You are on page 1of 12

Knowledge management: securing the

Ebrahim Randeree
Purpose Increased focus on knowledge within rms has not addressed the security implication. This
paper aims to examine the implications of knowledge management for security.
Design/methodology/approach This approach highlights the competitive advantage of knowledge
with an emphasis on security. This paper reviews security for data and information and explores the
dimensions of secure knowledge systems. The emphasis is on knowledge security and the development
of future knowledge management systems.
Findings This paper nds that there exists a general lack of focus on security in the knowledge
management framework both in a research setting and in practical applications. Knowledge is
different from information and data and needs special consideration in rms.
Research implications/limitations Designers of knowledge management systems can implement
levels of security for different types of knowledge that reside within the organization. The concept of
secure knowledge management has provided nascent models to address the management and
protection of knowledge resources. Information systems researchers that are investigating knowledge
have to include the protection and security of knowledge.
Originality/value Knowledge management has moved to the forefront of both the research and
corporate agendas. Harnessing the information and knowledge contained within rm data warehouses
is one method to achieve competitive advantage. Various types of knowledge require different solutions.
Designers of knowledge management systems can implement levels of security for different types of
knowledge that reside within the organization. Future developments need to address securing the
knowledge of a corporation, its most valuable asset.
Keywords Knowledge management, Data security, Knowledge mining
Paper type Research paper
The concept of secure knowledge management is still in the embryonic stage as many
organizations wrestle with information overload. While data and information management
has been the focus of signicant research in the information systems eld, the focus on
knowledge is relatively new. Knowledge management is increasingly becoming an integral
business function for many organizations as they realize that competitiveness hinges on
effective management of intellectual resources (Grover and Davenport, 2001).
Information systems researchers are currently looking at knowledge creation, knowledge
acquisition and knowledge sharing, but have yet to focus their attention on protecting and
securing knowledge. Protection of knowledge has received little attention in the literature
(Liebeskind, 1996; Bloodgood and Salisbury, 2001). Asllani and Luthans (2003) surveyed
307 knowledge managers about their job roles and found little or no evidence of security
issues in their jobs; their primary role was focused on communication within the organization.
King et al. (2002) surveyed 2,073 knowledge management practitioners using a three-stage
Delphi study approach and found that security issues relating to knowledge ranked tenth
among the respondents.
DOI 10.1108/13673270610679435 VOL. 10 NO. 4 2006, pp. 145-156, Q Emerald Group Publishing Limited, ISSN 1367-3270
PAGE 145
EbrahimRanderee is based
at the School of
Management, State
University of New York at
Buffalo, Buffalo, New York,
If knowledge is determined to be the most important resource of the rm, then clearly the need
to secure that resource must be a primary responsibility. Much of the delay in addressing
secure knowledge management is the misconception that securing knowledge is similar to
securing data and information. If knowledge is power and a source of competitive advantage
(Salisbury, 2003), then there needs to be special attention given to securing knowledge and
knowledge repositories within the rm to protect the core assets of the organization.
Managing the data, information and knowledge within the organization as well as using it to
gain a competitive advantage in an organization has developed into the eld of knowledge
management. Knowledge management essentially consists of processes and tools to
effectively capture and share data as well as use the knowledge of individuals within an
organization. The last decade has witnessed an explosion of information generated within
companies due to the increase use of technology. Harnessing the information and knowledge
contained within data warehouses is one method to achieve industry-leading performance
(Matusik and Hill, 1998). Firms that develop and leverage knowledge resources achieve
greater success than rms who are more dependent on tangible resources (Autio et al., 2000).
The following sections will begin with an overview of the development of knowledge and then
proceed to explain the emergence of the knowledge-based view. The essence of the
knowledge-based view must be understood to appreciate the value of knowledge to the rm.
The paper will then review security for data and information and look at why knowledge is
different. In trying to protect knowledge, the dimensions of knowledge must be understood.
The different types of knowledge require different secure solutions. Finally, the focus will turn to
critical issues for research in the area of secure knowledge management. The emphasis will
be on knowledge security and the development of knowledge management systems.
Knowledge characteristics and the knowledge-based view
The common description of data, information and knowledge is presented in a hierarchical
view. At a fundamental level, knowledge is information possessed by individuals within the
organization. Similarly knowledge becomes information once it is articulated and presented
in explicit form. Systems designed to support knowledge may not appear to be radically
different from other forms of information systems, but will be aimed towards enabling users
to assign meaning to information and to capture their knowledge (Alavi and Leidner, 2001).
