Abstract
This chapter tackles knowledge sharing by focusing on security and trust issues. Although trust is recognized as important in security issues, few studies on information systems (ISs) deal with both trust and security. Knowledge sharing relies on sense-giving and sense-reading processes which require, encourage, and even create trust within individuals. We argue that individuals are processors of information and interpret information to create their own tacit knowledge.
Recent security reports from organizations have presented that the majority of ISs security threats involve employees within the organizations. Individuals, as well as computers, maybe attacked through social engineering techniques in order to gain their trust. Despite this evidence, most of the work has focused on the control of outsider security threats rather than of insider security threats, particularly when humans are perpetrators.
We propose to study insider threats through a trust factor during the knowledge sharing process. Knowledge sharers may induce insider threats for security due to trust-related attitudes and behaviours. The proposition is twofold with interviews and self-report questionnaires to collect information about the trust, and ontologies to categorize such information. The proposition is then discussed, notably in terms of problems and answers leading to study trust in security when sharing knowledge.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
References
Akhter SH (2014) Privacy concern and online transactions: the impact of Internet self-efficacy and Internet involvement. J Consum Mark 31(2):118–125
Anquetil N, Oliveira KM, De Souza KD, Dias M (2007) Software maintenance seen as a knowledge management issue. Inf Softw Technol 49(5):515–529
Arduin P-E (2018) Insider threats. Wiley-ISTE, Hoboken, NJ
Arduin P-E, Grundstein M, Rosenthal-Sabroux C (2015) Information and knowledge system. Wiley-ISTE, Hoboken, NJ
Bandura A (1997) Perceived self-efficacy: the exercise of control. W.H. Freeman/Times Books/Henry Holt, New York, NY
Canohoto AI, Dibb S, Simkin L, Quinn L, Analogbei M (2015) Preparing for the future—how managers perceive, interpret and assess the impact of digital technologies for business. In: Proceedings of the 48th Hawaii international conference on system sciences
Castelfranchi C, Falcone R (2000) Trust is much more than subjective probability: mental components and sources of trust. In: Sprague RH (ed) Proceedings of the 33rd annual Hawaii international conference on system sciences, 7 January 2000, Maui, HI. IEEE, Piscataway, NJ
Collwill C (2009) Human-factors in information security: the insider-threat—who can we trust these days? Inf Secur Tech Rep 14:186–196
Dhillon G, Backhouse J (2000) Technical opinion: information system security management in the new millennium. Commun ACM 43(7):125–128
EY (2015) Creating trust in the digital world. Global Information Security Survey (GISS) 2015. https://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2015/$FILE/ey-global-information-security-survey-2015.pdf. Accessed 6 May 2019
Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Proceedings of the 4th international symposium on information, computer, and communications security, pp 183–194
Grawitz M (1993) Méthodes des sciences sociales [Methods in social sciences], 9th éd. Dalloz, Paris
Grüninger M, Fox MS (1995) Methodology for the design and evaluation of ontologies, technical report. University of Toronto, Toronto
Guarino N (ed) (1998) Formal ontology in information systems. In: Proceedings of FOIS’98, Trento
Guo KH, Yuan Y, Archer NP, Connelly CE (2011) Understanding non-malicious security violations in the workplace: a composite behavior model. J Manag Inf Syst 28(2):203–236
Hadlington L (2018) The ‘human factor’ in cybersecurity: exploring the accidental insider. In: McAlaney J, Frumkin LA, Benson V (eds) Psychological and behavioral examinations in cyber security. IGI Global, Hershey, PA, pp 46–63
Hardin R (2001) Conceptions and explanations of trust. In: Cook KS (ed) Trust in society. Russell Sage Foundation, New York, pp 3–39
Hoffman RR, Johnson M, Bradshaw JM, Underbrink A (2013) Trust in automation. IEEE Intell Syst 28(1):84–88
Huang J, Fox MS (2006) An ontology of trust—formal semantics and transitivity. ICEC 6:259–270
ISO/IEC (2013) ISO/IEC 27001, information security management. Technical report
Jian JY, Bisantz AM, Drury CG (2000) Foundations for an empirically determined scale of trust in automated systems. Int J Cogn Ergon 4(1):53–71
Jordan B (1996) The design of computer-supported cooperative work and groupware systems. In: Ethnographic workplace studies and computer supported cooperative work. Elsevier Science, North Holland, pp 17–42
Kaspersky (2015) Carbanak APT—the great bank robbery, Kaspersky Lab Report, February 2015. https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
