Information Security in Libraries

Examining the Effects of Knowledge Transfer

  • Tonia San Nicolas-Rocca San Jose State University
  • Richard J Burkhard San Jose State University

Abstract

Libraries in the United States handle sensitive patron information, including personally identifiable information and circulation records. With libraries providing services to millions of patrons across the U.S., it is important that they understand the importance of patron privacy and how to protect it. This study investigates how knowledge transferred within an online cybersecurity education affects library employee information security practices. The results of this study suggest that knowledge transfer does have a positive effect on library employee information security and risk management practices.

Author Biographies

Tonia San Nicolas-Rocca, San Jose State University
Tonia San Nicolas-Rocca is an Assistant Professor in the School of Information at San Jose State University.  She holds a Ph.D. in Information Systems and Technology from Claremont Graduate University.  Her research interests include cybersecurity, health information systems, and knowledge management.  Dr. San Nicolas-Rocca has published her work in numerous peer- reviewed research journals and conference proceedings.
Richard J Burkhard, San Jose State University
Rich Burkhard is a Professor in the School of Information Systems and Technology in the College of Business at San Jose State University. Rich's research work focuses on  Virtual Collaboration, Health and Cognition Effects of Connectedness, and the design of systems to serve these goals. Rich's research is published Information Systems Management, Communications of the AIS (CAIS), Journal of Medical Internet Research, Information Visualization Journal, Journal of Homeland Security and Emergency Management, JMIR mHealth and uHealth, Journal of Marketing Theory and Practice, Issues in Innovation, and elsewhere.

References

“Public Library Survey (PLS) Data and Reports,” Institute of Museum and Library Services, Retrieved on June 10, 2018 from https://www.imls.gov/research-evaluation/data-collection/public-libraries-survey/explore-pls-data/pls-data.

“Policy concerning Confidentiality of Personally Identifiable Information about Library Users,” American Library Association, July 7, 2006, http://www.ala.org/advocacy/intfreedom/statementspols/otherpolicies/policyconcerning.

"Professional Ethics," American Library Association, May 19, 2017, http://www.ala.org/tools/ethics.

“Privacy: An Interpretation of the Library Bill of Rights,” American Library Association, amended July 1, 2014, http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/privacy.

“Policy concerning Confidentiality of Personally Identifiable Information about Library Users,” American Library Association.

“Code of Ethics of the American Library Association,” American Library Association, amended Jan. 22, 2008, http://www.ala.org/advocacy/proethics/codeofethics/codeethics.

Samuel T.C. Thompson, “Helping the Hacker? Library Information, Security, and Social Engineering,” Information Technology and Libraries 25, no. 4 (2006): 222-25, https://doi.org/10.6017/ital.v25i4.3355.

Roesnita Ismail and Awang Ngah Zainab, “Assessing the Status of Library Information Systems Security,” Journal of Librarianship and Information Science 45, no. 3 (2013): 232-47, https://doi.org/10.1177/0961000613477676.

Shayna Pekala, “Privacy and User Experience in 21st Century Library Discovery,” Information Technology and Libraries 36, no. 2 (2017): 48–58, https://doi.org/10.6017/ital.v36i2.9817.

Tonia San Nicolas-Rocca, Benjamin Schooley and Janine L. Spears, “Exploring the Effect of Knowledge Transfer Practices on User Compliance to IS Security Practices,” International Journal of Knowledge Management 10, no. 2, (2014): 62-78, https://doi.org/10.4018/ijkm.2014040105.

Janine Spears and Tonia San Nicolas-Rocca, “Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations,” International Journal of Knowledge Management 11, no. 4 (2015): 52-69, https://doi.org/10.4018/IJKM.2015100104.

Dong-Gil Ko, Laurie J. Kirsch and William R. King, “Antecedents of Knowledge Transfer from Consultants to Clients in Enterprise System Implementations,” MIS Quarterly 29, no. 1 (2005): 59-85, https://doi.org/10.2307/25148668.

Dana Minbaeva et al., “MNC Knowledge Transfer, Subsidiary Absorptive Capacity and HRM,” Journal of International Business Studies 45, no. 1 (2014): 38-51, https://doi.org/10.1057/jibs.2013.43.

Geordie Stewart and David Lacey, “Death by a Thousand Facts: Criticising the Technocratic Approach to Information Security Awareness,” Information Management & Computer Security 20, no. 1 (2012): 29-38, https://doi.org/10.1108/09685221211219182.

Mark Wilson et al., “Information Technology Training Requirements: A Role-and Performance-Based Model” (NIST Special Publication 800-16), National Institute of Standards and Technology, (2018), https://www.nist.gov/publications/information-technology-security-training-requirements-role-and-performance-based-model.

Janine L. Spears and Henri Barki, “User Participation in Information Systems Security Risk Management,” MIS Quarterly 34, no. 3 (2010): 503-22, https://doi.org/10.2307/25750689.

Piya Shedden, Tobias Ruighaver, and Atif Ahmad, “Risk Management Standards-the Perception of Ease of Use,” Journal of Information Systems Security 6, no. 3 (2010): 23–41.

Janne Hagen, Eirik Albrechtsen, and Stig Ole Johnsen, “The Long-term Effects of Information Security e-Learning on Organizational Learning,” Information Management & Computer Security 19, no. 3 (2011): 140-154, https://doi.org/10.1108/09685221111153537.

Thompson S.H. Teo and Anol Bhattacherjee, “Knowledge Transfer and Utilization in IT Outsourcing Partnerships: A Preliminary Model of Antecedents and Outcomes,” Information & Management 51, no. 2 (2014): 177–86, https://doi.org/10.1016/j.im.2013.12.001.

Geordie Stewart and David Lacey, “Death by a Thousand Facts: Criticising the Technocratic Approach to Information Security Awareness,” Information Management & Computer Security 20, no. 1 (2012): 29-38, https://doi.org/10.1108/09685221211219182.

Martin Spraggon and Virginia Bodolica, “A Multidimensional Taxonomy of Intra-firm Knowledge Transfer Processes,” Journal of Business Research 65, no. 9 (2012) 1,273-282: https://doi.org/10.1016/j.jbusres.2011.10.043.

Shizhong Chen et al., “Toward Understanding Inter-organizational Knowledge Transfer Needs in SMEs: Insight from a UK Investigation,” Journal of Knowledge Management 10, no. 3 (2006): 6-23, https://doi.org/10.1108/13673270610670821.

Maryam Alavi and Dorothy E. Leidner, “Review: Knowledge Management and Knowledge Management Systems: Conceptual Foundations and Research Issues,” MIS Quarterly 25, no. 1 (2001): 107-36, https://doi.org/10.2307/3250961.

Janine L. Spears and Tonia San Nicolas-Rocca, “Information Security Capacity Building in Community-Based Organizations: Examining the Effects of Knowledge Transfer,” 49th Hawaii International Conference on System Sciences (HICSS), Koloa, HI, 2016, pp. 4,011-20, https://doi.org/10.1109/HICSS.2016.498.

Published
2019-06-17
How to Cite
San Nicolas-Rocca, T., & Burkhard, R. J. (2019). Information Security in Libraries. Information Technology and Libraries, 38(2), 58-71. https://doi.org/10.6017/ital.v38i2.10973
Section
Articles