Markus Manhart

Protecting organizational knowledge: a structured literature review

Purpose – The purpose of this paper is to investigate pertinent knowledge protection literature. At the same time, however, knowledge protection is often a neglected or underdeveloped area. This is all the more concerning as knowledge protection plays an essential part in preserving an organization’s competitive advantage. Despite the recognition of this issue by scholars, the knowledge management literature has so far tended to concentrate on the facilitation of knowledge sharing rather than on knowledge protection. Design/methodology/approach – In this paper, the authors present the results of a structured literature review undertaken to investigate the current state of research on knowledge protection. The paper identifies core domains in knowledge protection literature, discusses theoretical perspectives and research methods, sheds light on the role of the information technology (IT) artefact in knowledge protection research and develops a portfolio of knowledge protection measures. Findings – In this...

Auditing service providers: supporting auditors in cross-organizational settings

Purpose - – The purpose of this paper is to shed light on the particular information needs of external auditors performing information technology (IT) audits at service providers in cross-organizational settings and to promote a software-based approach towards their satisfaction. The approach is intended to supplement the manual approaches currently adopted by auditors to procure information in such settings. Design/methodology/approach - – The authors analyzed data collected by means of a series of 16 interviews and four think-aloud sessions with experienced professionals. Findings - – Information procurement is perceived as tedious by auditors and largely relies on repeat interviews and perusal of documents. Given the growing complexity of cross-organizational settings, manual approaches to information procurement are reaching their limits. A considerable portion of the information required is often stored by service providers using software that is inaccessible to auditors. The authors argue that a software-based approach providing an interface for auditors to access relevant information held by such software presents an avenue worth exploring. Practical implications - – The authors outline how the information stored by service providers using software can be made accessible with reasonable effort. Complementing manual approaches to information procurement with an audit interface would reduce workload and increase quality. Originality/value - – The concept of an audit interface represents a novel and promising approach to meeting the information needs of auditors performing IT audits in cross-organizational settings more effectively. Both auditors and service providers would benefit from its implementation.

The Ends of Knowledge Sharing in Networks: Using Information Technology to Start Knowledge Protection

Organisations need networks to leverage external knowledge, particularly for SMEs with their limited resources. Organisations use networks for knowledge sharing to foster innovation. This use of networks bears risks like the unwanted spill-over of knowledge. Consequently, organisations need to balance sharing and protecting knowledge. While scholars have extensively investigated the sharing perspective, they have so far neglected knowledge protection in network settings and especially the interplay between sharing and protection. This paper illuminates the motives and practices of network members switching from open sharing to stronger protection on the basis of 53 interviews with members from 10 SME networks. We describe three patterns of switching behaviour and explain how the interviewees adapt the use of collaborative IT to manage the switches. Employees switch from sharing to being open to (a) a certain extent, (b) a certain group, or (c) a certain topic. We find that the three types of switching behaviour are related to network characteristics and to corresponding adaptions in using collaborative IT. Collaborative IT does not necessarily hamper knowledge protection, but adapted use can support both knowledge sharing and knowledge protection. We argue that organisations should develop protection capabilities to manage the switches.

Complexity is dead, long live complexity! How software can help service providers manage security and compliance

Service providers expected to see a simplification regarding security and compliance management as standards and best practice were applied to complex information technology (IT) outsourcing arrangements. However, security and compliance management became even more complex and is presenting greater challenges to service providers than ever before. In this article, we focus on the work practices of service providers dealing with complex and transitory security requirements and distributed IT infrastructures. Based on the results of semi-structured interviews followed by a think-aloud study, we first describe specific requirements to be met by software supporting security and compliance management in complex IT outsourcing arrangements, and discuss the extent to which existing software already meets them. We show that existing software, which is primarily designed for in-house settings, fails to meet requirements of complex IT outsourcing arrangements such as (1) the use of standardized and formal descriptions of security requirements and configurations, (2) the definition of a interface allowing to exchange messages and to delegate tasks, (3) the provision of mechanisms for designing and implementing a configuration for specific security requirements across organizational boundaries, (4) the provision of mechanisms for verifying and approving the enforcement of these security requirements, and (5) the provision of mechanisms for searching and browsing security requirements, configurations and links between them. We then propose a software architecture that claims to be capable of meeting those requirements and outline how this claim was evaluated by means of another think-aloud study in which potential end users were asked to perform a series of tasks using a prototypical implementation of the architecture. The results of the evaluation confirm that the software meets the described requirements and suggests that it facilitates the management of security and compliance in complex IT outsourcing arrangements.

Knowledge Risks of Social Media in the Financial Industry

The financial sector is characterized as knowledge intensive with knowledge as the key source of competitive advantage. The introduction of social media within the organizational environment has raised the number of knowledge risks that can lead to knowledge leakage and thus to a loss of competitive edge. The authors investigated knowledge risks arising from the use of social media within the financial sector. They interviewed twelve employees from ten different European financial institutions to identify strategies how financial institutions currently deal with knowledge risks. The authors identified three major knowledge risks induced by social media and it appears that financial institutions are skeptical towards social media adoption. However, competition forces financial institutions to adopt social media and to change their attitude. As a consequence, financial institutions need to find different strategies for the management of knowledge risks. The authors identified such strategies and they show which strategies link to the major knowledge risks.

Reconciling digital transformation and knowledge protection: a research agenda

Abstract Digital transformation revolutionises the way people work not only in office settings but also in physical work settings such as manufacturing or construction. New ways of combining digital and physical innovations and intensified inter-organisational collaborations are key characteristics for success. Knowledge sharing becomes increasingly important, but its inter-organisational nature and the blurring of organisational boundaries create new challenges for the protection of knowledge. Existing research on knowledge protection mostly focuses on single organisations or on dyadic relationships. Complex sharing arrangements and especially sharing in networks has received little attention so far. This paper presents a literature review, integrating the perspectives of the base domains of knowledge, strategy, innovation, and information security management with the goal to identify knowledge protection requirements in the era of digital transformation. Five avenues for future research on knowledge protection to support organisations coping with challenges imposed by digital transformation are presented.

Towards data-driven decision support for organizational IT security audits

Abstract As the IT landscape of organizations increasingly needs to comply with various laws and regulations, organizations manage a plethora of security-related data and have to verify the adequacy and effectiveness of their security controls through internal and external audits. Existing Governance, Risk and Compliance (GRC) approaches provide little support for auditors or are tailored to the needs of auditors and do not fully support required management activities of the auditee. To address this gap and move towards a holistic solution, a data-driven approach is proposed. Following the design science research paradigm, a data-driven approach for audit data management and analytics that addresses organizational needs as well as requirements for audit data analytics was developed. We contribute workflow support and associated data models to support auditing and security decision making processes. The evaluation shows the viability of the proposed IT artifact and its potential to reduce costs and complexity of security management processes and IT security audits. By developing a model and associated decision support workflows for the entire IT security audit lifecycle, we present a solution for both the auditee and the auditor. This is useful to developers of GRC tools, vendors, auditors and organizational decision makers.