The denitions of knowledge have been studied in many contexts and through many
generations and can be problematic in its denition and scope. Researchers have dened
knowledge as: what you knowand howyou knowit, individual competencies and information
(Zander and Kogut, 1995), and a factor of production (Nonaka and Takeuchi, 1995). The
properties of knowledge include:
B context specicity the extent to which knowledge is contextualized and dependent on
the environment (Nelson and Winter, 1982);
B dispersion how widely held is the knowledge (Weick and Roberts, 1993);
B tacitness the extent to which the knowledge is codiable or not (Nonaka and Takeuchi,
B transferability transfer between and within rms (Grant, 1996b);
B reception or absorption ability to absorb knowledge (Cohen and Levinthal, 1990); and
If knowledge is determined to be the most important resource
of the rm, then clearly the need to secure that resource must
be a primary responsibility.
PAGE 146
VOL. 10 NO. 4 2006
B complexity difculty in comprehending (Dierickx and Cool, 1989; McEvily and
Chakravarthy, 2002).
As organizations adjust to the new economy, their focus on creating and sustaining
competitive advantages revolves around leveraging their strengths. Above-average returns
come fromthe unique value that rms offer to customers. Firms have shifted their focus from
operational efciencies to developing and deploying core capabilities (Eisenhardt and
Martin, 2000; Eisenhardt and Santos, 2001). Core capabilities revolve around the bundle of
technical know-how and operational know-what (Smith and Hansen, 2002; Kogut and
Zander, 1992). The recognition of internal knowledge resources can assist rms in exploiting
these resources to create and sustain advantages. Barney (1991) dened the nature of the
resources needed for generating competitive advantage. Acquiring or developing
resources is critical to improving the rms ability to generate consistent rm performance;
the more intangible the resource, the harder it is for competitors to imitate. The focus on
knowledge stems from the fact that it has the inherent characteristics dened in the
resource-based view (Wernerfelt, 1984; Barney, 1986). Kogut and Zander studied the
various ways that knowledge affects organization structure and performance, and the
variation in rm performance (Kogut and Zander, 1992, 1993, 1995; Zander and Kogut,
1995). Other researchers also focused on knowledge as a crucial resource (Cohen and
Levinthal, 1990; Spender and Grant, 1996; Nonaka, 1994; Zander and Kogut, 1995).
The emerging knowledge-based view of the rm (KBV) emphasizes the role of knowledge
as the focal resource and the driver of sustainable advantage (Grant, 1996a), linking of
knowledge to tasks (Becerra-Fernandez and Sabherwal, 2001), linking knowledge to
competitive advantage (Nidumolu et al., 2001), and examining knowledge from an
organizational view, i.e. technology, structure, and culture (Gold et al., 2001). Research also
addresses how knowledge assets are developed in response to environmental change and
organizational processes and is shared (Teece, 1998; Teece et al., 1997; McEvily et al.,
2000; Nelson and Cooprider, 1996).
How is data and information security different from knowledge security
While the concept of data as raw facts is easily understood, the confusion surrounding
information and knowledge is pervasive. Analysts and users tend to confuse information
management with knowledge management. Information management revolves around the
processing of data though spreadsheets, databases, application programs, etc. Most of the
concepts revolve around explicit representations and codied objects. Knowledge
management on the other hand is more intangible and less codied: the focus is on
learning, intelligence, innovation, etc. Neither the technology nor the performance measures
generated by knowledge management systems are primary; the focus is on the issues larger
than the data and the information available. The security of that information is vital to the
survival of the organization.
Numerous software vendors have addressed data and information security concerns. The
plurality of options available to rms testies to the expertise that protects information.
Minimal security for data and information includes: encryption, secure logon through
passwords, remote network access control, authentication mechanisms, and physical
protections. Data and information security revolve around issues of collection, improper
access, errors, and unauthorized secondary usage (Milberg et al., 2000; Smith et al., 1996;
Milberg et al., 1995; Stewart and Segars, 2002). A primary difference in security is the uid
nature of knowledge. It is usually difcult to pre-determine the types of knowledge requests
and the levels of information required (Hahn and Subramani, 2000).
Knowledge security should focus on current indicators of
knowledge as the basis for design.
VOL. 10 NO. 4 2006
PAGE 147
Issues surrounding secure knowledge management
The user is different and the structure of the knowledge management system has to be
exible in order to be functional. The nascent stage of knowledge management systems
makes the denition of security difcult. Recent research has shown that effective
knowledge management requires a knowledge infrastructure (technology, culture, and
structure), and a knowledge process architecture (acquisition, conversion, application, and
protection) (Gold et al., 2001). For a rm to generate and preserve a competitive advantage,
it is vital that the knowledge be protected (Liebeskind, 1996; Helms et al., 2000).
