Information and Knowledge Management in the Scope of the Information Security Practices: The Human Factor within Organizations

Information security has always been an important requirement for the business. Such assets can be broken down into three main areas, namely people, process and technologies. The Internet, the proliferation of the web, networks and the ever-growing presence of innovation have triggered profound changes to procedures that are integral in individual and institutional routines. Such technological changes have led to an increase of competitiveness which decentralization and have contributed to the need for leadership, command, security, information and knowledge safety. The article presents the findings of an information security investigation, which examines the involvement with human aspects in the field of information security and knowledge management. The implication is that the "people" component is an important variable, even crucial, for the management of information security in organizations. It can be concluded that the human element is an important, perhaps crucial, parameter for the management of corporate information security. Keyword: Information and Knowledge Management, Information Security, Informational Behavior, Information Security Investigation, Knowledge Safety Introduction Business demands meet the need to find strategic business solutions. In the business world, the concept of what is security has been evolving and is no longer restricted to the technical issue. From this perspective, information security emerges as a relevant resource, since it seeks to link to the company's business variables that influence the protection of informational assets. These variables are now seen as integrating elements of the core business, as safeguarding information and knowledge is critical to success, competitiveness and survival in the globalized market. Fenz et al (2014) state the information security is important to organization however it is challenges to prove factor contribute on it. These challenges and situation occur because the easiness access the digital data and information which deployed by the organization (Harib, Sarijan & Hussin, 2017). International Journal of Academic Research in Business and Social Sciences Vol. 1 0 , No. 11, 2020, E-ISSN: 222 2 -6990 © 2020 HRMARS 1104 We advocate here the need to integrate, in an integrative way, the elements "people", "processes" and "technologies" as variables that coexist in companies and that need to be treated with balance and equal conditions in the context of security management of the company’s information (Sveen, Torres And Sariegi, 2009). The people, process and technologies relies in each another for successful implementation of security management in the organization. According to Tarun (2018), the singel and integrated framework which overlapping with the strategy based on security tools, people and process will yield the effective defenses. The change to this analysis bias implies abandoning the exclusive dependence on technological aspects and turning attention to the subjectivity inherent to human beings, their relationships and their behaviour in organizations since such behaviour greatly influences information security management. Colwill (2010) points out that, even considering other equally relevant factors, overconfidence in technology will lead to unexpected results in handling a very critical internal security threat: the human element. This element poses information security risks, as people can gain legitimate access to information, know the organization, and know where valuable assets are located. This article focused on the identification of human aspects interference in information and knowledge management practices concerning information security. These aspects are, in fact, inherent in the human condition: people's behaviour, relationships, and conduct affect the business environment at a spectrum of varying levels where information security is needed. Information and People Security: A User-Centered Management Approach Companies organize themselves in global markets to maintain competitiveness and their standard of work. Technology is the catalyst that supplies companies with efficiency and effectiveness. However, sophisticated as a technology solution may be, it will be just another element of the process of maintaining the organization's competitiveness. People and processes are critical elements and only strategic management that consider all components of the organization planning, effective action and strategic handling of information can achieve the levels of competitiveness that the company needs. Thus, by reflecting on how human resources interfere with an organization's information security, it is easy to see that the “people” element is vulnerable. This vulnerability manifests itself through two inter-dimensions, both of which interfere with information security and make the human factor the weakest link. First, employees should ideally have sufficient information security knowledge to effective implementation and maintenance of security controls, which does not always occur; Second, employees must have the right attitude toward information security, but sometimes they have not been told how to do that (Niekerk and Solms, 2010). This first approach brings reflection on the need for transparency, management and effective communication regarding the information security guidelines adopted by a company. All elements of the organization must be synergistically involved so that they can deal with security issues, developing completeness of actions and real awareness of the need to safeguard organizational assets. Kraemer, Carayon and Clem (2009) contribute to this International Journal of Academic Research in Business and Social Sciences Vol. 1 0 , No. 11, 2020, E-ISSN: 222 2 -6990 © 2020 HRMARS 1105 perspective by noting that users are not necessarily anti-security, but often unable to determine the security implications of their actions. This scenario leads to the reflection on how the lack of knowledge generates inappropriate behaviour because of the expected information security actions since acting correctly develops entirely from the prerogative of knowing how to respond. It is therefore, crucial for organizations to pay attention to maintaining and sharing reliable information for the purposes of corporate information and knowledge management, as well as for a better understanding of their users' needs. Information users should be perceived as those who are not only driven to seek information for cognitive purposes but as beings who live and work in social environments (such as companies) and who, in their context, create their own motivations for learning, seek information and satisfy their needs (Wilson, 2006b). This information user is defined in this article as one who is strongly dependent on information and uses it for specific purposes, such as professional purposes. This process of seeking information, according to Marchionini (1998), is driven by the informational need of the individual. The extreme variety of informational needs of individuals makes the task of enumerating them complex and difficult (Allen, 1996). Marchionini (1998) and Allen (1996), highlights that in the search and use of information process, its value resides in the relationship that the user builds with certain information. Thus, several elements affect information search patterns and information behaviour as a whole, such as the variety of information sources, different types of users, user needs and preferences, among others. From this perspective, the choice of information sources by a given user is oriented according to their preferences, needs, accessibility, environment, etc. This is because information is valuable resources required, therefore acquired and using information is critical and important activities (Kadir et al, 2018). It also suggests that information sources are classified into the following categories: internal and personal, internal and impersonal, external and personal, and external and impersonal. It is observed that in this process of need and informational search, the resource made available through electronic information, structured in various ways, has become a dominant environment. The engagement between the relationship of the information seeker with the world wide web, with digital libraries and with other information structures is becoming stronger (Wilson, 2006c). For this reason, the understanding of users' informational needs goes through the information search behaviour and results in recognition of some perceived user need. This behaviour can be determined in many ways, either through user demands on formal systems (information systems), claims about systems that can perform information functions aggregated to a primary or non-primary function, and finally by seeking information through someone else, through information exchange (Wilson, 2006b). Beyond the informational search, it is the behaviour that highlights the information needs the only basis on which to judge the nature of the informational need and its satisfaction. Putting these perspectives together, it can be concluded that information needs are explanatory constructs that help to understand informational behaviour (Allen, 1996). This thinking makes us realize that in order to build information security behaviour in an organization, it will be necessary to interact with elements pertinent to Information Science and that these elements feed a trajectory that begins with the need for information goes through the International Journal of Academic Research in Business and Social Sciences Vol. 1 0 , No. 11, 2020, E-ISSN: 222 2 -6990 © 2020 HRMARS 1106 informational search and ends with informational behaviour. In fact, the behaviour of need, search, and informational use is a process of meaning construction. This meaning construction occurs when the user creates meaning from the information found, moving from a state of uncertainty an