assesses the time it takes outsiders to learn the technology byobservation or by learning it via normal operations

Intensity Refers to the measure of the knowledge intensity through reputation,input/output, and firm strategy. While these do not distinguish between tacitversus explicit knowledge, they are assessing overall knowledge intensity (Autioet al., 2000). Resources characterized by knowledge intensity are difficult toimitate and are associated with causal ambiguity (Reed and Defillippi, 1990)


security risks for the organization. Security protections should address the tacitness of the

knowledge and the security mechanisms that protect knowledge.

Issues for research in KMS design

Current definitions of knowledge management systems (KMS) are incomplete. They refer to

a class of information systems applied to manage organizational knowledge; they are

IT-based systems developed to support and enhance the organizational processes of

knowledge creation, storage/retrieval, transfer, and application (Alavi and Leidner, 1999).

The focus on security is missing. At a minimum, KMS should provide the same security as

data and information security systems. Knowledge is the analysis of data and information:

measures of protection for data and information will affect the accuracy of decisions based

on firm knowledge. Knowledge may be stolen: having knowledge captured and stored in

digital form allows for easier violations of security (Stewart et al., 2000).

Zhu and Iyer (2003) propose an architecture to combine different type of technologies for the

development of knowledge repository systems; these systems can provide connections

between knowledge and people and connections between people and people and is built

on the understanding that the knowledge management scenario where the system will be

used will be key to the selection of technologies. The proposed architecture contains three

processes: information representation, information processing, and information

presentation; there are no explicit provisions for securing the knowledge within the

repository.

Hahn and Subramani (2000) provided a framework (see Table III) to categorize the current

knowledge management support systems available. Researchers can adapt the framework

to prioritize exposure points for knowledge and then develop mechanisms and policies to

protect the knowledge (see Table IV). By addressing the type of knowledge and its form

within the organization, the development of knowledge protections can be tailored for

‘‘strategic fit’’.

Table III Framework for KM support

Locus of knowledgeArtifact Individual

Locus of a prioristructure

Structured Document repository Yellow page of experts

Data warehousing Expertise profiles and databasesUnstructured Collaborative filtering Electronic discussion

Intranets and search engines Forums

Source: Hahn and Subramani (2000)

Table IV Proposed framework for KM protection

Locus of knowledgeArtifact Individual

Locus of a priori structure Structured Secure logons Internal use onlyRestricted access Document interactions for repositoryData/information verificationSimilar to DBMS protections

Unstructured KMS tracking Create forum moderatorsTime stamps Corporate policiesSecurity levels


Inter-organizational vs intra-organizational security

Much of the discussion in this paper is focused on inter-organizational knowledge security.

The role of knowledge management and the security of knowledge is seen as challenging

when dealing with other firms and sharing information in collaborative projects. As interfirm

exchanges increase and supply chains reduce firm boundaries, the security issues of

knowledge management between firms will be critical to a firm’s survival. Firms can apply

the same policies/procedures used to secure knowledge between firms to the

departments/business units within firms. Looking at intra-firm issues, top management

must also device mechanisms to identify and prevent unauthorized use of firm knowledge.

For example: KMS can use resource-based access control (RBAC) with fields for internal or

external user. Security of knowledge management should be linked to others programs

within the firm as part of a broader control policy. While some firms impose no restrictions

whatsoever on who can access knowledge and information, others protect parts of their

knowledge restricting access to selected people and groups (Riege, 2005). It would seem

logical for a firm to erect strict controls for inter-organizational sharing where knowledge is

going beyond the firm’s boundaries than in cases of intra-organizational sharing where

knowledge flows are limited to employees.

Implications

Model for future research

In addressing the previous dimensions and concerns, the research into knowledge should

follow an approach that incorporates the three areas highlighted; the theory behind the

importance of knowledge, the characteristics of the knowledge, and the security issues of

knowledge management:

1. Theoretical development. Using the resource-based view as the starting point, the

knowledge-based view has received attention in various literature streams in both

strategic management and information systems. Further research into the constructs that

support the knowledge-based and the practical influence on the theory from industry

should be explored to understand the importance of knowledge in the new economy.

