Advertisement

A Knowledge Interface System for Information and Cyber Security Using Semantic Wiki

  • Riku Nykänen
  • Tommi Kärkkäinen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10844)

Abstract

Resilience against information and cyber security threats has become an essential ability for organizations to maintain business continuity. As bullet-proof security is an unattainable goal, organizations need to concentrate to select optimal countermeasures against information and cyber security threats. Implementation of cyber risk management actions require special knowledge and resources, which especially small and medium-size enterprises often lack. Information and cyber security risk management establish knowledge intensive business processes, which can be assisted with a proper knowledge management system. This paper analyzes how Semantic MediaWiki could be used as a platform to assist organizations, especially small and medium-sized enterprises, in their information and cyber security risk management. The approach adopts design science research and service design methodologies in the derivation and evaluation of the system.

Keywords

Information security Cyber security Design science research Knowledge management Risk management 

References

  1. 1.
    Bahrs, J., Müller, C.: Modelling and analysis of knowledge intensive business processes. In: Althoff, K.-D., Dengel, A., Bergmann, R., Nick, M., Roth-Berghofer, T. (eds.) WM 2005. LNCS, vol. 3782, pp. 243–247. Springer, Heidelberg (2005).  https://doi.org/10.1007/11590019_28CrossRefGoogle Scholar
  2. 2.
    Baumeister, J., Striffler, A.: Knowledge-driven systems for episodic decision support. Knowl.-Based Syst. 88, 45–56 (2015)CrossRefGoogle Scholar
  3. 3.
    Belsis, P., Kokolakis, S., Kiountouzis, E.: Information systems security from a knowledge management perspective. Inf. Manag. Comput. Secur. 13(3), 189–202 (2005)CrossRefGoogle Scholar
  4. 4.
    Bhattacharya, D.: Leadership styles and information security in small businesses. Inf. Manag. Comput. Secur. 19(5), 300–312 (2011)CrossRefGoogle Scholar
  5. 5.
    Bundesamt für Sicherheit in der Informationstechnik: IT-Grundschutz Catalogues, 15th edn (2015)Google Scholar
  6. 6.
    Cox, L.A., Babayev, D., Huber, W.: Some limitations of qualitative risk rating systems. Risk Anal. 25(3), 651–662 (2005)CrossRefGoogle Scholar
  7. 7.
    dos Santos França, J.B., Netto, J.M., Barradas, R.G., Santoro, F., Baião, F.A.: Towards knowledge-intensive processes representation. In: La Rosa, M., Soffer, P. (eds.) BPM 2012. LNBIP, vol. 132, pp. 126–136. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36285-9_14CrossRefGoogle Scholar
  8. 8.
    Edvardsson, B.: Quality in new service development: key concepts and a frame of reference. Int. J. Prod. Econ. 52(1), 31–46 (1997)CrossRefGoogle Scholar
  9. 9.
    Fenz, S., Ekelhart, A.: Verification, validation, and evaluation in information security risk management. IEEE Secur. Priv. 9(2), 58–65 (2011)CrossRefGoogle Scholar
  10. 10.
    Fenz, S., Heurix, J., Neubauer, T., Pechstein, F.: Current challenges in information security risk management. Inf. Manag. Comput. Secur. 22(5), 410–430 (2014)CrossRefGoogle Scholar
  11. 11.
    Furnell, S.M., Clarke, N., Komatsu, A., Takagi, D., Takemura, T.: Human aspects of information security: an empirical study of intentional versus actual behavior. Inf. Manag. Comput. Secur. 21(1), 5–15 (2013)CrossRefGoogle Scholar
  12. 12.
    Gregor, S., Maedche, A., Morana, S., Schacht, S.: Designing knowledge interface systems: past, present, and future. In: Breakthroughs and Emerging Insights from Ongoing Design Science Projects: Research-in-Progress Papers and Poster Presentations from the 11th International Conference on Design Science Research in Information Systems and Technology, DESRIST (2016)Google Scholar
  13. 13.
    Gupta, A., Hammond, R.: Information systems security issues and decisions for small businesses: an empirical examination. Inf. Manag. Comput. Secur. 13(4), 297–310 (2005)CrossRefGoogle Scholar
  14. 14.
    Hall, J.H., Sarkani, S., Mazzuchi, T.A.: Impacts of organizational capabilities in information security. Inf. Manag. Comput. Secur. 19(3), 155–176 (2011)CrossRefGoogle Scholar
  15. 15.
    Hevner, A.R.: A three cycle view of design science research. Scand. J. Inf. Syst. 19(2), 87–92 (2007)Google Scholar
  16. 16.
    Iivari, J.: A paradigmatic analysis of information systems as a design science. Scand. J. Inf. Syst. 19(2), 39–64 (2007)Google Scholar
  17. 17.
    Işik, Ö., Mertens, W., Van den Bergh, J.: Practices of knowledge intensive process management: quantitative insights. Bus. Process Manag. J. 19(3), 515–534 (2013)CrossRefGoogle Scholar
  18. 18.
    ISO/IEC 27001:2013: Information technology – Security techniques – Information security management systems – Requirements. ISO copyright office, Geneva, Switzerland (2013)Google Scholar
  19. 19.