Knowledge security should focus on current indicators of knowledge as a basis for design. A
rms indicator of knowledge advantage is its ability to control large amounts of knowledge
stock. Knowledge stock is an indication of tacit knowledge within the rm, but is an explicit
representation of knowledge. Stock is usually measured by R&D capabilities, patents, and
scientic citations attributable to the rm versus its competitors (Decarolis and Deeds,
1999). Patents and citations are reliable measures of R&D activities because they reect the
output of R&D intensity and the capabilities developed within the rm (Mowery et al., 1996).
Similarly, rms that can codify and transfer knowledge stock are more successful than those
who do not. Codifying tacit knowledge allows for sharing and leveraging of these resources
within the rm. The fact that rms have exclusive access to the knowledge resources within
that rm gives it an advantage over competitors. As employees transform tacit knowledge to
explicit knowledge, the rm may no longer have a resource that is valuable, rare, inimitable,
and non-substitutable. Although the nature of tacit based knowledge is such that exact
duplication by another rm is difcult at best, codication and dissemination allows other
organizations to develop a substitute or to attempt to imitate. The absorptive capacity and
the learning capacity of the rm are critical to the exploitation of knowledge resources (Van
den Bosch et al., 1999; Cohen and Levinthal, 1990). The easiest knowledge to secure is that
which remains in the tacit form (Bloodgood and Salisbury, 2001).
Secure knowledge management activities include: limiting the number of employees who
have access to certain information, making sure no single employee has access to the
majority of information surrounding a newproduct, and maintaining a causal ambiguity around
a rms ability to successfully compete (Bloodgood and Salisbury, 2001). Limiting employees
with access provides a mechanism for rms to only give key personnel access to critical
knowledge. For example: line employees in a manufacturing setting should have access to
component knowledge and scheduling; administration should have access to cost and
employee skills; top management should have revenue forecasts and future enhancement
information. Limiting employee access can focus employees on the information they possess
making them more familiar with the content. It can also prevent information leakage to
competitors and may serve as a way to protect competitive advantage. Limiting employees
allows for implementation of detailed audit trails for management nding out who reviewed
the knowledge and also facilitating greater access to employees who should be in the loop.
A second security activity involves keeping all the information out of the hands of one
employee. This is done for competitive reasons. With increased mobility of employees
between rms, knowledge concentrated in one or a small group of individuals can be a threat
to the competitiveness of the rm. Employees can leave the rm taking the knowledge with
them especially the tacit knowledge captured in the organization. Another concern with
concentrating knowledge in one individual occurs if that individual retires or is ill. This can
affect the operations of the rm. From a leverage standpoint, allowing a single employee
access to a large amount of knowledge can be a security risk. A third security concern
The protection of knowledge may inhibit the transfer and
sharing processes.
PAGE 148
VOL. 10 NO. 4 2006
involves causal ambiguity of a rms core skills. Maintaining causal ambiguity allows a rm to
mask its competencies from external threats. Causal ambiguity can form a foundation for rm
dominance (Simonin, 1999; Reed and Dellippi, 1990; Lippman and Rumelt, 1982). One
perspective suggests that causal ambiguity regarding competencies and performance is
necessary among internal and external managers for sustainable competitive advantage
because it severely limits imitation (King and Zeithaml, 2001).
The protection of knowledge may inhibit the transfer and sharing processes. The increased use
of virtual teams, outsourcing and alliances, require special considerations for the sharing of
knowledge. Information and data security considerations are not applicable for many reasons:
distributed, shared teamwork by multiple rms is not supported; the degree of collaboration or
coupling is higher; sharing is based on trust; and current measures focus on database and
data security (Damm and Schindler, 2002). Kesh provided a framework for analyzing
e-commerce security that provides a template for KM systems to emulate (Kesh et al., 2002).
The transfer of knowledge both within and between rms and the learning that a rm
undertakes is difcult to achieve. The ambiguity and tacitness of the knowledge make the
success of the transfer difcult. Securing knowledge should include planning for the
interactions between the variables that moderate the transfer mechanism. The interaction
between employees determines the extent of the relationship. The rm also plays a role in
creating an environment that fosters employee interaction, sharing, and learning. The
following macro-level dimensions (see Table I) should be explored in the development of
secure knowledge management systems.
