Cooperative Information Security Knowledge : Content Validation and incentives to contribute

The aim of this work was to examine the attitude of Chief Information Security Officers (CISOs) towards sharing knowledge with other CISOs in general and in particular the potential characteristics of a collaborative security knowledge sharing tool, which would simplify and encourage knowledge sharing. Building on this, this study intended to establish which key features such a knowledge sharing tool should provide in order to be accepted and actually used by security managers and potentially improve business performance. In this regard, content validation and incentives to contribute to such a system have been identified as key issues. They were investigated by interviewing three CISOs regarding the current state of knowledge organisation and sharing. The interviews were then transcribed and analysed using an explorative method. The analysis identified learning from each other as most important incentive for knowledge sharing and authorship as the main factor regarding credibility of contribution. From this it followed that such a sharing tool should demand users to register with the system in order to give credibility to their knowledge. However, since potentially sensitive business data would be shared, users should be given a choice of whom they would like to be able to access their contribution. Furthermore, it became clear that different levels of information detail should be provided for managers and technicians. Finally, the whole system needs to be managed in order to administrate users and maintain security and data integrity. © 2011 Newcastle University. Printed and published by the Newcastle University, Computing Science, Claremont Tower, Claremont Road, Newcastle upon Tyne, NE1 7RU, England. Bibliographical details STAHL, F., PARKIN, S.E., VAN MOORSEL, A. Cooperative Information Security Knowledge: Content Validation and incentives to contribute [By] F. Stahl, S. E. Parkin, A. van Moorsel Newcastle upon Tyne: Newcastle University: Computing Science, 2011. (Newcastle University, Computing Science, Technical Report Series, No. CS-TR-1241)