Upload
ebrahim
View
214
Download
0
Embed Size (px)
Citation preview
Knowledge management: securing thefuture
Ebrahim Randeree
Abstract
Purpose – Increased focus on knowledge within firms has not addressed the security implication. Thispaper aims to examine the implications of knowledge management for security.
Design/methodology/approach – This approach highlights the competitive advantage of knowledgewith an emphasis on security. This paper reviews security for data and information and explores the
dimensions of secure knowledge systems. The emphasis is on knowledge security and the developmentof future knowledge management systems.
Findings – This paper finds that there exists a general lack of focus on security in the knowledgemanagement framework – both in a research setting and in practical applications. Knowledge isdifferent from information and data and needs special consideration in firms.
Research implications/limitations – Designers of knowledge management systems can implementlevels of security for different types of knowledge that reside within the organization. The concept of‘‘secure knowledge management’’ has provided nascent models to address the management and
protection of knowledge resources. Information systems researchers that are investigating knowledgehave to include the protection and security of knowledge.
Originality/value – Knowledge management has moved to the forefront of both the research andcorporate agendas. Harnessing the information and knowledge contained within firm data warehousesis one method to achieve competitive advantage. Various types of knowledge require different solutions.Designers of knowledge management systems can implement levels of security for different types ofknowledge that reside within the organization. Future developments need to address securing the
knowledge of a corporation, its most valuable asset.
Keywords Knowledge management, Data security, Knowledge mining
Paper type Research paper
Purpose
The concept of ‘‘secure knowledge management’’ is still in the embryonic stage as many
organizations wrestle with information overload. While data and information management
has been the focus of significant research in the information systems field, the focus on
knowledge is relatively new. Knowledge management is increasingly becoming an integral
business function for many organizations as they realize that competitiveness hinges on
effective management of intellectual resources (Grover and Davenport, 2001).
Information systems researchers are currently looking at knowledge creation, knowledge
acquisition and knowledge sharing, but have yet to focus their attention on protecting and
securing knowledge. Protection of knowledge has received little attention in the literature
(Liebeskind, 1996; Bloodgood and Salisbury, 2001). Asllani and Luthans (2003) surveyed
307 knowledge managers about their job roles and found little or no evidence of security
issues in their jobs; their primary role was focused on communication within the organization.
King et al. (2002) surveyed 2,073 knowledge management practitioners using a three-stage
Delphi study approach and found that security issues relating to knowledge ranked tenth
among the respondents.
DOI 10.1108/13673270610679435 VOL. 10 NO. 4 2006, pp. 145-156, Q Emerald Group Publishing Limited, ISSN 1367-3270 j JOURNAL OF KNOWLEDGE MANAGEMENT j PAGE 145
Ebrahim Randeree is based
at the School of
Management, State
University of New York at
Buffalo, Buffalo, New York,
USA.
If knowledge is determined to be the most important resource of the firm, then clearly the need
to secure that resource must be a primary responsibility. Much of the delay in addressing
secure knowledge management is the misconception that securing knowledge is similar to
securing data and information. If knowledge is power and a source of competitive advantage
(Salisbury, 2003), then there needs to be special attention given to securing knowledge and
knowledge repositories within the firm to protect the core assets of the organization.
Managing the data, information and knowledge within the organization as well as using it to
gain a competitive advantage in an organization has developed into the field of knowledge
management. Knowledge management essentially consists of processes and tools to
effectively capture and share data as well as use the knowledge of individuals within an
organization. The last decade has witnessed an explosion of information generated within
companies due to the increase use of technology. Harnessing the information and knowledge
contained within data warehouses is one method to achieve industry-leading performance
(Matusik and Hill, 1998). Firms that develop and leverage knowledge resources achieve
greater success than firms who are more dependent on tangible resources (Autio et al., 2000).
The following sections will begin with an overview of the development of knowledge and then
proceed to explain the emergence of the knowledge-based view. The essence of the
knowledge-based view must be understood to appreciate the value of knowledge to the firm.
The paper will then review security for data and information and look at why knowledge is
different. In trying to protect knowledge, the dimensions of knowledge must be understood.
The different types of knowledge require different secure solutions. Finally, the focus will turn to
critical issues for research in the area of secure knowledge management. The emphasis will
be on knowledge security and the development of knowledge management systems.
Approach
Knowledge characteristics and the knowledge-based view
The common description of data, information and knowledge is presented in a hierarchical
view. At a fundamental level, knowledge is information possessed by individuals within the
organization. Similarly knowledge becomes information once it is articulated and presented
in explicit form. Systems designed to support knowledge may not appear to be radically
different from other forms of information systems, but will be aimed towards enabling users
to assign meaning to information and to capture their knowledge (Alavi and Leidner, 2001).
