Abstract

Employees play a crucial role in enhancing information security in the workplace, and this requires everyone having the requisite security knowledge and know-how. To maximise knowledge levels, organisations should encourage and facilitate Security Knowledge Sharing (SKS) between employees. To maximise sharing, we need first to understand the mechanisms whereby such sharing takes place and then to encourage and engender such sharing. A study was carried out to test the applicability of Transactive Memory Systems Theory in describing knowledge sharing in this context, which confirmed its applicability in this domain. To encourage security knowledge sharing, the harnessing of Self-Determination Theory was proposed— satisfying employee autonomy, relatedness and competence needs to maximise sharing. Such sharing is required to improve and enhance employee security awareness across organisations. This study proposes a model to describe the mechanisms for knowledge sharing, as well as the means by which doing so can be encouraged. It then implements and empirically evaluates an application that facilitates Information Security Knowledge sharing based on the SKS model developing it into an App. Finally, it will test the design to enhance information security awareness in the context of action research (the intervention).