Keeney M, Kowalski E, Cappelli D, Moore A, Shimeall T, Rogers S (2005) Insider threat study: computer systems sabotage in critical infrastructure sectors. CERT, Software Engineering Institute, Carnegie Mellon University
Kramer RM (1999) Trust and distrust in organizations: emerging perspectives, enduring questions. Annu Rev Psychol 50(1):568–598
Landauer TK (1996) The trouble with computers: usefulness, usability, and productivity. MIT Press, Cambridge, MA
Langer EJ (1975) The illusion of control. J Pers Soc Psychol 32(2):311–328
Lee JD, See KA (2004) Trust in automation: designing for appropriate reliance. Hum Factors 46(1):50–80
Lench HC, Bench SW (2012) Automatic optimism: why people assume their futures will be bright. Soc Personal Psychol Compass 6(4):347–360
Lewis JD, Weigert AJ (2012) The social dynamics of trust: theoretical and empirical research, 1985–2012. Soc Forces 91(1):25–31
Loch K, Carr H, Warkentin M (1992) Threats to information systems: today’s reality, yesterday’s understanding. MIS Q 16(2):173–186
Luhmann N (2000) Familiarity, confidence, trust: problems and alternatives. In: Gambetta D (ed) Trust: making and breaking cooperative relations. Department of Sociology, University of Oxford, pp 94–107. http://www.sociology.ox.ac.uk/papers/luhmann94-107.pdf. Accessed 6 May 2019
Mitnick KD, Simon WL (2011) The art of deception: controlling the human element of security. Wiley, Indianapolis, IN
Möllering G (2001) The nature of trust: from Georg Simmel to a theory of expectation, interpretation and suspension. Sociology 35(2):403–420
Muir BM (1987) Trust between humans and machines, and the design of decision aids. Int J Man Mach Stud 27(5–6):527–539
Muir BM, Moray N (1996) Trust in automation. Part II. Experimental studies of trust and human intervention in a process control simulation. Ergonomics 39(3):429–460
Noy NF, McGuinness DL (2010) Ontology development 101: a guide to creating your first ontology. University Stanford, Stanford, CA. https://protege.stanford.edu/publications/ontology_development/ontology101.pdf. Accessed 6 May 2019
Oltramari A, Henshel D, Cains M, Hoffman B (2015) Towards a human factors ontology for cyber security. In: Proceedings of tenth international conference on semantic technology for intelligence, defense, and security, 18–20 November 2015, Fairfax, VA, pp 26–33. http://ceur-ws.org/Vol-1523/STIDS_2015_T04_Oltramari_etal.pdf. Accessed 6 May 2019
Polanyi M (1967) Sense-giving and sense-reading. Philosophy 42(162):301–325
PwC (2018) The global state of information security® survey 2018—strengthening digital society against cyber shocks. PriceWaterhouseCoopers report
Rajaonah B (2017) A view of trust and information system security under the perspective of critical infrastructure protection. Ing Syst Inf 22(1):109–133
Sasse MA, Flechais I (2005) Usable security: why do we need it? How do we get it? In: Cranor L, Garfinkel S (eds) Security and usability: designing secure systems that people can use. O’ReillyMedia, Sebastopol, CA, pp 13–30
Schneier B (2000) The process of security. Inform Secur 3(4):32
Shropshire J (2009) A canonical analysis of intentional information security breaches by insiders. Inf Manag Comput Secur 17(4):296–310
Slovic P, Fischhoff B, Lichtenstein S (1984) Behavioral decision theory perspectives on risk and safety. Acta Psychol 56(1–3):183–203
Stanton JM, Stam KR, Mastrangelo P, Jolton J (2005) Analysis of end user security behaviors. Comput Secur 24(2):124–133
Tsuchiya S (1993) Improving knowledge creation ability through organizational learning. In: ISMICK 1993: proceedings of the international symposium on the management of industrial and corporate knowledge, pp 87–95
Turner DW (2010) Qualitative interview design: a practical guide for novice investigators. Qual Rep 15(3):754–760
Viljanen L (2005) Towards an ontology of trust. In: Katsikas S, López J, Pernul G (eds) Trust, privacy, and security in digital business. TrustBus 2005. Lecture Notes in Computer Science, 3592. Springer, Berlin, pp 175–184
Weinstein ND (1980) Unrealistic optimism about future life events. J Pers Soc Psychol 39(5):806–820
Whitman ME, Mattord HJ (2011) Principles of information security, 4th edn. Cengage Learning, Mason, OH
Willison R, Warkentin M (2013) Beyond deterrence: an expanded view of employee computer abuse. MIS Q 37:1–20
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Arduin, PE., Rajaonah, B., de Oliveira, K.M. (2020). Trusting Security When Sharing Knowledge?. In: Matos, F., Vairinhos, V., Salavisa, I., Edvinsson, L., Massaro, M. (eds) Knowledge, People, and Digital Transformation. Contributions to Management Science. Springer, Cham. https://doi.org/10.1007/978-3-030-40390-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-40390-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-40389-8
Online ISBN: 978-3-030-40390-4
eBook Packages: Business and ManagementBusiness and Management (R0)