The definitions of knowledge have been studied in many contexts and through many
generations and can be problematic in its definition and scope. Researchers have defined
knowledge as: what you know and how you know it, individual competencies and information
(Zander and Kogut, 1995), and a factor of production (Nonaka and Takeuchi, 1995). The
properties of knowledge include:
B context specificity – the extent to which knowledge is contextualized and dependent on
the environment (Nelson and Winter, 1982);
B dispersion – how widely held is the knowledge (Weick and Roberts, 1993);
B tacitness – the extent to which the knowledge is codifiable or not (Nonaka and Takeuchi,
1995);
B transferability – transfer between and within firms (Grant, 1996b);
B reception or absorption – ability to absorb knowledge (Cohen and Levinthal, 1990); and
‘‘ If knowledge is determined to be the most important resourceof the firm, then clearly the need to secure that resource mustbe a primary responsibility. ’’
PAGE 146 j JOURNAL OF KNOWLEDGE MANAGEMENTj VOL. 10 NO. 4 2006
B complexity – difficulty in comprehending (Dierickx and Cool, 1989; McEvily and
Chakravarthy, 2002).
As organizations adjust to the new economy, their focus on creating and sustaining
competitive advantages revolves around leveraging their strengths. Above-average returns
come from the unique value that firms offer to customers. Firms have shifted their focus from
operational efficiencies to developing and deploying core capabilities (Eisenhardt and
Martin, 2000; Eisenhardt and Santos, 2001). Core capabilities revolve around the bundle of
technical ‘‘know-how’’ and operational ‘‘know-what’’ (Smith and Hansen, 2002; Kogut and
Zander, 1992). The recognition of internal knowledge resources can assist firms in exploiting
these resources to create and sustain advantages. Barney (1991) defined the nature of the
resources needed for generating competitive advantage. Acquiring or developing
resources is critical to improving the firm’s ability to generate consistent firm performance;
the more intangible the resource, the harder it is for competitors to imitate. The focus on
knowledge stems from the fact that it has the inherent characteristics defined in the
resource-based view (Wernerfelt, 1984; Barney, 1986). Kogut and Zander studied the
various ways that knowledge affects organization structure and performance, and the
variation in firm performance (Kogut and Zander, 1992, 1993, 1995; Zander and Kogut,
1995). Other researchers also focused on knowledge as a crucial resource (Cohen and
Levinthal, 1990; Spender and Grant, 1996; Nonaka, 1994; Zander and Kogut, 1995).
The emerging ‘‘knowledge-based view of the firm’’ (KBV) emphasizes the role of knowledge
as the focal resource and the driver of sustainable advantage (Grant, 1996a), linking of
knowledge to tasks (Becerra-Fernandez and Sabherwal, 2001), linking knowledge to
competitive advantage (Nidumolu et al., 2001), and examining knowledge from an
organizational view, i.e. technology, structure, and culture (Gold et al., 2001). Research also
addresses how knowledge assets are developed in response to environmental change and
organizational processes and is shared (Teece, 1998; Teece et al., 1997; McEvily et al.,
2000; Nelson and Cooprider, 1996).
How is data and information security different from knowledge security
While the concept of data as raw facts is easily understood, the confusion surrounding
information and knowledge is pervasive. Analysts and users tend to confuse information
management with knowledge management. Information management revolves around the
processing of data though spreadsheets, databases, application programs, etc. Most of the
concepts revolve around explicit representations and codified objects. Knowledge
management on the other hand is more intangible and less codified: the focus is on
learning, intelligence, innovation, etc. Neither the technology nor the performance measures
generated by knowledge management systems are primary; the focus is on the issues larger
than the data and the information available. The security of that information is vital to the
survival of the organization.
Numerous software vendors have addressed data and information security concerns. The
plurality of options available to firms testifies to the expertise that protects information.
Minimal security for data and information includes: encryption, secure logon through
passwords, remote network access control, authentication mechanisms, and physical
protections. Data and information security revolve around issues of collection, improper
access, errors, and unauthorized secondary usage (Milberg et al., 2000; Smith et al., 1996;
Milberg et al., 1995; Stewart and Segars, 2002). A primary difference in security is the fluid
nature of knowledge. It is usually difficult to pre-determine the types of knowledge requests
and the levels of information required (Hahn and Subramani, 2000).
‘‘ Knowledge security should focus on current indicators ofknowledge as the basis for design. ’’
VOL. 10 NO. 4 2006 j JOURNAL OF KNOWLEDGE MANAGEMENTj PAGE 147
Issues
Issues surrounding secure knowledge management
The user is different and the structure of the knowledge management system has to be
flexible in order to be functional. The nascent stage of knowledge management systems
makes the definition of security difficult. Recent research has shown that effective
knowledge management requires a knowledge infrastructure (technology, culture, and
structure), and a knowledge process architecture (acquisition, conversion, application, and
protection) (Gold et al., 2001). For a firm to generate and preserve a competitive advantage,
it is vital that the knowledge be protected (Liebeskind, 1996; Helms et al., 2000).
