"A Framework for Security Model Innovation using Knowledge Engineering"
The traditional organisational Security Model is driven by pre-specified plans and goals, aimed to ensure optimisation and efficiencies based primarily on building consensus, convergence and compliance must be updated. Organisational information systems – as well as related performance and control systems -- were modelled on the same paradigm to enable convergence by ensuring adherence to classical information processes routines built into formal and informal information systems. Such routinisation of Information Systems and the technology related goals for realising increased efficiencies was suitable for the era marked by a relatively stable and predictable Organizational and Information Systems and Security development environment. However, this model is increasingly inadequate in the e-Information Systems and Security era that is often characterised by an increasing pace of radical and unforeseen change in the Information Systems and Security and Organizational’s environments. The new era of dynamic and discontinuous change requires continual reassessment of information and organisational routines to ensure that decision-making processes, as well as underlying assumptions, keep pace with the dynamically changing Information Systems and Security and social environments. This issue poses increasing challenge as ‘best services’ of the gone yesterday - - turn into ‘worst practices’ and core competencies turn into core rigidities. The changing Information Systems and Security environment, characterised by dynamically discontinuous change, requires a re-conceptualisation of Information Security Knowledge management systems, as they have been understood in information system practice and research. One such conceptualisation is proposed in this article in the form of a framework for developing organisational Information Security Knowledge management system for Security Model innovation. It is anticipated that application of this framework will facilitate development of new Security Models that are better suited to the new Information Systems and Security environment characterised by dynamic, discontinuous and radical pace of change. The problems and caveats inherent in interpretations are then discussed. The subsequent section discusses the demands imposed by the new Information Systems and Security environments that require rethinking such conceptualisations of Information Security Knowledge management and related information technology based systems. One conceptualisation for overcoming the problems of prevalent interpretations and related assumptions is then discussed along with a framework for developing new Organisation forms and innovative Security Models. Subsequent discussion explains how the application of this framework can facilitate development of new Security Models that are better suited to the dynamic, discontinuous and radical pace of change characterising the new Information Systems and Security environment. The popular technology-centric interpretations of Information Security Knowledge management that have been prevalent in most of the information technology research and trade press are reviewed.