Development of a research stream on knowledge can supplement previous research on

technology acceptance and technology adoption. Integration of knowledge concepts

within strategic information systems and inter-organizational systems research will

strengthen existing models.

2. Knowledge characteristics. The dimensions of knowledge (Table II) need to be address

so that researchers can understand the implications for specific industries.

Understanding the dimensions of knowledge and the tacit nature of its collection can

affect the development of secure systems. Exploring the differences in current thinking on

data and information, and contrasting that with knowledge can present new approaches

to database design, systems development, and transfer mechanisms.

3. Security issues. The research should address the concerns raised in the paper (Tables I

and III). Designers of security systems will need to focus on how the knowledge is being

created, collected, and shared, and with whom. The macro-level issues should be

supported by a micro-level understanding of knowledge characteristics. The role of

knowledge in creating and sustaining competitive advantage needs to be explored from

both the theory development view and the practical applications within organizations.

‘‘ The abundance of codified material is one of the biggest risksto organizations. ’’


Recent attention to liability and terrorism has increased the importance of security

mechanisms that protect intellectual capital.

Using the security mechanisms presented in Table IV, designers of KMS can implement

levels of security for different types of knowledge that reside within the organization. The

concept of ‘‘secure knowledge management’’ has provided nascent models to address the

management and protection of knowledge resources. Information systems researchers

that are investigating knowledge creation, knowledge acquisition and knowledge sharing,

have to include the protection and security of knowledge. Future developments will need to

focus on data and applications security as well as in knowledge management.

Researchers need to explore the techniques developed for securing databases and

applications and apply them to securing the knowledge of a corporation, its most valuable

asset. Knowledge management systems will not appear radically different from existing IS,

but will be extended toward helping the user assimilate information (Alavi and Leidner,

1999). Secure knowledge management will include areas such as protecting the

intellectual assets, secure collaboration, secure multimedia data and applications, secure

semantic web as well as secure peer-to-peer computing. The nature of the knowledge

being protected will determine the type of secure system that is implemented.

Future challenges

Employees are demanding more information and knowledge to increase their effectiveness.

Capturing all the data, information and knowledge is half the battle – sharing the knowledge

without compromising security or competitiveness is challenging. The current literature has

examined how, why, when, and where to leverage knowledge assets; they have ignored the

question – how to secure knowledge assets (Desouza and Vanapalli, 2005). One of the

immediate challenges facing knowledge managers is finding the balance between open

knowledge sharing and enterprise intellectual capital management. Knowledge sharing is

as much of a people issue as it is technological (Riege, 2005); technology can act as both a

facilitator and a control mechanisms to protect knowledge. Knowledge sharing involves the

dissemination of information and knowledge throughout the business unit or organization.

Firms see benefits to sharing knowledge and establish motivational approaches and

communication mechanisms to share knowledge (Yang, 2004). Some of the sharing can be

control through access controls, passwords, group meetings, etc. Knowledge captured in

KMS has to include security protections and policies that govern access and usage

parameters. If managed effectively, sharing can occur within the right context and with the

right people. Sharing can occur within and between business functions, in formal and

informal approaches, and via tacit or explicit methods (Riege, 2005). With increasing threats

to firms, some have suggested a creation of a knowledge management system for IS

security management (Belsis et al., 2005). The security of knowledge has to be incorporated

into the company’s goals and strategic objectives. The culture of the firm needs to support

sharing while still including security protections.

References

Alavi, M. and Leidner, D.E. (1999), ‘‘Knowledge management systems: issues, challenges, and

benefits’’, Communication of the Association for Information Systems, Vol. 1 No. 7, pp. 1-37.

Alavi, M. and Leidner, D.E. (2001), ‘‘Review: knowledge management and knowledge management

systems: conceptual foundations and research issues’’, MIS Quarterly, Vol. 25 No. 1, pp. 107-36.

Asllani, A. and Luthans, F. (2003), ‘‘What knowledge managers really do: an empirical and comparative

analysis’’, Journal of Knowledge Management, Vol. 7 No. 3, pp. 53-66.

