{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T00:15:48Z","timestamp":1774397748594,"version":"3.50.1"},"reference-count":56,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,1]]},"abstract":"<jats:p>Repeated information security (InfoSec) incidents have harmed the confidence of people on enterprises' InfoSec capability. While most organisations adopt control frameworks such as ISO27001 and COBIT, the role and contribution of knowledge management on InfoSec was inadequately considered. The authors integrated the concepts of knowledge-centric information security and IT Governance (ITG) into an ITG-driven knowledge framework (ITGKF) for reinforcing InfoSec maturity and auditability of enterprises. The authors also tried to assess whether ITG can embrace proper knowledge circulation within the InfoSec community. The authors confirmed the positive influence of IT governance on knowledge-centric information security (KCIS) and information security maturity and audit result (ISMAR), the positive influence of KCIS on ISMAR, and the mediating role of KCIS between ITG and ISMAR. These indicated the significance of KM in InfoSec area. Based on the findings, they proposed possible changes of integrating KM in different InfoSec practices and audit standard.<\/jats:p>","DOI":"10.4018\/ijkm.2019010103","type":"journal-article","created":{"date-parts":[[2018,11,17]],"date-time":"2018-11-17T16:11:30Z","timestamp":1542471090000},"page":"37-52","source":"Crossref","is-referenced-by-count":11,"title":["Integrating Knowledge Management into Information Security"],"prefix":"10.4018","volume":"15","author":[{"given":"Cheuk Hang","family":"Au","sequence":"first","affiliation":[{"name":"The University of Sydney, Sydney, Australia"}]},{"given":"Walter S. L.","family":"Fung","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hunghom, Hong Kong"}]}],"member":"2432","reference":[{"key":"IJKM.2019010103-0","doi-asserted-by":"crossref","unstructured":"Alnatheer, M. (2015). Information security culture critical success factors. Information Technology - New Generations (ITNG), 2015 12th International Conference on.","DOI":"10.1109\/ITNG.2015.124"},{"key":"IJKM.2019010103-1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2016.05.017"},{"key":"IJKM.2019010103-2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24746-3_28"},{"key":"IJKM.2019010103-3","author":"A.Bandura","year":"1986","journal-title":"Social foundations of thought and action"},{"key":"IJKM.2019010103-4","doi-asserted-by":"crossref","DOI":"10.4324\/9781315538747","author":"C.Berkenkotter","year":"2016","journal-title":"Genre knowledge in disciplinary communication: Cognition\/culture\/power"},{"key":"IJKM.2019010103-5","article-title":"Evolving IT governance practices for IT and business alignment: A case study in an Australian institution.","author":"J.Bhattacharjya","year":"2006","journal-title":"Proceedings of the Conference on Information Science, Technology and Management (CISTM 2006)"},{"key":"IJKM.2019010103-6","doi-asserted-by":"publisher","DOI":"10.1109\/CICN.2015.216"},{"key":"IJKM.2019010103-7","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2011.368"},{"key":"IJKM.2019010103-8","doi-asserted-by":"publisher","DOI":"10.4018\/jkm.2005070103"},{"key":"IJKM.2019010103-9","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2012.05.003"},{"key":"IJKM.2019010103-10","doi-asserted-by":"publisher","DOI":"10.1080\/10580530902794786"},{"key":"IJKM.2019010103-11","doi-asserted-by":"publisher","DOI":"10.2308\/isys-50422"},{"key":"IJKM.2019010103-12","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2016.07.001"},{"key":"IJKM.2019010103-13","doi-asserted-by":"publisher","DOI":"10.1108\/02635570710719089"},{"key":"IJKM.2019010103-14","doi-asserted-by":"publisher","DOI":"10.1108\/13673270710738942"},{"issue":"1","key":"IJKM.2019010103-15","first-page":"43","article-title":"Just waiting for the next bang: Business continuity planning in the UK finance sector.","volume":"8","author":"D.Elliott","year":"1999","journal-title":"Journal of Applied Management Studies"},{"key":"IJKM.2019010103-16","author":"W.Fung","year":"2011","journal-title":"An exploration of knowledge-centric information security by community of practice"},{"key":"IJKM.2019010103-17","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.1994.12"},{"key":"IJKM.2019010103-18","doi-asserted-by":"publisher","DOI":"10.4018\/jhcitp.2013070104"},{"key":"IJKM.2019010103-19","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581274"},{"key":"IJKM.2019010103-20","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijpe.2012.06.022"},{"key":"IJKM.2019010103-21","unstructured":"inspectIT. (2018). GitHub - inspectIT\/inspectIT: inspectIT is the leading Open Source APM (Application Performance Management) tool for analyzing your Java (EE) applications. Retrieved from https:\/\/github.com\/inspectIT\/inspectIT"},{"key":"IJKM.2019010103-22","doi-asserted-by":"publisher","DOI":"10.1007\/s10888-006-9036-6"},{"key":"IJKM.2019010103-23","year":"2014"},{"key":"IJKM.2019010103-24","doi-asserted-by":"publisher","DOI":"10.4018\/jkm.2005040104"},{"key":"IJKM.2019010103-25","doi-asserted-by":"publisher","DOI":"10.4018\/ijkm.2014040101"},{"key":"IJKM.2019010103-26","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-007-9053-4"},{"key":"IJKM.2019010103-27","doi-asserted-by":"publisher","DOI":"10.1002\/pmj.20218"},{"key":"IJKM.2019010103-28","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.59"},{"key":"IJKM.2019010103-29","unstructured":"Khomami, N., & Solon, O. (2017). 'Accidental hero' halts ransomware attack and warns: this is not over. The Guardian."},{"key":"IJKM.2019010103-30","doi-asserted-by":"publisher","DOI":"10.1007\/s10845-010-0402-7"},{"key":"IJKM.2019010103-31","doi-asserted-by":"crossref","unstructured":"Korac-Kakabadse, N., & Kakabadse, A. (2001). IS\/IT governance: Need for an integrated model. The international journal of business in society, 1(4), 9-11.","DOI":"10.1108\/EUM0000000005974"},{"key":"IJKM.2019010103-32","unstructured":"Larson, S. (2017). Massive cyberattack targeting 99 countries causes sweeping havoc. CNN. Retrieved from http:\/\/money.cnn.com\/2017\/05\/12\/technology\/ransomware-attack-nsa-microsoft\/index.html"},{"key":"IJKM.2019010103-33","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.11"},{"key":"IJKM.2019010103-34","doi-asserted-by":"publisher","DOI":"10.1145\/1290958.1290962"},{"key":"IJKM.2019010103-35","doi-asserted-by":"publisher","DOI":"10.1016\/S0263-7863(03)00060-7"},{"key":"IJKM.2019010103-36","author":"T.Nigel","year":"2003","journal-title":"Foreword\u2019 in Calder, Alan and Watkins, Steve, IT Governance: A Manager\u2019s Guide to Data Security & BS 7799\/ISO 17799"},{"key":"IJKM.2019010103-37","unstructured":"Nozaki, M., & Tipton, H. (2011). Information Security Management Handbook."},{"key":"IJKM.2019010103-38","doi-asserted-by":"publisher","DOI":"10.1037\/a0017815"},{"key":"IJKM.2019010103-39","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2011.01.001"},{"key":"IJKM.2019010103-40","doi-asserted-by":"publisher","DOI":"10.4018\/ijitbag.2014010101"},{"key":"IJKM.2019010103-41","author":"M.Porter","year":"1985","journal-title":"Competitive advantage: creating and sustaining superior performance"},{"key":"IJKM.2019010103-42","unstructured":"Qian, G., & Da, Q.-l. (2001). The Information System Risk Evaluation Based on Systems Security Engineering Capability Maturity Model. Journal of Industrial Engineering and Engineering Management."},{"key":"IJKM.2019010103-43","doi-asserted-by":"publisher","DOI":"10.1108\/IJPPM-01-2015-0003"},{"key":"IJKM.2019010103-44","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2014.10.003"},{"key":"IJKM.2019010103-45","doi-asserted-by":"publisher","DOI":"10.1016\/0361-3682(77)90033-2"},{"key":"IJKM.2019010103-46","doi-asserted-by":"publisher","DOI":"10.1108\/14637150610710936"},{"key":"IJKM.2019010103-47","doi-asserted-by":"publisher","DOI":"10.4018\/ijkm.2014040105"},{"key":"IJKM.2019010103-48","doi-asserted-by":"publisher","DOI":"10.4018\/IJKM.2015100104"},{"key":"IJKM.2019010103-49","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(12)70013-2"},{"key":"IJKM.2019010103-50","doi-asserted-by":"publisher","DOI":"10.1108\/09685229810227649"},{"key":"IJKM.2019010103-51","doi-asserted-by":"publisher","DOI":"10.1007\/11836810_38"},{"key":"IJKM.2019010103-52","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2012.04.002"},{"key":"IJKM.2019010103-53","doi-asserted-by":"publisher","DOI":"10.2307\/41165947"},{"key":"IJKM.2019010103-54","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2011.08.008"},{"key":"IJKM.2019010103-55","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2006.482"}],"container-title":["International Journal of Knowledge Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=218233","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T05:52:34Z","timestamp":1651816354000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJKM.2019010103"}},"subtitle":["From Audit to Practice"],"short-title":[],"issued":{"date-parts":[[2019,1]]},"references-count":56,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.4018\/ijkm.2019010103","relation":{},"ISSN":["1548-0666","1548-0658"],"issn-type":[{"value":"1548-0666","type":"print"},{"value":"1548-0658","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,1]]}}}