Knowledge security should focus on current indicators of knowledge as a basis for design. A
firm’s indicator of knowledge advantage is its ability to control large amounts of knowledge
stock. Knowledge stock is an indication of tacit knowledge within the firm, but is an explicit
representation of knowledge. Stock is usually measured by R&D capabilities, patents, and
scientific citations attributable to the firm versus its competitors (Decarolis and Deeds,
1999). Patents and citations are reliable measures of R&D activities because they reflect the
output of R&D intensity and the capabilities developed within the firm (Mowery et al., 1996).
Similarly, firms that can codify and transfer knowledge stock are more successful than those
who do not. Codifying tacit knowledge allows for sharing and leveraging of these resources
within the firm. The fact that firms have exclusive access to the knowledge resources within
that firm gives it an advantage over competitors. As employees transform tacit knowledge to
explicit knowledge, the firm may no longer have a resource that is valuable, rare, inimitable,
and non-substitutable. Although the nature of tacit based knowledge is such that exact
duplication by another firm is difficult at best, codification and dissemination allows other
organizations to develop a substitute or to attempt to imitate. The absorptive capacity and
the learning capacity of the firm are critical to the exploitation of knowledge resources (Van
den Bosch et al., 1999; Cohen and Levinthal, 1990). The easiest knowledge to secure is that
which remains in the tacit form (Bloodgood and Salisbury, 2001).
Secure knowledge management activities include: limiting the number of employees who
have access to certain information, making sure no single employee has access to the
majority of information surrounding a new product, and maintaining a causal ambiguity around
a firm’s ability to successfully compete (Bloodgood and Salisbury, 2001). Limiting employees
with access provides a mechanism for firms to only give key personnel access to critical
knowledge. For example: line employees in a manufacturing setting should have access to
component knowledge and scheduling; administration should have access to cost and
employee skills; top management should have revenue forecasts and future enhancement
information. Limiting employee access can focus employees on the information they possess
making them more familiar with the content. It can also prevent information leakage to
competitors and may serve as a way to protect competitive advantage. Limiting employees
allows for implementation of detailed audit trails for management – finding out who reviewed
the knowledge and also facilitating greater access to employees who should be ‘‘in the loop.’’
A second security activity involves keeping all the information out of the hands of one
employee. This is done for competitive reasons. With increased mobility of employees
between firms, knowledge concentrated in one or a small group of individuals can be a threat
to the competitiveness of the firm. Employees can leave the firm taking the knowledge with
them – especially the tacit knowledge captured in the organization. Another concern with
concentrating knowledge in one individual occurs if that individual retires or is ill. This can
affect the operations of the firm. From a leverage standpoint, allowing a single employee
access to a large amount of knowledge can be a security risk. A third security concern
‘‘ The protection of knowledge may inhibit the transfer andsharing processes. ’’
PAGE 148 j JOURNAL OF KNOWLEDGE MANAGEMENTj VOL. 10 NO. 4 2006
involves causal ambiguity of a firm’s core skills. Maintaining causal ambiguity allows a firm to
mask its competencies from external threats. Causal ambiguity can form a foundation for firm
dominance (Simonin, 1999; Reed and Defillippi, 1990; Lippman and Rumelt, 1982). One
perspective suggests that causal ambiguity regarding competencies and performance is
necessary among internal and external managers for sustainable competitive advantage
because it severely limits imitation (King and Zeithaml, 2001).
The protection of knowledge may inhibit the transfer and sharing processes. The increased use
of virtual teams, outsourcing and alliances, require special considerations for the sharing of
knowledge. Information and data security considerations are not applicable for many reasons:
distributed, shared teamwork by multiple firms is not supported; the degree of collaboration or
coupling is higher; sharing is based on trust; and current measures focus on database and
data security (Damm and Schindler, 2002). Kesh provided a framework for analyzing
e-commerce security that provides a template for KM systems to emulate (Kesh et al., 2002).
The transfer of knowledge both within and between firms and the learning that a firm
undertakes is difficult to achieve. The ambiguity and tacitness of the knowledge make the
success of the transfer difficult. Securing knowledge should include planning for the
interactions between the variables that moderate the transfer mechanism. The interaction
between employees determines the extent of the relationship. The firm also plays a role in
creating an environment that fosters employee interaction, sharing, and learning. The
following macro-level dimensions (see Table I) should be explored in the development of
secure knowledge management systems.
