Computing and Information Systems - Theses

Permanent URI for this collection

http://hdl.handle.net/11343/351

Filters

2023 1
1
Reset filters

Settings
Statistics
Citations
Start date: 2020 × End date: 2023 × Author: Agudelo Serna, Carlos Andres ×

Search Results

Now showing 1 - 1 of 1
  • Item
    Thumbnail Image
    Mitigating the risk of knowledge leakage in knowledge intensive organizations: a mobile device perspective
    Agudelo Serna, Carlos Andres ( 2023-02)
    In the current knowledge economy, knowledge represents the most strategically significant resource of organizations. Knowledge-intensive activities advance innovation and create and sustain economic rent and competitive advantage. In order to sustain competitive advantage, organizations must protect knowledge from leakage to third parties, particularly competitors. However, the number and scale of leakage incidents reported in news media as well as industry whitepapers suggests that modern organizations struggle with the protection of sensitive data and organizational knowledge. The increasing use of mobile devices and technologies by knowledge workers across the organizational perimeter has dramatically increased the attack surface of organizations, and the corresponding level of risk exposure. While much of the literature has focused on technology risks that lead to information leakage, human risks that lead to knowledge leakage are relatively understudied. Further, not much is known about strategies to mitigate the risk of knowledge leakage using mobile devices – especially considering the human aspect. Specifically, this research study identified three gaps in the current literature (1) lack of in-depth studies that provide specific strategies for knowledge-intensive organizations based on their varied risk levels. Most of the analysed studies provide high-level strategies that are presented in a generalised manner and fail to identify specific strategies for different organizations and risk levels. (2) lack of research into management of knowledge in the context of mobile devices,. And (3) lack of research into the tacit dimension of knowledge as the majority of the literature focuses on formal and informal strategies to protect explicit (codified) knowledge. To address the aforementioned gaps, this research study adopted an exploratory and managerial practice-based perspective to investigate how knowledge intensive organizations manage their risk of knowledge leakage caused by the use of mobile devices. Hence the main research question: How can knowledge intensive (KI) organizations mitigate the knowledge leakage risk (KLR) caused by the use of mobile devices? To answer the primary research question, the following secondary questions are also addressed: 1. What strategies are used by knowledge-intensive organizations to mitigate the risk of knowledge leakage (KLR) caused by the use of mobile devices? 2. How does the perceived KLR level inform the strategies used by KI organizations? 3. What knowledge assets do knowledge intensive organizations protect from KL? The main contribution of this research study is the development of a theory-informed and empirically grounded classification framework that guides organizations in mitigating their leakage risk and improving their knowledge protection capabilities. The framework was developed through the application of a research model that was informed by a comprehensive review of the relevant literature to identify the key concepts and factors that were relevant to the research aims and questions. These concepts and factors were then organized into a conceptual research model, which served as the foundation for the classification framework. The initial development of the framework was based on theory, i.e., the knowledge-based view of the firm, and incorporated components from the mobile computing literature specifically the mobile usage contexts extending from the social context, interaction framework model of context and the Integrative model of IT business value framework. The mobile usage contexts were grouped into human, enterprise, and technological factors. The research study collected qualitative data from twenty knowledge and information security professionals in managerial and executive positions from different knowledge intensive organizations within Australia which had sanctioned mobile device policies in place. The data was collected through semi-structured interviews and supplementary documentation to improve data triangulation and increase the reliability and validity of the findings. The data collection process followed the Gioia methodology that required continuous data comparison involving simultaneous data analysis and exploration. Based on the findings from the data analysis, a set of strategies were developed and organized into a hierarchical structure to form the classification framework. These constructs were arranged based on their relevance and importance to the research question, and their ability to capture the key concepts and factors identified in the conceptual research model. After this, the collected data informed the further development and extension of the initial conceptual framework into a classification scheme of organizational strategies directed toward the protection of organizational knowledge and leakage mitigation mechanisms followed by knowledge intensive organizations based on the nature of the knowledge (tacit vs explicit) and risk level. This study's findings also contributed to the current literature on knowledge management and knowledge protection literature: 1. By providing a synthesis of specific mitigation strategies and tactics that knowledge intensive organizations can implement categorized into enterprise, human and technological factors. 2. By proposing a classification scheme that was built on a research framework grounded on the information security, knowledge management, knowledge protection, and mobile computing literature and that can be extended to further investigate the leakage phenomenon. 3. By presenting a combination of more innovative approaches from other domains that address tacit knowledge as highlighted from the evidence. 4. By providing the adaptation of several strategies from the information security literature into the knowledge protection literature, such as zero trust, deception, active defence, active reconnaissance, and behaviour analytics. 5. By presenting protection strategies directly targeting mobility, i.e., mobile workers and mobile devices.