Prior studies indicate that the application of organisational knowledge in computer security has potential benefits. Despite this, it appears that many organisations engage external consultants to develop their computer security policies. It appears that prior studies while supporting the concept of external security consultants to some extent in organisations, also question the effectiveness of such external expertise in terms of performance in computer security. This study examined the role of organisational knowledge in the management of computer security in organisations. A conceptual model based on Rivard et al (1997) was developed with seven constructs. An instrument with 30 questions was prepared and 19 organisations with security procedures were surveyed. The results indicate that there is a negative correlation between external knowledge and the use of policies and procedures, indicating that these policies are not well integrated with the requirements of organisations. Further, the outcome of the study also indicates that organisations are satisfied with the use explicit knowledge available in organisations for the development of computer security policies. In essence, this study concluded that currently the organisational knowledge has a limited role in computer security.
Gururajan, Raj and Thompson, Alan, "A preliminary study determine the role of organisational knowledge in computer security" (2004). ACIS 2004 Proceedings. Paper 7.