Information and Knowledge Management in the Scope of the Information Security practices: the human factor within Organizations

Authors

  • Luciana Emirena Santos Carneiro Pontifícia Universidade Católica de Minas Gerais - Belo Horizonte - MG
  • Maurício Barcellos Almeida Universidade Federal de Minas Gerais, UFMG, Brasil.

DOI:

https://doi.org/10.5007/1518-2924.2013v18n37p175

Keywords:

Information Security, Information and Knowledge Management, Informational Behavior

Abstract

The security of informational assets has always been a corporate requirement. These assets can be scaled in three main spheres, namely, people, organizational processes and technologies. The internet, the web, the broadcast of networks, and the growing presence of technology both in people's lives and in organizational contexts have caused profound transformations in the intrinsic processes that constitute personal and organizational routines. On the one hand, these changes provided by the technological progress have fostered competitiveness and decentralization; on the other hand, they require better management, control, security and protection for information and knowledge. This article presents the results of an investigation within information security realm, focusing on the human aspects of knowledge and information management related to security practices. Using a quality-quantitative approach, we identify behavioral actions and profiles of employees of a company in the field of healthcare, which reveal some connections with information security failures. We conclude that the human element is a relevant variable, even a critical one, for the management of information security in organizations.

Downloads

Download data is not yet available.

References

ALLEN, B. L. Toward a user-centered approach to information systems. Los Angeles: Academic Press, 1996, 308p.

ALMEIDA, M.B. Aplicação de Ontologias em Segurança da Informação. Fonte, v.4, n.7, p.75-83, 2007.

ANDALÉCIO, A.L.; SOUZA, R.R. Ciência Cognitiva e Ciência da Informação: Paralelos. Inf. Inf., v.13, n.1, p.72- 80, jan./jul.,2008.

BABBIE, E. Métodos de Pesquisa Survey. Tradução Guilherme Cezarino. Belo Horizonte: UFMG, 1999. 519 p.

BARBOSA, R. R. Inteligência Empresarial: uma avaliação de fontes de informação sobre o ambiente organizacional externo. Disponível em: <http://www.dgz.org.br/dez02/Art_03.htm>. Acesso:10 dezembro 2011

BEAUTEMENT, A.; SASSE, M.A. (2010). The Compliance Budget: The economics of user effort in information security. Computer Fraud & Security, v.2009, n.10, Pages 8-12, 2009.

CHOO, C. W. A organização do conhecimento. 2a. ed. São Paulo: SENAC, 2006. 426p.

COLWILL, C. Human factors in information security: The insider threat & Who can you trust these days? Disponível em: <http://www.infosec.co.uk/files/istr_article_on_risk.pdf>. Acesso: 22 janeiro 2010.

DA VEIGA, A.; ELOFF, J.H.P. A framework and assessment instrument for information security culture. Computer & Security, v.29, p.196-207, 2010.

EVERETT, C. Cover Story: Education, Education, Education. Infosecurity, n.6, v.5, p. 14-18, 2008.

GHERNAOUTI-HÉLIE, S. An inclusive information society needs a global approach of information security. Disponível em: <http://ieeexplore.ieee.org/>. Acesso: 15 janeiro 2009.

HUANG, D. L.; RAU, P. L. P.; SALVENDY, G. Perception of information security. Behaviour & Information Technology, v.29, n.3, p. 221- 232, 2010.

KRAEMERA,S.; CARAYON, P.; CLEM, J. Human and organizational factors in computer and information security: Pathways to Vulnerabilities. Computer & Security, v.28, p. 509-520, 2009.

MALHOTRA, N. K. Pesquisa de Marketing: Uma Orientação Aplicada. Porto Alegre: Bookman, 2012. 720p.

MARCHIONINI, G. Digital Library Research and Development. Encyclopedia of Library and Information Science, v.63, p.611-19, 1998.

MEADOW, C. T. Text information retrieval systems. San Diego: Academic Press, 1992. 302p.

NARITA, T.; KITAMURA, Y. Persuasive Conversational Agent with persuasion tactics. LNCS, v. 6137, p.15-26, 2010.

NIEKERK, J.F.V.; SOLMS, R.V. Information Security Culture: A management perspective. Computer &Security, v.29, n.4, p.476-486, 2010.

PEREIRA, F. C. M. Uso de fontes de informação: um estudo em micro e pequenas empresas de consultoria de Belo Horizonte.155f. Mestrado em Ciência da Informação – Escola de Ciência da Informação, Universidade Federal de Minas Gerais, Belo Horizonte, 2006.

RICHARDSON, R. J. Pesquisa social: métodos e técnicas. 3ª Ed. São Paulo: Atlas, 2007

SVEEN, F. O.; TORRES, J. M.; SARRIEGI, J. M. Blind Information Security Strategy. International Journal of Critical infrastructure Protection, v.2, p.95-109, 2009.

WILSON, T.D. Revisiting user studies and information needs. Journal of Documentation, v. 62, p.680-684, 2006b

WILSON, T.D. On user studies and information needs. Journal of Documentation, v. 62, p.658-670, 2006c.

WORKMANN, M. Wisecrackers: A Theory-Grounded Investigation of Phishing and Pretext Social Engineering Threats to Information Security. Journal of American Society of Information Science and Technology, v.59, n.4, p. 662–674, 2007.

Published

2013-08-13

How to Cite

CARNEIRO, Luciana Emirena Santos; ALMEIDA, Maurício Barcellos. Information and Knowledge Management in the Scope of the Information Security practices: the human factor within Organizations. Encontros Bibli: revista eletrônica de biblioteconomia e ciência da informação, [S. l.], v. 18, n. 37, p. 175–202, 2013. DOI: 10.5007/1518-2924.2013v18n37p175. Disponível em: https://periodicos.ufsc.br/index.php/eb/article/view/1518-2924.2013v18n37p175. Acesso em: 9 nov. 2024.

Issue

Section

Articles