Table I Dimensions for creating secure KM systems
Macro-level dimension Definition and previous research
Relationship capital Refers to the measure of the trust and partnerships that embodies theemployees within the firm. The close interaction at the personal levelbetween employees affects performance (Kale et al., 2000). Highrelationship capital will foster more knowledge transfer betweenemployees. Security should focus on building trust
Asset protections Refers to the measure of the extent to which the firm protects its coreknow-how or assets (Kale et al., 2000). While relationship capitalalleviates the need for asset protection, a firm that seeks to protect itsassets will show that it recognizes core knowledge resources
Knowledge environment Refers to the measure of the extent to which the firm creates anenvironment of learning. Fostering employee learning and creatingenvironments where the exchanges of ideas are shared helps toincrease the likelihood of knowledge transfer and externalization ofknowledge. Trust was found to an antecedent to sharing (Nelson andCooprider, 1996; Roberts, 2000)
Knowledge transfer Refers to the measure of the strength of the firm’s ability to transferknowledge into the firm from the employees. Knowledge transferdepends on how easily that knowledge can be transported, interpreted,and absorbed (Simonin, 1999). Mechanisms for security should notinhibit this process but should guard against unauthorized transfers
Ambiguity Refers to the item measure of the competency and transferability ofemployee knowledge (Simonin, 1999; Reed and Defillippi, 1990). Astrong barrier to imitation originates from the inability of competitors tocomprehend the competencies that are sources of competitiveadvantages. Expanding on Lippman and Rumelt’s (1982) concept ofcausal ambiguity
Tacitness Refers to the measure of the perceived view of the tacitness ofknowledge within the firm (Simonin, 1999). Defined as the implicit andnon-codifiable accumulation of skills that result from learning by doing
VOL. 10 NO. 4 2006 j JOURNAL OF KNOWLEDGE MANAGEMENTj PAGE 149
Issues for research in secure knowledge management
The firm exists as a repository of knowledge over time (Zander and Kogut, 1995). The
variables capture the degree to which a capability can be communicated and understood.
Drawing on the seminal work of Rogers, the dimensions of knowledge that constitute a firm’s
capabilities includes codifiability, teachability, and observability (Rogers, 1995). Knowledge
intensity and imitability can contribute to its causal nature and lead to competitive
advantages. Key dimensions or characteristics of knowledge can form the basis of future
research (see Table II). The characteristics defined in Table II form the future for research on
security issues. Initially, organizations must review the codified knowledge that currently
resides within the firm in manuals, databases, reports, publications, and other artifacts.
These codified entities must then be protected through security mechanisms. The
abundance of codified material is one of the biggest risks to organizations. For example,
companies tend to display their knowledge through websites that may be providing both
hackers and competitors with information that should be protected. Researchers should
focus on how firms create codified knowledge and the level of codification that is sufficient
for knowledge sharing, while still maintaining security. Sharing knowledge can be very easy
– protections need to be initiated to reflect what is being shared and with whom. In a long
term view, the firm should decide on how to prevent competitors from recruiting their
employees with knowledge of the firm’s processes, products, and competitive advantages.
Researchers can investigate the level of security placed on different employees similar to the
levels implemented at national intelligence organizations. The impacts on the firm of ‘‘skilled
and knowledgeable’’ employees leaving the firm should be quantified and addressed.
The prevalence of outsourcing and the use of reverse engineering can allow competitors to
extract knowledge from the organization. Product and service information should be
reviewed for potential knowledge outflows. Researchers in outsourcing should investigate
the role of knowledge outflows and the use of governance and contracts to protect
proprietary information from non-secure entities that exist beyond the scope of the
outsourcing agreement. The observability and imitability of the knowledge can lead to
Table II Basis for future research in KM systems
Characteristics Definition
Codifiability Refers to the extent to which knowledge of firm processes and operations areexplicitly documented. This knowledge may be substantive, e.g. in blueprints, orit may be procedural, e.g. in a recipe for carrying out a task (Kogut and Zander,1992, 1993; Zander and Kogut, 1995). Knowledge that is easily codifiable is nottacit
Teachability Refers to the ease by which know-how within the firm is shared with newemployees. To the extent that this know-how is easily taught, the transfer is morefeasible and can be expedited (Kogut and Zander, 1992, 1993; Zander andKogut, 1995). If the knowledge within the firm is easily shared, the tacit dimensionis low
Observability Refers to the extent to which capabilities of the firm can be ascertained throughreverse engineering or through published documentation (Kogut and Zander,1992, 1993; Zander and Kogut, 1995). Highly observable capabilities reduce theextent of tacit knowledge resources
Imitability Refers to the extent whereby outsiders could easily copy the firm’s coreprocesses/technologies (Autio et al., 2000). Initially suggested by Zander andKogut (1995), it assesses the time it takes outsiders to learn the technology byobservation or by learning it via normal operations
Intensity Refers to the measure of the knowledge intensity through reputation,input/output, and firm strategy. While these do not distinguish between tacitversus explicit knowledge, they are assessing overall knowledge intensity (Autioet al., 2000). Resources characterized by knowledge intensity are difficult toimitate and are associated with causal ambiguity (Reed and Defillippi, 1990)
PAGE 150 j JOURNAL OF KNOWLEDGE MANAGEMENTj VOL. 10 NO. 4 2006
security risks for the organization. Security protections should address the tacitness of the
knowledge and the security mechanisms that protect knowledge.
Issues for research in KMS design
Current definitions of knowledge management systems (KMS) are incomplete. They refer to
a class of information systems applied to manage organizational knowledge; they are
IT-based systems developed to support and enhance the organizational processes of
knowledge creation, storage/retrieval, transfer, and application (Alavi and Leidner, 1999).
