Papers by Walter S. L. Fung
Proceedings of the 8th International Conference on Innovation and Knowledge Management in Asia Pacific (IKMAP)
Repeated information security (InfoSec) incidents have been haunting the confidence of people on ... more Repeated information security (InfoSec) incidents have been haunting the confidence of people on how well enterprises have been maintaining the confidentiality, integrity, and availability (CIA) of their InfoSec systems. Most organizations adopt information system control framework such as ISO27001 and COBIT, requiring regular audits by either internal or external channels. Most audits combine the use of check-list based quantitative and qualitative procedures, focusing on how well the auditee has met the criteria of the audit, including the knowledge level of stakeholders. Nonetheless, such traditional audits do not adopt the contemporary knowledge management methodology such as those suggested by Nonaka and do not explore on how knowledge may contribute toward the maturity of InfoSec. Knowledge-audit (KA) helps businesses to identify what knowledge and information are needed to achieve the business goal. However, there has been little research about applying KA in InfoSec audit.
Sizable companies would use information technology governance (ITG) as an organizational vehicle to drive and leverage the proper deliverable of information systems and security functions. This research intends to develop an ITG driven Knowledge Framework (ITGKF) which is expected to reinforce the InfoSec maturity as well as auditability of enterprises. Moreover, it tries to assess whether ITG can embrace proper knowledge circulation within the InfoSec community. Based on the framework, we will offer some recommendations on how to conduct knowledge-audit for InfoSec (KA-InfoSec) as a supplement. The framework and the recommendations should provide enterprises additional dimensions and alternatives, based on knowledgecentric ideology, on how knowledge can be a critical factor for InfoSec maintenance.
Uploads
Papers by Walter S. L. Fung
Sizable companies would use information technology governance (ITG) as an organizational vehicle to drive and leverage the proper deliverable of information systems and security functions. This research intends to develop an ITG driven Knowledge Framework (ITGKF) which is expected to reinforce the InfoSec maturity as well as auditability of enterprises. Moreover, it tries to assess whether ITG can embrace proper knowledge circulation within the InfoSec community. Based on the framework, we will offer some recommendations on how to conduct knowledge-audit for InfoSec (KA-InfoSec) as a supplement. The framework and the recommendations should provide enterprises additional dimensions and alternatives, based on knowledgecentric ideology, on how knowledge can be a critical factor for InfoSec maintenance.
Sizable companies would use information technology governance (ITG) as an organizational vehicle to drive and leverage the proper deliverable of information systems and security functions. This research intends to develop an ITG driven Knowledge Framework (ITGKF) which is expected to reinforce the InfoSec maturity as well as auditability of enterprises. Moreover, it tries to assess whether ITG can embrace proper knowledge circulation within the InfoSec community. Based on the framework, we will offer some recommendations on how to conduct knowledge-audit for InfoSec (KA-InfoSec) as a supplement. The framework and the recommendations should provide enterprises additional dimensions and alternatives, based on knowledgecentric ideology, on how knowledge can be a critical factor for InfoSec maintenance.