A model for describing and maximising security knowledge sharing to enhance security awareness

Abstract

Employees play a crucial role in enhancing information security in the workplace, and this requires everyone having the requisite security knowledge and know-how. To maximise knowledge levels, organisations should encourage and facilitate Security Knowledge Sharing (SKS) between employees. To maximise sharing, we need first to understand the mechanisms whereby such sharing takes place and then to encourage and engender such sharing. A study was carried out to test the applicability of Transactive Memory Systems Theory in describing knowledge sharing in this context, which confirmed its applicability in this domain. To encourage security knowledge sharing, the harnessing of Self-Determination Theory was proposed— satisfying employee autonomy, relatedness and competence needs to maximise sharing. Such sharing is required to improve and enhance employee security awareness across organisations. We propose a model to describe the mechanisms for such sharing as well as the means by which it can be encouraged.