The focus on security is missing. At a minimum, KMS should provide the same security as
data and information security systems. Knowledge is the analysis of data and information:
measures of protection for data and information will affect the accuracy of decisions based
on firm knowledge. Knowledge may be stolen: having knowledge captured and stored in
digital form allows for easier violations of security (Stewart et al., 2000).
Zhu and Iyer (2003) propose an architecture to combine different type of technologies for the
development of knowledge repository systems; these systems can provide connections
between knowledge and people and connections between people and people and is built
on the understanding that the knowledge management scenario where the system will be
used will be key to the selection of technologies. The proposed architecture contains three
processes: information representation, information processing, and information
presentation; there are no explicit provisions for securing the knowledge within the
repository.
Hahn and Subramani (2000) provided a framework (see Table III) to categorize the current
knowledge management support systems available. Researchers can adapt the framework
to prioritize exposure points for knowledge and then develop mechanisms and policies to
protect the knowledge (see Table IV). By addressing the type of knowledge and its form
within the organization, the development of knowledge protections can be tailored for
‘‘strategic fit’’.
Table III Framework for KM support
Locus of knowledgeArtifact Individual
Locus of a prioristructure
Structured Document repository Yellow page of experts
Data warehousing Expertise profiles and databasesUnstructured Collaborative filtering Electronic discussion
Intranets and search engines Forums
Source: Hahn and Subramani (2000)
Table IV Proposed framework for KM protection
Locus of knowledgeArtifact Individual
Locus of a priori structure Structured Secure logons Internal use onlyRestricted access Document interactions for repositoryData/information verificationSimilar to DBMS protections
Unstructured KMS tracking Create forum moderatorsTime stamps Corporate policiesSecurity levels
VOL. 10 NO. 4 2006 j JOURNAL OF KNOWLEDGE MANAGEMENTj PAGE 151
Inter-organizational vs intra-organizational security
Much of the discussion in this paper is focused on inter-organizational knowledge security.
The role of knowledge management and the security of knowledge is seen as challenging
when dealing with other firms and sharing information in collaborative projects. As interfirm
exchanges increase and supply chains reduce firm boundaries, the security issues of
knowledge management between firms will be critical to a firm’s survival. Firms can apply
the same policies/procedures used to secure knowledge between firms to the
departments/business units within firms. Looking at intra-firm issues, top management
must also device mechanisms to identify and prevent unauthorized use of firm knowledge.
For example: KMS can use resource-based access control (RBAC) with fields for internal or
external user. Security of knowledge management should be linked to others programs
within the firm as part of a broader control policy. While some firms impose no restrictions
whatsoever on who can access knowledge and information, others protect parts of their
knowledge restricting access to selected people and groups (Riege, 2005). It would seem
logical for a firm to erect strict controls for inter-organizational sharing where knowledge is
going beyond the firm’s boundaries than in cases of intra-organizational sharing where
knowledge flows are limited to employees.
Implications
Model for future research
In addressing the previous dimensions and concerns, the research into knowledge should
follow an approach that incorporates the three areas highlighted; the theory behind the
importance of knowledge, the characteristics of the knowledge, and the security issues of
knowledge management:
1. Theoretical development. Using the resource-based view as the starting point, the
knowledge-based view has received attention in various literature streams in both
strategic management and information systems. Further research into the constructs that
support the knowledge-based and the practical influence on the theory from industry
should be explored to understand the importance of knowledge in the new economy.
Development of a research stream on knowledge can supplement previous research on
technology acceptance and technology adoption. Integration of knowledge concepts
within strategic information systems and inter-organizational systems research will
strengthen existing models.
2. Knowledge characteristics. The dimensions of knowledge (Table II) need to be address
so that researchers can understand the implications for specific industries.
Understanding the dimensions of knowledge and the tacit nature of its collection can
affect the development of secure systems. Exploring the differences in current thinking on
data and information, and contrasting that with knowledge can present new approaches
to database design, systems development, and transfer mechanisms.
3. Security issues. The research should address the concerns raised in the paper (Tables I
and III). Designers of security systems will need to focus on how the knowledge is being
created, collected, and shared, and with whom. The macro-level issues should be
supported by a micro-level understanding of knowledge characteristics. The role of
knowledge in creating and sustaining competitive advantage needs to be explored from
both the theory development view and the practical applications within organizations.
‘‘ The abundance of codified material is one of the biggest risksto organizations. ’’
PAGE 152 j JOURNAL OF KNOWLEDGE MANAGEMENTj VOL. 10 NO. 4 2006
Recent attention to liability and terrorism has increased the importance of security
mechanisms that protect intellectual capital.
Using the security mechanisms presented in Table IV, designers of KMS can implement
levels of security for different types of knowledge that reside within the organization. The
concept of ‘‘secure knowledge management’’ has provided nascent models to address the
management and protection of knowledge resources. Information systems researchers
that are investigating knowledge creation, knowledge acquisition and knowledge sharing,
have to include the protection and security of knowledge. Future developments will need to
focus on data and applications security as well as in knowledge management.
