Enhancing IT security in organizations through knowledge management

Abstract

Security of Information Systems (IS) is a major concern for organizations nowadays as security related risks may affect the organization's information assets badly. Security systems in organizations can benefit a great deal from knowledge and experiences of security experts, practitioners and professionals if this knowledge is acquired, encoded into a knowledge management system and distilled appropriately to help decision making in IS security management. This paper proposes to enhance security of information systems through the development of an architecture sustaining knowledge of IT security within an organization. The architecture uses a tailored set of security processes, policies and solutions to protect the organization's business. The proposed architecture is used to capture the security related knowledge in order to share it and transfer it across the organization. The goal is to increase the efficiency of handling security incidents and to minimize the dependency on security expert personal.