An Exploratory Study of the Effects of Knowledge Sharing Methods on Cyber Security Practice

In a networked global economy, cyber security threats have accelerated at an enormous rate. The security infrastructure at organisational and national levels are often ineffective against these threats. As a result, academics have focused their research on information security risks and technical perspectives to enhance human-related security measures. To further extend this trend of research, this study examines the effects of three knowledge sharing methods on user security practices: security training, social media communication, and local security experts (non-IT staff). The study adopts a phenomenological method employing in-depth focus group interviews with 30 participants from eight organisations located in Ho Chi Minh city, Vietnam. The study expands on understanding factors contributing to self-efficacy and security practice through various knowledge sharing channels. Current methods of periodical training and broadcast emails were found to be less effective in encouraging participants to develop security self-efficacy and were often ignored. Security knowledge sharing through social media and local experts were identified as supplementary methods in maintaining employees’ security awareness. In particular, social media is suggested as a preferred channel for disseminating urgent security alerts and seeking peer advice. Local security experts are praised for providing timely and contextualised security advice where member trust is needed. This study suggests that provisions of contemporary channels for security information and knowledge sharing between organisations and employees can gain regular attention from employees, hence leading to more effective security practices.

Effects of Team Collaboration on Sharing Information Security Advice

Active sharing of information security advice among the employees has undeniable implications for developing a sustainable security environment. This research examines this topic from the network perspective, and focuses on the work relationships that promote sharing security advice. Exponential random graph modeling technique was employed to evaluate the relationship between team collaborative activities and sharing security advice. The findings revealed that those who share security advice also tend to give work- and IT-related knowledge. Moreover, employees who have similar tenure tend to exchange security advice with each other more. Furthermore, the network of sharing security advice is transitive and has a tendency to form separate clusters. Security managers are suggested to take into account the research findings to identify key employees who frequently share security advice in the workplace and devise appropriate strategies to manage them.

On Assessing Risk Assessments and Situating Security Advice: The Unsettling Quest for ‘Security Expertise’

This chapter tackles the challenges of security in violent research contexts. It offers in-depth insights into how Judith Verwejien assessed security risks when she researched micro-dynamics of conflict in the eastern part of the Democratic Republic of the Congo (DRC). It also details practical forms of preparation for potential harm and how to avoid it, such as analyzing patterns of kidnappings or imaging an ambush and practising how to behave in such a situation. The chapter shows that the combination of good security analysis and realistic preparations can help minimize risks even in a highly violent context such as eastern DRC. It also analyzes what counts as knowledge on security dynamics and how does this knowledge translate into guidelines for action.