{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T04:08:58Z","timestamp":1774066138085,"version":"3.50.1"},"reference-count":19,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2005,7,1]],"date-time":"2005-07-01T00:00:00Z","timestamp":1120176000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,7,1]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>Information systems security management is a knowledge\u2010intensive activity that currently depends heavily on the experience of security experts. However, the knowledge dimension of IS security management has been neglected, both by research and industry. This paper aims to explore the sources of IS security knowledge and the potential role of an IS security knowledge management system.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The results of this paper are based on field research involving five organizations (public and private) and five security experts and consultants. A model to illustrate the structure of IS security knowledge in an organization is then proposed.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>Successful security management largely depends on the involvement of users and other stakeholders in security analysis, design, and implementation, as well as in actively defending the IS. However, most stakeholders lack the required knowledge of IS security issues that would allow them to play an important role in IS security management.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>In this paper, the knowledge management aspect of IS security management has been highlighted. Moreover, the basic sources of security\u2010related knowledge have been identified and a model of IS security knowledge has been created. Also, the activities to be supported by a security\u2010focused KM system have been identified. Thus, the basis for the development of specialized security KM systems has been set.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220510602013","type":"journal-article","created":{"date-parts":[[2005,6,22]],"date-time":"2005-06-22T02:12:51Z","timestamp":1119406371000},"page":"189-202","source":"Crossref","is-referenced-by-count":36,"title":["Information systems security from a knowledge management perspective"],"prefix":"10.1108","volume":"13","author":[{"given":"Petros","family":"Belsis","sequence":"first","affiliation":[]},{"given":"Spyros","family":"Kokolakis","sequence":"additional","affiliation":[]},{"given":"Evangelos","family":"Kiountouzis","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022012520203865100_b1","doi-asserted-by":"crossref","unstructured":"Baskerville, R. (1991), \u201cRisk analysis: an interpretive feasibility tool in justifying information systems security\u201d, European Journal of Information Systems, Vol. 1 No. 2, pp. 121\u201030.","DOI":"10.1057\/ejis.1991.20"},{"key":"key2022012520203865100_b2","doi-asserted-by":"crossref","unstructured":"Beijerse, R. (1999), \u201cQuestions in knowledge management\u201d, Journal of Knowledge Management, Vol. 3 No. 2, pp. 94\u2010109.","DOI":"10.1108\/13673279910275512"},{"key":"key2022012520203865100_b3","unstructured":"BSI (2002), Information Security Management \u2013 Part 2: Specification for Information Security Management Systems, BS 7799\u20102:2002, British Standards Institute, London."},{"key":"key2022012520203865100_b4","unstructured":"Davenport, T. and Prusak, L. (1998), Working Knowledge: How Organizations Manage What They Know, Harvard Business School Press, Cambridge, MA."},{"key":"key2022012520203865100_b5","doi-asserted-by":"crossref","unstructured":"Davenport, T. and Volpel, S. (2001), \u201cThe rise of knowledge towards attention management\u201d, Journal of Knowledge Management, Vol. 5 No. 3, pp. 212\u201021.","DOI":"10.1108\/13673270110400816"},{"key":"key2022012520203865100_b6","doi-asserted-by":"crossref","unstructured":"Earl, M. (2001), \u201cKnowledge management strategies: toward a taxonomy\u201d, Journal of Management Information Systems, Vol. 18 No. 1, pp. 215\u201033.","DOI":"10.1080\/07421222.2001.11045670"},{"key":"key2022012520203865100_b7","unstructured":"Flick, U. (1998), An Introduction to Qualitative Research, Sage Publications, London."