Researchers need to explore the techniques developed for securing databases and
applications and apply them to securing the knowledge of a corporation, its most valuable
asset. Knowledge management systems will not appear radically different from existing IS,
but will be extended toward helping the user assimilate information (Alavi and Leidner,
1999). Secure knowledge management will include areas such as protecting the
intellectual assets, secure collaboration, secure multimedia data and applications, secure
semantic web as well as secure peer-to-peer computing. The nature of the knowledge
being protected will determine the type of secure system that is implemented.
Future challenges
Employees are demanding more information and knowledge to increase their effectiveness.
Capturing all the data, information and knowledge is half the battle – sharing the knowledge
without compromising security or competitiveness is challenging. The current literature has
examined how, why, when, and where to leverage knowledge assets; they have ignored the
question – how to secure knowledge assets (Desouza and Vanapalli, 2005). One of the
immediate challenges facing knowledge managers is finding the balance between open
knowledge sharing and enterprise intellectual capital management. Knowledge sharing is
as much of a people issue as it is technological (Riege, 2005); technology can act as both a
facilitator and a control mechanisms to protect knowledge. Knowledge sharing involves the
dissemination of information and knowledge throughout the business unit or organization.
Firms see benefits to sharing knowledge and establish motivational approaches and
communication mechanisms to share knowledge (Yang, 2004). Some of the sharing can be
control through access controls, passwords, group meetings, etc. Knowledge captured in
KMS has to include security protections and policies that govern access and usage
parameters. If managed effectively, sharing can occur within the right context and with the
right people. Sharing can occur within and between business functions, in formal and
informal approaches, and via tacit or explicit methods (Riege, 2005). With increasing threats
to firms, some have suggested a creation of a knowledge management system for IS
security management (Belsis et al., 2005). The security of knowledge has to be incorporated
into the company’s goals and strategic objectives. The culture of the firm needs to support
sharing while still including security protections.
References
Alavi, M. and Leidner, D.E. (1999), ‘‘Knowledge management systems: issues, challenges, and
benefits’’, Communication of the Association for Information Systems, Vol. 1 No. 7, pp. 1-37.
Alavi, M. and Leidner, D.E. (2001), ‘‘Review: knowledge management and knowledge management
systems: conceptual foundations and research issues’’, MIS Quarterly, Vol. 25 No. 1, pp. 107-36.
Asllani, A. and Luthans, F. (2003), ‘‘What knowledge managers really do: an empirical and comparative
analysis’’, Journal of Knowledge Management, Vol. 7 No. 3, pp. 53-66.
Autio, E., Sapienza, H.J. and Almeida, J.G. (2000), ‘‘Effects of age at entry, knowledge intensity, and
imitability on international growth’’, Academy of Management Journal, Vol. 43 No. 5, pp. 909-24.
Barney, J.B. (1986), ‘‘Strategic factor markets: expectations, luck, and business strategy’’, Management
Science, Vol. 32 No. 10, pp. 1231-41.
Barney, J.B. (1991), ‘‘Firm resources and sustained competitive advantage’’, Journal of Management,
Vol. 17 No. 1, pp. 99-120.
VOL. 10 NO. 4 2006 j JOURNAL OF KNOWLEDGE MANAGEMENTj PAGE 153
Becerra-Fernandez, I. and Sabherwal, R. (2001), ‘‘Organizational knowledge management: a
contingency perspective’’, Journal of Management Information Systems, Vol. 18 No. 1, pp. 23-55.
Belsis, P., Kokolakis, S. and Kiountouzis, E. (2005), ‘‘Information systems security from a knowledge
management perspective’’, Journal: Information Management and Computer Security, Vol. 13 No. 3,
pp. 189-202.
Bloodgood, J.M. and Salisbury, W.D. (2001), ‘‘Understanding the influence of organizational change
strategies on information technology and knowledge management strategies’’, Decision Support
Systems, Vol. 31 No. 1, pp. 55-69.
Cohen, W.M. and Levinthal, D.A. (1990), ‘‘Absorptive capacity: a new perspective on learning and
innovation’’, Administrative Science Quarterly, Vol. 35, pp. 128-52.
Damm, D. and Schindler, M. (2002), ‘‘Security issues of a knowledge medium for distributed project
work’’, International Journal of Project Management, Vol. 20 No. 1, pp. 37-47.
Decarolis, D.M. and Deeds, D.L. (1999), ‘‘The impact of stocks and flows of organizational knowledge on
firm performance: an empirical investigation of the biotechnology industry’’, Strategic Management
Journal, Vol. 20, pp. 953-68.
Desouza, K. and Vanapalli, G. (2005), ‘‘Securing knowledge in organizations: lessons from the
defense and intelligence sectors’’, International Journal of Information Management, Vol. 25 No. 1,
pp. 85-98.
Dierickx, I. and Cool, K. (1989), ‘‘Asset stock accumulation and sustainability of competitive
advantage’’, Management Science, Vol. 35 No. 12, pp. 1504-11.
Eisenhardt, K.M. and Martin, J.A. (2000), ‘‘Dynamic capabilities: what are they?’’, Strategic
Management Journal, Vol. 21, pp. 1105-21.