Autio, E., Sapienza, H.J. and Almeida, J.G. (2000), ‘‘Effects of age at entry, knowledge intensity, and

imitability on international growth’’, Academy of Management Journal, Vol. 43 No. 5, pp. 909-24.

Barney, J.B. (1986), ‘‘Strategic factor markets: expectations, luck, and business strategy’’, Management

Science, Vol. 32 No. 10, pp. 1231-41.

Barney, J.B. (1991), ‘‘Firm resources and sustained competitive advantage’’, Journal of Management,

Vol. 17 No. 1, pp. 99-120.


Becerra-Fernandez, I. and Sabherwal, R. (2001), ‘‘Organizational knowledge management: a

contingency perspective’’, Journal of Management Information Systems, Vol. 18 No. 1, pp. 23-55.

Belsis, P., Kokolakis, S. and Kiountouzis, E. (2005), ‘‘Information systems security from a knowledge

management perspective’’, Journal: Information Management and Computer Security, Vol. 13 No. 3,

pp. 189-202.

Bloodgood, J.M. and Salisbury, W.D. (2001), ‘‘Understanding the influence of organizational change

strategies on information technology and knowledge management strategies’’, Decision Support

Systems, Vol. 31 No. 1, pp. 55-69.

Cohen, W.M. and Levinthal, D.A. (1990), ‘‘Absorptive capacity: a new perspective on learning and

innovation’’, Administrative Science Quarterly, Vol. 35, pp. 128-52.

Damm, D. and Schindler, M. (2002), ‘‘Security issues of a knowledge medium for distributed project

work’’, International Journal of Project Management, Vol. 20 No. 1, pp. 37-47.

Decarolis, D.M. and Deeds, D.L. (1999), ‘‘The impact of stocks and flows of organizational knowledge on

firm performance: an empirical investigation of the biotechnology industry’’, Strategic Management

Journal, Vol. 20, pp. 953-68.

Desouza, K. and Vanapalli, G. (2005), ‘‘Securing knowledge in organizations: lessons from the

defense and intelligence sectors’’, International Journal of Information Management, Vol. 25 No. 1,

pp. 85-98.

Dierickx, I. and Cool, K. (1989), ‘‘Asset stock accumulation and sustainability of competitive

advantage’’, Management Science, Vol. 35 No. 12, pp. 1504-11.

Eisenhardt, K.M. and Martin, J.A. (2000), ‘‘Dynamic capabilities: what are they?’’, Strategic

Management Journal, Vol. 21, pp. 1105-21.

Eisenhardt, K.M. and Santos, F.M. (2001), ‘‘Knowledge-based view: a new theory of strategy’’, in

Pettigrew, A., Thomas, H. and Whittington, R. (Eds), Handbook of Strategy and Management, Sage

Publications, London.

Gold, A.H., Malhotra, A. and Segars, A.H. (2001), ‘‘Knowledge management: an organizational

capabilities perspective’’, Journal of Management Information Systems, Vol. 18 No. 1, pp. 185-214.

Grant, R.M. (1996a), ‘‘Toward a knowledge-based theory of the firm’’, Strategic Management Journal,

Vol. 17, pp. 109-22.

Grant, R.M. (1996b), ‘‘Prospering in dynamically-competitive environments: organizational capability as

knowledge integration’’, Organization Science, Vol. 7 No. 4, pp. 375-87.

Grover, V. and Davenport, T.H. (2001), ‘‘General perspectives on knowledge management: fostering a

research agenda’’, Journal of Management Information Systems, Vol. 18 No. 1, pp. 5-21.

Hahn, J. and Subramani, M. (2000), ‘‘A framework of knowledge management systems: issues and

challenges for theory and practice’’, International Conference on Information Systems, Brisbane,

Australia, pp. 302-12.

Helms, M.M., Ettkin, L.P. and Morris, D.J. (2000), ‘‘Shielding your company against information

compromise’’, Information Management and Computer Security, Vol. 8 No. 3, pp. 117-30.