},{"key":"key2022012520203865100_b8","unstructured":"Fung, P., Kwok, L. and Longley, D. (2001), \u201cElectronic information security documentation\u201d, Proceedings of the 8th Information Security Management and Small Systems Security Conference, Las Vegas, NV, September 27\u201028."},{"key":"key2022012520203865100_b9","doi-asserted-by":"crossref","unstructured":"Gao, F., Meng, L. and Nakamori, Y. (2002), \u201cSystems thinking on knowledge management\u201d, Journal of Knowledge Management, Vol. 6 No. 1, pp. 7\u201017.","DOI":"10.1108\/13673270210417646"},{"key":"key2022012520203865100_b10","doi-asserted-by":"crossref","unstructured":"Hinde, S. (2003), \u201cThe law, cybercrime, risk assessment and cyber protection\u201d, Computers and Security, Vol. 22 No. 2, pp. 90\u20105.","DOI":"10.1016\/S0167-4048(03)00203-7"},{"key":"key2022012520203865100_b11","unstructured":"ISO (2000), \u201cInformation technology \u2013 code of practice for information security management\u201d, ISO 17799, International organization for Standardisation, Geneva."},{"key":"key2022012520203865100_b12","unstructured":"Jarvinen, P.H. (2001), \u201cResearch questions guiding selection of an appropriate research method\u201d, Proceedings of the 8th Information Security Management and Small Systems Security Conference, Las Vegas, NV, September 27\u201028."},{"key":"key2022012520203865100_b13","doi-asserted-by":"crossref","unstructured":"Klein, H. and Myers, M. (1999), \u201cA set of principles for conducting and evaluating interpretive field studies in information systems\u201d, MIS Quarterly, Vol. 23 No. 1, pp. 67\u201094.","DOI":"10.2307\/249410"},{"key":"key2022012520203865100_b14","doi-asserted-by":"crossref","unstructured":"Milton, N., Shadbolt, N., Cottam, H. and Hammersley, M. (1999), \u201cTowards a knowledge technology for knowledge management\u201d, International Journal of Human\u2010computer Studies, Vol. 51 No. 3, pp. 615\u201041.","DOI":"10.1006\/ijhc.1999.0278"},{"key":"key2022012520203865100_b15","doi-asserted-by":"crossref","unstructured":"Nonaka, I. (1994), \u201cA dynamic theory of organizational knowledge creation\u201d, Organization Science, Vol. 5 No. 1, pp. 14\u201037.","DOI":"10.1287\/orsc.5.1.14"},{"key":"key2022012520203865100_b16","doi-asserted-by":"crossref","unstructured":"Nonaka, I. and Takeuchi, H. (1995), The Knowledge\u2010Creating Company, Oxford University Press, Oxford.","DOI":"10.1093\/oso\/9780195092691.001.0001"},{"key":"key2022012520203865100_b17","unstructured":"Polanyi, M. (1966), The Tacit Dimension, Routledge & Kegan Paul, London."},{"key":"key2022012520203865100_b18","doi-asserted-by":"crossref","unstructured":"Polanyi, M. (1997), \u201cThe tacit dimension\u201d, in Prusak, L. (Ed.), Knowledge in Organizations, Butterworth\u2010Heinemann, Boston, MA, pp. 135\u201046.","DOI":"10.1016\/B978-0-7506-9718-7.50010-X"},{"key":"key2022012520203865100_b19","doi-asserted-by":"crossref","unstructured":"Tryfonas, T., Kiountouzis, E. and Poulymenakou, A. (2001), \u201cEmbedding practices in contemporary information systems development approaches\u201d, Information Management & Computer Security, Vol. 9 No. 4, pp. 183\u201097.","DOI":"10.1108\/09685220110401254"}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220510602013","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510602013\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510602013\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:08:54Z","timestamp":1753402134000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/13\/3\/189-202\/183410"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,7,1]]},"references-count":19,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2005,7,1]]}},"alternative-id":["10.1108\/09685220510602013"],"URL":"https:\/\/doi.org\/10.1108\/09685220510602013","relation":{},"ISSN":["0968-5227"],"issn-type":[{"value":"0968-5227","type":"print"}],"subject":[],"published":{"date-parts":[[2005,7,1]]}}}