|
Page 10 of 13
Knowledge and embedded security
Once the knowledge production is structured, it becomes easier to define a control/security policy, by assigning different level of access and responsibility to different organizational units.
A positive side effect of this definition is that identifying the "knowledge boundaries" for each organisational unit reduces the need of cross-functional meetings to those where the subject is new or clearly spans across "knowledge boundaries".
As each item becomes classified at its definition, it is possible to delegate without losing control: as will be discussed in a future issue, this will reduce the number of resources needed to cope with a larger number of projects, using external resources only when and for how long is really needed, and without any loss of knowledge.
As described above, adopting a sound Knowledge Management policy based on Knowledge
Retention makes investment on knowledge and knowledge costing possible.
Why the title of this issue links "knowledge retention" to "embedded security"?
Knowing which items of your knowledge base are "core" and should be maintained inside your organization ensures that you can improve your business continuity capabilities, also when delegating to third parties one or more processes.
What is "embedded security"?
Security is quite often considered an additional set of processes, almost an afterthought.
But this externalisation of security implies that you try to build up walls
(virtual or real), without actually involving who produces the knowledge and therefore should know its sensitivity.
Security (both physical and logical) does not come cheaply, and 100% security is unachievable.
Our concept of "embedded security" is quite simple: instead of adding security after your processes, try to focus on identifying who is responsible for a specific knowledge subset, and have them define the related security profile with your security experts.
Maybe, you will discover that some of the security can be "embedded" in the actual processes involved in producing the knowledge.
Some additional layers of security will just (expensively) increase the perceived security, while impeding the knowledge distribution that is needed to actually generate value.
|
Current issue