Eisenhardt, K.M. and Santos, F.M. (2001), ‘‘Knowledge-based view: a new theory of strategy’’, in
Pettigrew, A., Thomas, H. and Whittington, R. (Eds), Handbook of Strategy and Management, Sage
Publications, London.
Gold, A.H., Malhotra, A. and Segars, A.H. (2001), ‘‘Knowledge management: an organizational
capabilities perspective’’, Journal of Management Information Systems, Vol. 18 No. 1, pp. 185-214.
Grant, R.M. (1996a), ‘‘Toward a knowledge-based theory of the firm’’, Strategic Management Journal,
Vol. 17, pp. 109-22.
Grant, R.M. (1996b), ‘‘Prospering in dynamically-competitive environments: organizational capability as
knowledge integration’’, Organization Science, Vol. 7 No. 4, pp. 375-87.
Grover, V. and Davenport, T.H. (2001), ‘‘General perspectives on knowledge management: fostering a
research agenda’’, Journal of Management Information Systems, Vol. 18 No. 1, pp. 5-21.
Hahn, J. and Subramani, M. (2000), ‘‘A framework of knowledge management systems: issues and
challenges for theory and practice’’, International Conference on Information Systems, Brisbane,
Australia, pp. 302-12.
Helms, M.M., Ettkin, L.P. and Morris, D.J. (2000), ‘‘Shielding your company against information
compromise’’, Information Management and Computer Security, Vol. 8 No. 3, pp. 117-30.
Kale, P., Singh, H. and Perlmutter, H. (2000), ‘‘Learning and protection of proprietary assets in strategic
alliances: building relational capital’’, Strategic Management Journal, Vol. 21 No. 3, pp. 217-37.
Kesh, S., Ramanujan, S. and Nerur, S. (2002), ‘‘A framework for analyzing e-commerce security’’,
Information Management and Computer Security, Vol. 10 No. 4, pp. 149-58.
King, A.W. and Zeithaml, C.P. (2001), ‘‘Competencies and firm performance: examining the causal
ambiguity paradox’’, Strategic Management Journal, Vol. 22, pp. 75-99.
King, W.R., Marks, P.V. and McCoy, S. (2002), ‘‘The most important issues in knowledge management’’,
Communication of the ACM, Vol. 45 No. 9, pp. 93-7.
Kogut, B. and Zander, U. (1992), ‘‘Knowledge of the firm, combinative capabilities, and the replication of
technology’’, Organization Science, Vol. 3 No. 3, pp. 383-97.
Kogut, B. and Zander, U. (1993), ‘‘Knowledge of the firm and the evolutionary theory of the
multinational’’, Journal of International Business Studies, Vol. 24 No. 4, p. 625.
PAGE 154 j JOURNAL OF KNOWLEDGE MANAGEMENTj VOL. 10 NO. 4 2006
Kogut, B. and Zander, U. (1995), ‘‘Knowledge, market failure and the multinational enterprise: a reply’’,
Journal of International Business Studies, Vol. 26 No. 2, pp. 417-26.
Liebeskind, J.P. (1996), ‘‘Knowledge, strategy, and the theory of the firm’’, Strategic Management
Journal, Vol. 17, pp. 93-107.
Lippman, S.A. and Rumelt, R.P. (1982), ‘‘Uncertain imitability: an analysis of interfirm differences in
efficiency under competition’’, Bell Journal of Economics, Vol. 13 No. 2, pp. 418-38.
McEvily, S.K. and Chakravarthy, B. (2002), ‘‘The persistence of knowledge-based advantage: an
empirical test for product performance and technological knowledge’’, Strategic Management Journal,
Vol. 23, pp. 285-305.
McEvily, S.K., Das, S. and McCabe, K. (2000), ‘‘Avoiding competence substitution through knowledge
sharing’’, Academy of Management Review, Vol. 25 No. 2, pp. 294-311.
Matusik, S.F. and Hill, C.W.L. (1998), ‘‘The utilization of contingent work, knowledge creation, and
competitive advantage’’, Academy of Management Review, Vol. 23 No. 4, pp. 680-97.
Milberg, S.J., Smith, H.J. and Burke, S.J. (2000), ‘‘Information privacy: corporate management and
national regulation’’, Organization Science, Vol. 11 No. 1, pp. 35-57.
Milberg, S.J., Burke, S.J., Smith, H.J. and Kallman, E.A. (1995), ‘‘Values, personal information privacy,
and regulatory approaches’’, Communication of the ACM, Vol. 38 No. 12, pp. 65-74.
Mowery, D.C., Oxley, J.E. and Silverman, B.S. (1996), ‘‘Strategic alliances and interfirm knowledge
transfer’’, Strategic Management Journal, Vol. 17, pp. 77-91.
Nelson, K.M. and Cooprider, J.G. (1996), ‘‘The contribution of shared knowledge to IS group
performance’’, MIS Quarterly, Vol. 20 No. 4, pp. 409-32.