    ISO/IEC 27002:2013: Information technology – Security techniques – Information security management systems – Code of practice for information security management. ISO copyright office, Geneva, Switzerland (2013)Google Scholar
  20. 20.
    ISO/IEC 27032:2012: Information technology—Security techniques—Guidelines for cybersecurity. ISO copyright office, Geneva, Switzerland (2012)Google Scholar
  21. 21.
    Jennex, M.E., Zyngier, S.: Security as a contributor to knowledge management success. Inf. Syst. Front. 9(5), 493–504 (2007)CrossRefGoogle Scholar
  22. 22.
    Mansfield-Devine, S.: Securing small and medium-size businesses. Netw. Secur. 2016(7), 14–20 (2016)CrossRefGoogle Scholar
  23. 23.
    Mejias, R.J.: An integrative model of information security awareness for assessing information systems security risk. In: Proceedings of 2012 45th Hawaii International Conference on System Sciences, pp. 3258–3267 (2012)Google Scholar
  24. 24.
    Miles, I., Kastrinos, N., Bilderbeek, R., Den Hertog, P., Flanagan, K., Huntink, W., Bouman, M.: Knowledge-intensive business services: users, carriers and sources of innovation. European Innovation Monitoring System (EIMS) Reports (1995)Google Scholar
  25. 25.
    Morelli, N.: Developing new product service systems (PSS): methodologies and operational tools. J. Clean. Prod. 14(17), 1495–1501 (2006)CrossRefGoogle Scholar
  26. 26.
    Mundbrod, N., Reichert, M.: Process-aware task management support for knowledge-intensive business processes: findings, challenges, requirements (2014)Google Scholar
  27. 27.
    NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems and Organizations Revision 3 (2009)Google Scholar
  28. 28.
    Nykänen, R., Kärkkäinen, T.: Supporting cyber resilience with semantic wiki. In: Proceedings of OpenSym, pp. 21:1–21:8. ACM, New York (2016)Google Scholar
  29. 29.
    Nykänen, R., Kärkkäinen, T.: Tailorable representation of security control catalog on semantic wiki. In: Lehto, M., Neittaanmäki, P. (eds.) Intelligent Systems, Control and Automation: Science and Engineering: Cyber Security: Power and Technology. Springer, Heidelberg (2018)Google Scholar
  30. 30.
    Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)CrossRefGoogle Scholar
  31. 31.
    Pei Lyn Grace, T.: Wikis as a knowledge management tool. J. Knowl. Manag. 13(4), 64–74 (2009)CrossRefGoogle Scholar
  32. 32.
    Randeree, E.: Knowledge management: securing the future. J. Knowl. Manag. 10(4), 145–156 (2006)CrossRefGoogle Scholar
  33. 33.
    Renaud, K.: How smaller businesses struggle with security advice. Comput. Fraud Secur. 2016(8), 10–18 (2016)CrossRefGoogle Scholar
  34. 34.
    Rohn, E., Sabari, G., Leshem, G.: Explaining small business InfoSec posture using social theories. Inf. Comput. Secur. 24(5), 534–556 (2016)CrossRefGoogle Scholar
  35. 35.
    Royce, W.W.: Managing the development of large software systems. In: Proceedings of IEEE WESCON, Los Angeles, vol. 26, pp. 328–338 (1970)Google Scholar
  36. 36.
    Sein, M.K., Henfridsson, O., Purao, S., Rossi, M., Lindgren, R.: Action design research. MIS Q. 35(1), 37–56 (2011)CrossRefGoogle Scholar
  37. 37.
    Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14–30 (2016)CrossRefGoogle Scholar
  38. 38.
    Siponen, M.: Information security standards focus on the existence of process, not its content. Commun. ACM 49(8), 97–100 (2006)CrossRefGoogle Scholar
  39. 39.
    Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Q. 34(3), 503–522 (2010)CrossRefGoogle Scholar
  40. 40.
    Tatar, Ü., Karabacak, B.: An hierarchical asset valuation method for information security risk analysis. In: 2012 International Conference on Information Society, i-Society (2012)Google Scholar
  41. 41.
    Vaculin, R., Hull, R., Heath, T., Cochran, C., Nigam, A., Sukaviriya, P.: Declarative business artifact centric modeling of decision and knowledge intensive business processes. In: 15th IEEE International IEEE Proceedings of Enterprise Distributed Object Computing Conference, EDOC, pp. 151–160 (2011)Google Scholar
  42. 42.
    Venable, J.R.: Design science research post Hevner et al.: criteria, standards, guidelines, and expectations. In: Winter, R., Zhao, J.L., Aier, S. (eds.) DESRIST 2010. LNCS, vol. 6105, pp. 109–123. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13335-0_8CrossRefGoogle Scholar
  43. 43.
    Venable, J.R.: Five and ten years on: have DSR standards changed? In: Donnellan, B., Helfert, M., Kenneally, J., VanderMeer, D., Rothenberger, M., Winter, R. (eds.) DESRIST 2015. LNCS, vol. 9073, pp. 264–279. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-18714-3_17CrossRefGoogle Scholar
  44. 44.
    von Solms, R., van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)CrossRefGoogle Scholar
  45. 45.
    Yeniman, Y.E., Akalp, G., Aytac, S., Bayram, N.: Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int. J. Inf. Manag. 31(4), 360–365 (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.University of JyväskyläJyväskyläFinland

Personalised recommendations