Table I Dimensions for creating secure KM systems
Macro-level dimension Denition and previous research
Relationship capital Refers to the measure of the trust and partnerships that embodies the
employees within the rm. The close interaction at the personal level
between employees affects performance (Kale et al., 2000). High
relationship capital will foster more knowledge transfer between
employees. Security should focus on building trust
Asset protections Refers to the measure of the extent to which the rm protects its core
know-how or assets (Kale et al., 2000). While relationship capital
alleviates the need for asset protection, a rm that seeks to protect its
assets will show that it recognizes core knowledge resources
Knowledge environment Refers to the measure of the extent to which the rm creates an
environment of learning. Fostering employee learning and creating
environments where the exchanges of ideas are shared helps to
increase the likelihood of knowledge transfer and externalization of
knowledge. Trust was found to an antecedent to sharing (Nelson and
Cooprider, 1996; Roberts, 2000)
Knowledge transfer Refers to the measure of the strength of the rms ability to transfer
knowledge into the rm from the employees. Knowledge transfer
depends on how easily that knowledge can be transported, interpreted,
and absorbed (Simonin, 1999). Mechanisms for security should not
inhibit this process but should guard against unauthorized transfers
Ambiguity Refers to the item measure of the competency and transferability of
employee knowledge (Simonin, 1999; Reed and Dellippi, 1990). A
strong barrier to imitation originates from the inability of competitors to
comprehend the competencies that are sources of competitive
advantages. Expanding on Lippman and Rumelts (1982) concept of
causal ambiguity
Tacitness Refers to the measure of the perceived view of the tacitness of
knowledge within the rm (Simonin, 1999). Dened as the implicit and
non-codiable accumulation of skills that result from learning by doing
VOL. 10 NO. 4 2006
PAGE 149
Issues for research in secure knowledge management
The rm exists as a repository of knowledge over time (Zander and Kogut, 1995). The
variables capture the degree to which a capability can be communicated and understood.
Drawing on the seminal work of Rogers, the dimensions of knowledge that constitute a rms
capabilities includes codiability, teachability, and observability (Rogers, 1995). Knowledge
intensity and imitability can contribute to its causal nature and lead to competitive
advantages. Key dimensions or characteristics of knowledge can form the basis of future
research (see Table II). The characteristics dened in Table II form the future for research on
security issues. Initially, organizations must review the codied knowledge that currently
resides within the rm in manuals, databases, reports, publications, and other artifacts.
These codied entities must then be protected through security mechanisms. The
abundance of codied material is one of the biggest risks to organizations. For example,
companies tend to display their knowledge through websites that may be providing both
hackers and competitors with information that should be protected. Researchers should
focus on how rms create codied knowledge and the level of codication that is sufcient
for knowledge sharing, while still maintaining security. Sharing knowledge can be very easy
protections need to be initiated to reect what is being shared and with whom. In a long
term view, the rm should decide on how to prevent competitors from recruiting their
employees with knowledge of the rms processes, products, and competitive advantages.
Researchers can investigate the level of security placed on different employees similar to the
levels implemented at national intelligence organizations. The impacts on the rm of skilled
and knowledgeable employees leaving the rm should be quantied and addressed.
The prevalence of outsourcing and the use of reverse engineering can allow competitors to
extract knowledge from the organization. Product and service information should be
reviewed for potential knowledge outows. Researchers in outsourcing should investigate
the role of knowledge outows and the use of governance and contracts to protect
proprietary information from non-secure entities that exist beyond the scope of the
outsourcing agreement. The observability and imitability of the knowledge can lead to
Table II Basis for future research in KM systems
Characteristics Denition
Codiability Refers to the extent to which knowledge of rm processes and operations are
explicitly documented. This knowledge may be substantive, e.g. in blueprints, or
it may be procedural, e.g. in a recipe for carrying out a task (Kogut and Zander,
1992, 1993; Zander and Kogut, 1995). Knowledge that is easily codiable is not
Teachability Refers to the ease by which know-how within the rm is shared with new
employees. To the extent that this know-how is easily taught, the transfer is more
feasible and can be expedited (Kogut and Zander, 1992, 1993; Zander and
Kogut, 1995). If the knowledge within the rmis easily shared, the tacit dimension
is low
Observability Refers to the extent to which capabilities of the rm can be ascertained through
reverse engineering or through published documentation (Kogut and Zander,
1992, 1993; Zander and Kogut, 1995). Highly observable capabilities reduce the
extent of tacit knowledge resources
Imitability Refers to the extent whereby outsiders could easily copy the rms core
processes/technologies (Autio et al., 2000). Initially suggested by Zander and
Kogut (1995), it assesses the time it takes outsiders to learn the technology by
observation or by learning it via normal operations
Intensity Refers to the measure of the knowledge intensity through reputation,
input/output, and rm strategy. While these do not distinguish between tacit
versus explicit knowledge, they are assessing overall knowledge intensity (Autio
et al., 2000). Resources characterized by knowledge intensity are difcult to
imitate and are associated with causal ambiguity (Reed and Dellippi, 1990)
PAGE 150
VOL. 10 NO. 4 2006
security risks for the organization. Security protections should address the tacitness of the
knowledge and the security mechanisms that protect knowledge.
