Exploring the conflict of interest between knowledge-sharing and information security practices: an empirical case study
2018-03-26T11:37:23Z (GMT) by
Knowledge sharing and information security have become well-established concepts in academia and within organisations. Knowledge sharing aims to encourage individuals to share tacit and explicit knowledge with colleagues and stakeholders, yet on the other hand, information security initiatives aim to apply controls and restrictions to the knowledge that can be shared and how it can be shared, where the primary focus is usually on protecting explicit knowledge or information. This thesis draws attention to the largely unexplored and under-developed area of knowledge protection ; it investigates the paradoxical and concurrent nature of knowledge sharing and information security practices by exploring their relationship and understanding how this can affect an organisation and subsequently identifies ways of achieving a balance between the two practices. The empirical work was carried out through an interpretivist case study approach in the Energy Technologies Institute (ETI) an organisation that combines knowledge and expertise from partnerships with academia, industry and the UK government, in order to deliver innovative low carbon solutions. A novel team-based action learning approach was developed to generate individual, team and organisational learning and to help initiate change; the data was collected from three project teams about their knowledge and experiences of knowledge sharing and information security practices, which was then analysed and further supplemented with the ETI s organisational perspective and the researcher s own experience of collaborating with the ETI to contextualise the findings. Eight predominant overarching themes were identified that play an important role in and influence the organisation s knowledge sharing and information security practices. When looking at the practices of knowledge sharing and information security independently at the ETI, proactive and conscious efforts towards achieving the goals of each practice are evident. Knowledge is recognised as the ETI s core product and its effective dissemination is key for the organisation s success, which is why there is a keen attitude towards improving knowledge sharing internally and externally. On the other hand, a great deal of importance is given to protecting valuable knowledge and meeting stakeholders confidentiality requirements, thus, there are good systems, access controls, and information restrictions in place. In addition, strict legal and approval processes to protect information value and accuracy are implemented. However, when both knowledge sharing and information security - practices are compared from a broader perspective, evidence of issues arising from their conflicting nature is evident. Moreover, operating in a complex governance structure with various expectations and contractual agreements with stakeholders regarding confidentiality, has created a protective culture in the organisation surrounding its knowledge, which causes a hindrance to formal and informal knowledge sharing (including both, tacit and explicit forms) and makes identifying opportunities for fully exploiting knowledge and Intellectual Property an ongoing operational challenge. The research process facilitated the achievement of effective learning at individual, team and organisational level for the ETI about its practices, identification of challenges and areas of improvement, incorporation of learning and recommendations into its knowledge management strategy alongside existing activities to improve knowledge sharing. The contents of this thesis particularly the eight themes that have emerged from the research findings - are also contributing significantly to a project the organisation is carrying out to reflect on and review what has been learned from operating the ETI for the last 10 years. The thesis contributes to the existing body of knowledge, theoretically and practically, in the disciplines of knowledge management and information security; what was predominantly overlooked by previous literature, the empirical research findings surface evidence of the relationship between knowledge sharing and information security practices, showing their interconnectedness, and, the negative consequences of the two practices being treated and managed separately. For the action learning arena, a novel methodological approach underpinned by the action learning philosophy has been introduced that demonstrates how team action learning (i.e. using intact teams as opposed to conventional action learning teams) can be used to engage employees to share and combine their knowledge on real organisational issues, generate new learning and develop actions to initiate improvements in the organisation.