Kale, P., Singh, H. and Perlmutter, H. (2000), ‘‘Learning and protection of proprietary assets in strategic

alliances: building relational capital’’, Strategic Management Journal, Vol. 21 No. 3, pp. 217-37.

Kesh, S., Ramanujan, S. and Nerur, S. (2002), ‘‘A framework for analyzing e-commerce security’’,

Information Management and Computer Security, Vol. 10 No. 4, pp. 149-58.

King, A.W. and Zeithaml, C.P. (2001), ‘‘Competencies and firm performance: examining the causal

ambiguity paradox’’, Strategic Management Journal, Vol. 22, pp. 75-99.

King, W.R., Marks, P.V. and McCoy, S. (2002), ‘‘The most important issues in knowledge management’’,

Communication of the ACM, Vol. 45 No. 9, pp. 93-7.

Kogut, B. and Zander, U. (1992), ‘‘Knowledge of the firm, combinative capabilities, and the replication of

technology’’, Organization Science, Vol. 3 No. 3, pp. 383-97.

Kogut, B. and Zander, U. (1993), ‘‘Knowledge of the firm and the evolutionary theory of the

multinational’’, Journal of International Business Studies, Vol. 24 No. 4, p. 625.


Kogut, B. and Zander, U. (1995), ‘‘Knowledge, market failure and the multinational enterprise: a reply’’,

Journal of International Business Studies, Vol. 26 No. 2, pp. 417-26.

Liebeskind, J.P. (1996), ‘‘Knowledge, strategy, and the theory of the firm’’, Strategic Management


Lippman, S.A. and Rumelt, R.P. (1982), ‘‘Uncertain imitability: an analysis of interfirm differences in

efficiency under competition’’, Bell Journal of Economics, Vol. 13 No. 2, pp. 418-38.

McEvily, S.K. and Chakravarthy, B. (2002), ‘‘The persistence of knowledge-based advantage: an

empirical test for product performance and technological knowledge’’, Strategic Management Journal,

Vol. 23, pp. 285-305.

McEvily, S.K., Das, S. and McCabe, K. (2000), ‘‘Avoiding competence substitution through knowledge

sharing’’, Academy of Management Review, Vol. 25 No. 2, pp. 294-311.

Matusik, S.F. and Hill, C.W.L. (1998), ‘‘The utilization of contingent work, knowledge creation, and

competitive advantage’’, Academy of Management Review, Vol. 23 No. 4, pp. 680-97.

Milberg, S.J., Smith, H.J. and Burke, S.J. (2000), ‘‘Information privacy: corporate management and

national regulation’’, Organization Science, Vol. 11 No. 1, pp. 35-57.

Milberg, S.J., Burke, S.J., Smith, H.J. and Kallman, E.A. (1995), ‘‘Values, personal information privacy,

and regulatory approaches’’, Communication of the ACM, Vol. 38 No. 12, pp. 65-74.

Mowery, D.C., Oxley, J.E. and Silverman, B.S. (1996), ‘‘Strategic alliances and interfirm knowledge

transfer’’, Strategic Management Journal, Vol. 17, pp. 77-91.

Nelson, K.M. and Cooprider, J.G. (1996), ‘‘The contribution of shared knowledge to IS group

performance’’, MIS Quarterly, Vol. 20 No. 4, pp. 409-32.

Nelson, R.R. and Winter, S.G. (1982), Evolutionary Theory of Economic Change, Belknap Press,

Cambridge, MA.

Nidumolu, S.R., Subramani, M. and Aldrich, A. (2001), ‘‘Situated learning and the situated knowledge

web: exploring the ground beneath knowledge management’’, Journal of Management Information

Systems, Vol. 18 No. 1, pp. 115-50.

Nonaka, I. (1994), ‘‘A dynamic theory of organizational knowledge creation’’, Organization Science,

Vol. 5 No. 1, pp. 14-37.

Nonaka, I. and Takeuchi, H. (1995), The Knowledge-creating Company: How Japanese Companies

Create the Dynamics of Innovation, Oxford University Press, New York, NY.