Issues for research in KMS design
Current denitions of knowledge management systems (KMS) are incomplete. They refer to
a class of information systems applied to manage organizational knowledge; they are
IT-based systems developed to support and enhance the organizational processes of
knowledge creation, storage/retrieval, transfer, and application (Alavi and Leidner, 1999).
The focus on security is missing. At a minimum, KMS should provide the same security as
data and information security systems. Knowledge is the analysis of data and information:
measures of protection for data and information will affect the accuracy of decisions based
on rm knowledge. Knowledge may be stolen: having knowledge captured and stored in
digital form allows for easier violations of security (Stewart et al., 2000).
Zhu and Iyer (2003) propose an architecture to combine different type of technologies for the
development of knowledge repository systems; these systems can provide connections
between knowledge and people and connections between people and people and is built
on the understanding that the knowledge management scenario where the system will be
used will be key to the selection of technologies. The proposed architecture contains three
processes: information representation, information processing, and information
presentation; there are no explicit provisions for securing the knowledge within the
Hahn and Subramani (2000) provided a framework (see Table III) to categorize the current
knowledge management support systems available. Researchers can adapt the framework
to prioritize exposure points for knowledge and then develop mechanisms and policies to
protect the knowledge (see Table IV). By addressing the type of knowledge and its form
within the organization, the development of knowledge protections can be tailored for
strategic t.
Table III Framework for KM support
Locus of knowledge
Artifact Individual
Locus of a priori
Structured Document repository Yellow page of experts
Data warehousing Expertise proles and databases
Unstructured Collaborative ltering Electronic discussion
Intranets and search engines Forums
Source: Hahn and Subramani (2000)
Table IV Proposed framework for KM protection
Locus of knowledge
Artifact Individual
Locus of a priori structure Structured Secure logons Internal use only
Restricted access Document interactions for repository
Data/information verication
Similar to DBMS protections
Unstructured KMS tracking Create forum moderators
Time stamps Corporate policies
Security levels
VOL. 10 NO. 4 2006
PAGE 151
Inter-organizational vs intra-organizational security
Much of the discussion in this paper is focused on inter-organizational knowledge security.
The role of knowledge management and the security of knowledge is seen as challenging
when dealing with other rms and sharing information in collaborative projects. As interrm
exchanges increase and supply chains reduce rm boundaries, the security issues of
knowledge management between rms will be critical to a rms survival. Firms can apply
the same policies/procedures used to secure knowledge between rms to the
departments/business units within rms. Looking at intra-rm issues, top management
must also device mechanisms to identify and prevent unauthorized use of rm knowledge.
For example: KMS can use resource-based access control (RBAC) with elds for internal or
external user. Security of knowledge management should be linked to others programs
within the rm as part of a broader control policy. While some rms impose no restrictions
whatsoever on who can access knowledge and information, others protect parts of their
knowledge restricting access to selected people and groups (Riege, 2005). It would seem
logical for a rm to erect strict controls for inter-organizational sharing where knowledge is
going beyond the rms boundaries than in cases of intra-organizational sharing where
knowledge ows are limited to employees.
Model for future research
In addressing the previous dimensions and concerns, the research into knowledge should
follow an approach that incorporates the three areas highlighted; the theory behind the
importance of knowledge, the characteristics of the knowledge, and the security issues of
knowledge management:
1. Theoretical development. Using the resource-based view as the starting point, the
knowledge-based view has received attention in various literature streams in both
strategic management and information systems. Further research into the constructs that
support the knowledge-based and the practical inuence on the theory from industry
should be explored to understand the importance of knowledge in the new economy.
Development of a research stream on knowledge can supplement previous research on
technology acceptance and technology adoption. Integration of knowledge concepts
within strategic information systems and inter-organizational systems research will
strengthen existing models.
2. Knowledge characteristics. The dimensions of knowledge (Table II) need to be address
so that researchers can understand the implications for specic industries.
Understanding the dimensions of knowledge and the tacit nature of its collection can
affect the development of secure systems. Exploring the differences in current thinking on
data and information, and contrasting that with knowledge can present new approaches
to database design, systems development, and transfer mechanisms.
3. Security issues. The research should address the concerns raised in the paper (Tables I
and III). Designers of security systems will need to focus on how the knowledge is being
created, collected, and shared, and with whom. The macro-level issues should be
supported by a micro-level understanding of knowledge characteristics. The role of
knowledge in creating and sustaining competitive advantage needs to be explored from
both the theory development view and the practical applications within organizations.
The abundance of codied material is one of the biggest risks
to organizations.
PAGE 152
VOL. 10 NO. 4 2006
Recent attention to liability and terrorism has increased the importance of security
mechanisms that protect intellectual capital.
