Knowledge-Centric Information Security

Increasing number of enterprises consider information security (InfoSec) as a key success factor whereas threats can originate from any part of the world over internet. Incidents such as 11^th September of 2001, and hacker horror stories, awaken enterprises they should reshape their InfoSec policies. Traditionally InfoSec relies heavily on technology, investing large amount of money on software and hardware. In the last decade process based information security management system (ISMS) such as ISO27001 has emerged. Many organizations since then have adopted such ISMS. KM is another management discipline enterprises employ, with aim to foster a more effective management of knowledge creation for innovations. This paper proposes a research initiative to integrate KM and InfoSec together into a knowledge-centric InfoSec (KCIS) System. Organizations should be able to improve their InfoSec maturity level, by adopting KCIS in phases.