Reed, R. and Defillippi, R.J. (1990), ‘‘Casual ambiguity, barriers to imitation, and sustainable competitive

advantage’’, Academy of Management Review, Vol. 15 No. 1, pp. 88-102.

Riege, A. (2005), ‘‘Three-dozen knowledge-sharing barriers managers must consider’’, Journal of

Knowledge Management, Vol. 9 No. 3, pp. 18-35.

Roberts, J. (2000), ‘‘From know-how to show-how? Questioning the role of information and

communication technologies in knowledge transfer’ ’, Technology Analysis and Strategic

Management, Vol. 12 No. 4, pp. 429-43.

Rogers, E.M. (1995), The Diffusion of Innovations, Free Press, New York, NY.

Salisbury, M.W. (2003), ‘‘Putting theory into practice to build knowledge management systems’’, Journal

of Knowledge Management, Vol. 7 No. 2, pp. 128-41.

Simonin, B.L. (1999), ‘‘Ambiguity and the process of knowledge transfer in strategic alliances’’, Strategic

Management Journal, Vol. 20 No. 7, pp. 595-623.

Smith, H.J., Milberg, S.J. and Burke, S.J. (1996), ‘‘Information privacy: measuring individuals; concern

about organizational practices’’, MIS Quarterly, Vol. 20 No. 2, pp. 167-96.

Smith, M. and Hansen, F. (2002), ‘‘Managing intellectual property: a strategic point of view’’, Journal of

Intellectual Capital, Vol. 3 No. 4, pp. 366-74.

Spender, J.C. and Grant, R. (1996), ‘‘Knowledge and the firm: overview’’, Strategic Management



Stewart, K.A. and Segars, A.H. (2002), ‘‘An empirical examination of the concern of information privacy

instrument’’, Information Systems Research, Vol. 13 No. 1, pp. 36-49.

Stewart, K.A., Baskerville, R., Storey, V.C., Senn, J.A., Raven, A. and Long, C. (2000), ‘‘Confronting the

assumptions underlying the management of knowledge: an agenda for understanding and investigating

knowledge management’’, Database for Advances in Information Systems, Vol. 31 No. 4, pp. 41-53.

Teece, D.J. (1998), ‘‘Capturing value from knowledge assets: the new economy, markets for know-how,

and intangible assets’’, California Management Review, Vol. 40 No. 3, pp. 55-79.

Teece, D.J., Pisano, G. and Shuen, A. (1997), ‘‘Dynamic capabilities and strategic management’’,

Strategic Management Journal, Vol. 18 No. 7, pp. 509-33.

Van den Bosch, F.A.J., Volberda, H.W. and de Boer, M. (1999), ‘‘Coevolution of firm absorptive capacity

and knowledge environment: organizational forms and combinative capabilities’’, Organization Science,

Vol. 10 No. 5, pp. 551-68.

Weick, K.E. and Roberts, K.H. (1993), ‘‘Collective mind in organizations: heedful interrelating on flight

decks’’, Administrative Science Quarterly, Vol. 38 No. 3, pp. 357-81.

Wernerfelt, B. (1984), ‘‘A resource-based view of the firm’’, Strategic Management Journal, Vol. 5,

pp. 171-80.

Yang, J.-T. (2004), ‘‘Job-related knowledge sharing: comparative case studies’’, Journal of Knowledge

Management, Vol. 8 No. 3, pp. 118-26.

Zander, U. and Kogut, B. (1995), ‘‘Knowledge and the speed of the transfer and imitation of

organizational capabilities: an empirical test’’, Organization Science, Vol. 6, pp. 76-92.

Zhu, B. and Iyer, B. (2003), ‘‘The design for an effective knowledge repository system’’, paper presented

at the Minnesota Symposium on Knowledge Management, Minneapolis, MN.

Corresponding author

Ebrahim Randeree can be contacted at: [email protected]


To purchase reprints of this article please e-mail: [email protected]

Or visit our web site for further details: www.emeraldinsight.com/reprints

Documents

Knowledge management: securing the future