Using the security mechanisms presented in Table IV, designers of KMS can implement
levels of security for different types of knowledge that reside within the organization. The
concept of secure knowledge management has provided nascent models to address the
management and protection of knowledge resources. Information systems researchers
that are investigating knowledge creation, knowledge acquisition and knowledge sharing,
have to include the protection and security of knowledge. Future developments will need to
focus on data and applications security as well as in knowledge management.
Researchers need to explore the techniques developed for securing databases and
applications and apply them to securing the knowledge of a corporation, its most valuable
asset. Knowledge management systems will not appear radically different from existing IS,
but will be extended toward helping the user assimilate information (Alavi and Leidner,
1999). Secure knowledge management will include areas such as protecting the
intellectual assets, secure collaboration, secure multimedia data and applications, secure
semantic web as well as secure peer-to-peer computing. The nature of the knowledge
being protected will determine the type of secure system that is implemented.
Future challenges
Employees are demanding more information and knowledge to increase their effectiveness.
Capturing all the data, information and knowledge is half the battle sharing the knowledge
without compromising security or competitiveness is challenging. The current literature has
examined how, why, when, and where to leverage knowledge assets; they have ignored the
question how to secure knowledge assets (Desouza and Vanapalli, 2005). One of the
immediate challenges facing knowledge managers is nding the balance between open
knowledge sharing and enterprise intellectual capital management. Knowledge sharing is
as much of a people issue as it is technological (Riege, 2005); technology can act as both a
facilitator and a control mechanisms to protect knowledge. Knowledge sharing involves the
dissemination of information and knowledge throughout the business unit or organization.
Firms see benets to sharing knowledge and establish motivational approaches and
communication mechanisms to share knowledge (Yang, 2004). Some of the sharing can be
control through access controls, passwords, group meetings, etc. Knowledge captured in
KMS has to include security protections and policies that govern access and usage
parameters. If managed effectively, sharing can occur within the right context and with the
right people. Sharing can occur within and between business functions, in formal and
informal approaches, and via tacit or explicit methods (Riege, 2005). With increasing threats
to rms, some have suggested a creation of a knowledge management system for IS
security management (Belsis et al., 2005). The security of knowledge has to be incorporated
into the companys goals and strategic objectives. The culture of the rm needs to support
sharing while still including security protections.
Alavi, M. and Leidner, D.E. (1999), Knowledge management systems: issues, challenges, and
benets, Communication of the Association for Information Systems, Vol. 1 No. 7, pp. 1-37.
Alavi, M. and Leidner, D.E. (2001), Review: knowledge management and knowledge management
systems: conceptual foundations and research issues, MIS Quarterly, Vol. 25 No. 1, pp. 107-36.
Asllani, A. and Luthans, F. (2003), What knowledge managers really do: an empirical and comparative
analysis, Journal of Knowledge Management, Vol. 7 No. 3, pp. 53-66.
Autio, E., Sapienza, H.J. and Almeida, J.G. (2000), Effects of age at entry, knowledge intensity, and
imitability on international growth, Academy of Management Journal, Vol. 43 No. 5, pp. 909-24.
Barney, J.B. (1986), Strategic factor markets: expectations, luck, and business strategy, Management
Science, Vol. 32 No. 10, pp. 1231-41.
Barney, J.B. (1991), Firm resources and sustained competitive advantage, Journal of Management,
Vol. 17 No. 1, pp. 99-120.
VOL. 10 NO. 4 2006
PAGE 153
Becerra-Fernandez, I. and Sabherwal, R. (2001), Organizational knowledge management: a
contingency perspective, Journal of Management Information Systems, Vol. 18 No. 1, pp. 23-55.
Belsis, P., Kokolakis, S. and Kiountouzis, E. (2005), Information systems security from a knowledge
management perspective, Journal: Information Management and Computer Security, Vol. 13 No. 3,
pp. 189-202.
Bloodgood, J.M. and Salisbury, W.D. (2001), Understanding the inuence of organizational change
strategies on information technology and knowledge management strategies, Decision Support
Systems, Vol. 31 No. 1, pp. 55-69.
Cohen, W.M. and Levinthal, D.A. (1990), Absorptive capacity: a new perspective on learning and
innovation, Administrative Science Quarterly, Vol. 35, pp. 128-52.
Damm, D. and Schindler, M. (2002), Security issues of a knowledge medium for distributed project
work, International Journal of Project Management, Vol. 20 No. 1, pp. 37-47.
Decarolis, D.M. and Deeds, D.L. (1999), The impact of stocks and ows of organizational knowledge on
rm performance: an empirical investigation of the biotechnology industry, Strategic Management
Journal, Vol. 20, pp. 953-68.