Nelson, R.R. and Winter, S.G. (1982), Evolutionary Theory of Economic Change, Belknap Press,
Cambridge, MA.
Nidumolu, S.R., Subramani, M. and Aldrich, A. (2001), ‘‘Situated learning and the situated knowledge
web: exploring the ground beneath knowledge management’’, Journal of Management Information
Systems, Vol. 18 No. 1, pp. 115-50.
Nonaka, I. (1994), ‘‘A dynamic theory of organizational knowledge creation’’, Organization Science,
Vol. 5 No. 1, pp. 14-37.
Nonaka, I. and Takeuchi, H. (1995), The Knowledge-creating Company: How Japanese Companies
Create the Dynamics of Innovation, Oxford University Press, New York, NY.
Reed, R. and Defillippi, R.J. (1990), ‘‘Casual ambiguity, barriers to imitation, and sustainable competitive
advantage’’, Academy of Management Review, Vol. 15 No. 1, pp. 88-102.
Riege, A. (2005), ‘‘Three-dozen knowledge-sharing barriers managers must consider’’, Journal of
Knowledge Management, Vol. 9 No. 3, pp. 18-35.
Roberts, J. (2000), ‘‘From know-how to show-how? Questioning the role of information and
communication technologies in knowledge transfer’ ’, Technology Analysis and Strategic
Management, Vol. 12 No. 4, pp. 429-43.
Rogers, E.M. (1995), The Diffusion of Innovations, Free Press, New York, NY.
Salisbury, M.W. (2003), ‘‘Putting theory into practice to build knowledge management systems’’, Journal
of Knowledge Management, Vol. 7 No. 2, pp. 128-41.
Simonin, B.L. (1999), ‘‘Ambiguity and the process of knowledge transfer in strategic alliances’’, Strategic
Management Journal, Vol. 20 No. 7, pp. 595-623.
Smith, H.J., Milberg, S.J. and Burke, S.J. (1996), ‘‘Information privacy: measuring individuals; concern
about organizational practices’’, MIS Quarterly, Vol. 20 No. 2, pp. 167-96.
Smith, M. and Hansen, F. (2002), ‘‘Managing intellectual property: a strategic point of view’’, Journal of
Intellectual Capital, Vol. 3 No. 4, pp. 366-74.
Spender, J.C. and Grant, R. (1996), ‘‘Knowledge and the firm: overview’’, Strategic Management
Journal, Vol. 17, pp. 5-9.
VOL. 10 NO. 4 2006 j JOURNAL OF KNOWLEDGE MANAGEMENTj PAGE 155
Stewart, K.A. and Segars, A.H. (2002), ‘‘An empirical examination of the concern of information privacy
instrument’’, Information Systems Research, Vol. 13 No. 1, pp. 36-49.
Stewart, K.A., Baskerville, R., Storey, V.C., Senn, J.A., Raven, A. and Long, C. (2000), ‘‘Confronting the
assumptions underlying the management of knowledge: an agenda for understanding and investigating
knowledge management’’, Database for Advances in Information Systems, Vol. 31 No. 4, pp. 41-53.
Teece, D.J. (1998), ‘‘Capturing value from knowledge assets: the new economy, markets for know-how,
and intangible assets’’, California Management Review, Vol. 40 No. 3, pp. 55-79.
Teece, D.J., Pisano, G. and Shuen, A. (1997), ‘‘Dynamic capabilities and strategic management’’,
Strategic Management Journal, Vol. 18 No. 7, pp. 509-33.
Van den Bosch, F.A.J., Volberda, H.W. and de Boer, M. (1999), ‘‘Coevolution of firm absorptive capacity
and knowledge environment: organizational forms and combinative capabilities’’, Organization Science,
Vol. 10 No. 5, pp. 551-68.
Weick, K.E. and Roberts, K.H. (1993), ‘‘Collective mind in organizations: heedful interrelating on flight
decks’’, Administrative Science Quarterly, Vol. 38 No. 3, pp. 357-81.
Wernerfelt, B. (1984), ‘‘A resource-based view of the firm’’, Strategic Management Journal, Vol. 5,
pp. 171-80.
Yang, J.-T. (2004), ‘‘Job-related knowledge sharing: comparative case studies’’, Journal of Knowledge
Management, Vol. 8 No. 3, pp. 118-26.
Zander, U. and Kogut, B. (1995), ‘‘Knowledge and the speed of the transfer and imitation of
organizational capabilities: an empirical test’’, Organization Science, Vol. 6, pp. 76-92.
Zhu, B. and Iyer, B. (2003), ‘‘The design for an effective knowledge repository system’’, paper presented
at the Minnesota Symposium on Knowledge Management, Minneapolis, MN.
Corresponding author
Ebrahim Randeree can be contacted at: [email protected]
PAGE 156 j JOURNAL OF KNOWLEDGE MANAGEMENTj VOL. 10 NO. 4 2006
To purchase reprints of this article please e-mail: [email protected]
Or visit our web site for further details: www.emeraldinsight.com/reprints