Over the years whilst working on several projects in the industry and within academia, I have learned that organisations value knowledge as being their most valuable asset. This is particularly the case in project teams. Project environments are highly knowledge-intensive as project teams are intentionally formed with a diverse range of members with specialist knowledge, skills and experiences in order to collaborate and produce a unique product or service. Due to their specialist expertise, individually, project team members do not have all of the knowledge a project requires and must acquire this knowledge from their peers in order to accomplish their work. So, effective knowledge sharing by team members is a fundamental component in projects that leads to better performance.
Whilst on some of the projects, and by working closely with IT managers, I gained experience of information security practices and developed an insight into the imperative measures that organisations can take to prevent loss or leakage of valuable information and knowledge into the wrong hands. However, on a number of occasions I experienced difficulty (or noticed others experiencing it) when attempting to share essential knowledge with others, whilst abiding by security policies. For example, struggling to complete a task on time because particular information is not permitted to be shared or cannot be shared in certain ways due to security mechanisms that are in place. On the other hand, information security being compromised by sharing knowledge in an “impermissible” manner due to the necessity to complete urgent tasks, leading to unintended exposure of knowledge.
Experiencing this contradiction between the two practices of knowledge sharing and information security caused a sense of enigma. I began to question – how can valuable project knowledge be shared and protected at the same time? When there is a need to share knowledge, and a security mechanism becomes an obstacle, do individuals simply form a workaround that overlooks security in order to complete their task? Or, does being security conscious hinder one’s knowledge sharing behaviour, which could subsequently affect the project team’s performance?
I’ve noticed that, on the one hand, organisations strongly encourage and nurture knowledge sharing behaviour amongst their employees, yet on the other hand, their information security measures often focus on technical or formal aspects (such as anti-virus software, access controls and policies) and overlook the ‘softer’ aspects, such as human behaviour and informal knowledge sharing. This unveiled an interesting research gap for me in the intersection of the two practices, following which, I embarked on my PhD research journey.My research draws attention to the perceived paradoxical nature of knowledge sharing and information security and attempts to raise awareness of the potential conflict that could compromise the security of knowledge, or alternatively, reduce the effectiveness of knowledge sharing.