Desouza, K. and Vanapalli, G. (2005), Securing knowledge in organizations: lessons from the
defense and intelligence sectors, International Journal of Information Management, Vol. 25 No. 1,
pp. 85-98.
Dierickx, I. and Cool, K. (1989), Asset stock accumulation and sustainability of competitive
advantage, Management Science, Vol. 35 No. 12, pp. 1504-11.
Eisenhardt, K.M. and Martin, J.A. (2000), Dynamic capabilities: what are they?, Strategic
Management Journal, Vol. 21, pp. 1105-21.
Eisenhardt, K.M. and Santos, F.M. (2001), Knowledge-based view: a new theory of strategy, in
Pettigrew, A., Thomas, H. and Whittington, R. (Eds), Handbook of Strategy and Management, Sage
Publications, London.
Gold, A.H., Malhotra, A. and Segars, A.H. (2001), Knowledge management: an organizational
capabilities perspective, Journal of Management Information Systems, Vol. 18 No. 1, pp. 185-214.
Grant, R.M. (1996a), Toward a knowledge-based theory of the rm, Strategic Management Journal,
Vol. 17, pp. 109-22.
Grant, R.M. (1996b), Prospering in dynamically-competitive environments: organizational capability as
knowledge integration, Organization Science, Vol. 7 No. 4, pp. 375-87.
Grover, V. and Davenport, T.H. (2001), General perspectives on knowledge management: fostering a
research agenda, Journal of Management Information Systems, Vol. 18 No. 1, pp. 5-21.
Hahn, J. and Subramani, M. (2000), A framework of knowledge management systems: issues and
challenges for theory and practice, International Conference on Information Systems, Brisbane,
Australia, pp. 302-12.
Helms, M.M., Ettkin, L.P. and Morris, D.J. (2000), Shielding your company against information
compromise, Information Management and Computer Security, Vol. 8 No. 3, pp. 117-30.
Kale, P., Singh, H. and Perlmutter, H. (2000), Learning and protection of proprietary assets in strategic
alliances: building relational capital, Strategic Management Journal, Vol. 21 No. 3, pp. 217-37.
Kesh, S., Ramanujan, S. and Nerur, S. (2002), A framework for analyzing e-commerce security,
Information Management and Computer Security, Vol. 10 No. 4, pp. 149-58.
King, A.W. and Zeithaml, C.P. (2001), Competencies and rm performance: examining the causal
ambiguity paradox, Strategic Management Journal, Vol. 22, pp. 75-99.
King, W.R., Marks, P.V. and McCoy, S. (2002), The most important issues in knowledge management,
Communication of the ACM, Vol. 45 No. 9, pp. 93-7.
Kogut, B. and Zander, U. (1992), Knowledge of the rm, combinative capabilities, and the replication of
technology, Organization Science, Vol. 3 No. 3, pp. 383-97.
Kogut, B. and Zander, U. (1993), Knowledge of the rm and the evolutionary theory of the
multinational, Journal of International Business Studies, Vol. 24 No. 4, p. 625.
PAGE 154
VOL. 10 NO. 4 2006
Kogut, B. and Zander, U. (1995), Knowledge, market failure and the multinational enterprise: a reply,
Journal of International Business Studies, Vol. 26 No. 2, pp. 417-26.
Liebeskind, J.P. (1996), Knowledge, strategy, and the theory of the rm, Strategic Management
Journal, Vol. 17, pp. 93-107.
Lippman, S.A. and Rumelt, R.P. (1982), Uncertain imitability: an analysis of interrm differences in
efciency under competition, Bell Journal of Economics, Vol. 13 No. 2, pp. 418-38.
McEvily, S.K. and Chakravarthy, B. (2002), The persistence of knowledge-based advantage: an
empirical test for product performance and technological knowledge, Strategic Management Journal,
Vol. 23, pp. 285-305.
McEvily, S.K., Das, S. and McCabe, K. (2000), Avoiding competence substitution through knowledge
sharing, Academy of Management Review, Vol. 25 No. 2, pp. 294-311.
Matusik, S.F. and Hill, C.W.L. (1998), The utilization of contingent work, knowledge creation, and
competitive advantage, Academy of Management Review, Vol. 23 No. 4, pp. 680-97.
Milberg, S.J., Smith, H.J. and Burke, S.J. (2000), Information privacy: corporate management and
national regulation, Organization Science, Vol. 11 No. 1, pp. 35-57.
Milberg, S.J., Burke, S.J., Smith, H.J. and Kallman, E.A. (1995), Values, personal information privacy,
and regulatory approaches, Communication of the ACM, Vol. 38 No. 12, pp. 65-74.
Mowery, D.C., Oxley, J.E. and Silverman, B.S. (1996), Strategic alliances and interrm knowledge
transfer, Strategic Management Journal, Vol. 17, pp. 77-91.
