Knowledge transfer in information security capacity building for community- based organizations

Abstract

Community-based organizations (CBOs) in the health and human services sector handle very sensitive client information, such as psychiatric, HIV testing, criminal justice, and financial records. With annual revenue often in the range of $1 to $10 million, these organizations typically lack the financial, labor, and technical resources to identify and manage information security risks within their environment. Therefore, information security risk assessments were conducted at CBOs as part of a university service learning course intended to ultimately improve security within participating CBOs. Knowledge transfer between trainees and trainers is essential in order for security improvements to be realized. Therefore, this paper constructs a theoretical model of knowledge transfer that is used as a lens through which to examine initial study results of the CBO interventions as part of an exploratory study.