Nelson, K.M. and Cooprider, J.G. (1996), The contribution of shared knowledge to IS group
performance, MIS Quarterly, Vol. 20 No. 4, pp. 409-32.
Nelson, R.R. and Winter, S.G. (1982), Evolutionary Theory of Economic Change, Belknap Press,
Cambridge, MA.
Nidumolu, S.R., Subramani, M. and Aldrich, A. (2001), Situated learning and the situated knowledge
web: exploring the ground beneath knowledge management, Journal of Management Information
Systems, Vol. 18 No. 1, pp. 115-50.
Nonaka, I. (1994), A dynamic theory of organizational knowledge creation, Organization Science,
Vol. 5 No. 1, pp. 14-37.
Nonaka, I. and Takeuchi, H. (1995), The Knowledge-creating Company: How Japanese Companies
Create the Dynamics of Innovation, Oxford University Press, New York, NY.
Reed, R. and Dellippi, R.J. (1990), Casual ambiguity, barriers to imitation, and sustainable competitive
advantage, Academy of Management Review, Vol. 15 No. 1, pp. 88-102.
Riege, A. (2005), Three-dozen knowledge-sharing barriers managers must consider, Journal of
Knowledge Management, Vol. 9 No. 3, pp. 18-35.
Roberts, J. (2000), From know-how to show-how? Questioning the role of information and
communication technologies in knowledge transfer , Technology Analysis and Strategic
Management, Vol. 12 No. 4, pp. 429-43.
Rogers, E.M. (1995), The Diffusion of Innovations, Free Press, New York, NY.
Salisbury, M.W. (2003), Putting theory into practice to build knowledge management systems, Journal
of Knowledge Management, Vol. 7 No. 2, pp. 128-41.
Simonin, B.L. (1999), Ambiguity and the process of knowledge transfer in strategic alliances, Strategic
Management Journal, Vol. 20 No. 7, pp. 595-623.
Smith, H.J., Milberg, S.J. and Burke, S.J. (1996), Information privacy: measuring individuals; concern
about organizational practices, MIS Quarterly, Vol. 20 No. 2, pp. 167-96.
Smith, M. and Hansen, F. (2002), Managing intellectual property: a strategic point of view, Journal of
Intellectual Capital, Vol. 3 No. 4, pp. 366-74.
Spender, J.C. and Grant, R. (1996), Knowledge and the rm: overview, Strategic Management
Journal, Vol. 17, pp. 5-9.
VOL. 10 NO. 4 2006
PAGE 155
Stewart, K.A. and Segars, A.H. (2002), An empirical examination of the concern of information privacy
instrument, Information Systems Research, Vol. 13 No. 1, pp. 36-49.
Stewart, K.A., Baskerville, R., Storey, V.C., Senn, J.A., Raven, A. and Long, C. (2000), Confronting the
assumptions underlying the management of knowledge: an agenda for understanding and investigating
knowledge management, Database for Advances in Information Systems, Vol. 31 No. 4, pp. 41-53.
Teece, D.J. (1998), Capturing value from knowledge assets: the new economy, markets for know-how,
and intangible assets, California Management Review, Vol. 40 No. 3, pp. 55-79.
Teece, D.J., Pisano, G. and Shuen, A. (1997), Dynamic capabilities and strategic management,
Strategic Management Journal, Vol. 18 No. 7, pp. 509-33.
Van den Bosch, F.A.J., Volberda, H.W. and de Boer, M. (1999), Coevolution of rm absorptive capacity
and knowledge environment: organizational forms and combinative capabilities, Organization Science,
Vol. 10 No. 5, pp. 551-68.
Weick, K.E. and Roberts, K.H. (1993), Collective mind in organizations: heedful interrelating on ight
decks, Administrative Science Quarterly, Vol. 38 No. 3, pp. 357-81.
Wernerfelt, B. (1984), A resource-based view of the rm, Strategic Management Journal, Vol. 5,
pp. 171-80.
Yang, J.-T. (2004), Job-related knowledge sharing: comparative case studies, Journal of Knowledge
Management, Vol. 8 No. 3, pp. 118-26.
Zander, U. and Kogut, B. (1995), Knowledge and the speed of the transfer and imitation of
organizational capabilities: an empirical test, Organization Science, Vol. 6, pp. 76-92.
Zhu, B. and Iyer, B. (2003), The design for an effective knowledge repository system, paper presented
at the Minnesota Symposium on Knowledge Management, Minneapolis, MN.
Corresponding author
Ebrahim Randeree can be contacted at:
PAGE 156
VOL. 10 NO. 4 2006
To purchase reprints of this article please e-mail:
Or visit our web site for further details: