Introduction
Nearly every organization today is faced with a challenge of coping with constantly changing information systems and needs. Businesses that have been around for a long time have had to adjust from ledger cards to keeping up with big volumes of information generated in the digital era. The speeds at which information flows in today is making it hard for organizations to keep up. “As we move rapidly into the future, leaders face the challenge of being effective in a global knowledge environment” (Awad and Hassan, 2004). “Today, leaders have to undertake the responsibility of helping their organizations cope with the challenges they face from expanding knowledge and knowledge systems” (Hislop, 2005).
Knowledge management is of paramount importance in businesses today. It comprises of many tasks and initiatives to enable an organization create, represent, distribute and adopt data and information. It is also the process by which data is collected, converted to information and then to knowledge and finally to expertise. As a part of their business strategy, many businesses today have a department and resources strictly dedicated to knowledge management.
There are also many consulting companies coming up to help businesses understand the role of this significant aspect of business. Knowledge management is concerned with creating competitive advantages and innovations to improve performance. It also plays a major role in ensuring continuous improvement and accurate interpretation of data.
Knowledge management seems to be attracting a lot of attention in both small and big organizations today. This comes from the realization that it is impossible for a business to succeed in today’s constantly changing markets without proper investments in knowledge and information. In order for organizations to become and stay truly globally competitive, it is important for them to recognize that information is required to support decisions at various levels of business. “In a world overloaded with information, there is need for emphasis on not just more information but actionable intelligence that is capable of guiding decisions in a business” (Beccerra-Fernandez, Avelino and Rajiv, 2004).
Therefore, knowledge management, which creates competitive intelligence in a business, must be positioned in a way that it can easily identify threats capable of negatively impacting the business in its external environments. The other function of knowledge management processes is to identifying new opportunities for the organization and hopefully lead to new innovations, which will create more benefits and productivity for the organization.
Information application concepts
Data on its own is not valuable to a business. There has to be capability to convert it to information and intelligence for full benefits to be felt. At the same time, a business must be able to utilize the intelligence through information application tools. For effective application, some concepts have to be in place. As Jashapara (2005) points out, “confidentiality, integrity, availability, authentication and non-repudiation are the core principals of information application”. Other important principals of information application include utility and an organization’s ability to own or posses the information.
Confidentiality
Confidentiality in information applicability is defined as “the assurance that information is not disclosed to unauthorized individuals, processes and/or devices” (Pervaiz, Lim and Loh, 2001). Many organizations have put in place measures to ensure that information is only accessed by authorized personnel and only when there is a genuine need to do so. Businesses will also ensure that employees are well aware of the consequences of not upholding a company’s privacy policy. When information is accessed or disclosed against the company’s policy, a confidentiality breach may occur depending with the circumstances under which it happened.
Integrity
Integrity involves proper handling and management of all data systems to ensure safety. It involves largely the people handling an organization’s information such as the employees. According to Alee (1997), “integrity is the quality of information systems reflecting logical correctness and reliability to the operating systems; the logical completeness of the hardware and software implementing the protection mechanisms of different data structures”. Even though integrity is mostly about people, it encompasses other technical aspects of handling information such as the reliability of security measures put in place.
Integrity in information applicability is supposed to ensure that any confidential information is only accessible to authorized people and it is protected from modifications by unauthorized people. Loss of integrity also occurs when unauthorized people have the ability to delete information or make it completely disappear from an organization’s system.
Availability
In today’s world, specific information is important for proper management of different aspects of an organization. With a realization that not all information is useful, converting information to knowledge is an important aspect in information management and application. Information applicability requires that an organization be able to access and use specif information at the time when it is most needed. For an organization to fully benefit from information, authorized people must have a timely and reliable access to it. The information itself, the company’s computing systems and its security measures must be protective but at the same time, they should not make it impossible to access information. Denial of access, a common attack among organizations, can mean that an organization’s wealth of information is useless for the period it is inaccessible (Johnson, 2001).
Authenticity
According to Cronin (2009), authenticity means that the information available for an organization’s use must be genuine, trustworthy and its credibility must be undisputed. An organization’s security measures must be able to validate any information received and establish the validity of its sources. Authenticity is important to ensure that both the sources and users of any information are genuine. In an era where information sharing has become extremely easy, authentication breaches easily occur in organizations, compromising their information assurance standards (Cunningham and Fried, 2002). Any information application systems must make it hard for unauthorized personnel to duplicate information or to send it to other destinations and data warehouses.
Non-repudiation
“Information non-repudiation is the assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so that neither can later deny having the transaction” (Gutl and Victor, n.d). It is a very important information application concept to ensure organizations don’t get into any legal consequences associated with improper conduct during information management. Technologies available to facilitate this include digital signatures, which can also be used to establish information’s authenticity.
Information application tools
When selecting reporting technologies, it is important for a business to understand who the users are and where the information is to be applied. As Alee (1997) puts it, “the assumptions and technical decisions made by vendors shape the capabilities, performance, reliability and scalability of their products and clearly reveal that application technologies are not all created equal”. Information application tools are supposed to give users self-sufficient powers to convert data into intelligence that will allow them make proper management decisions. The applications systems discussed below support rich internet applications, making it possible for information to be shared and accessed on a global scale.
Defense-in-depth
According to the Gutl and Victor (n.d), “defense-in-depth strategy is a term borrowed from military tactical doctrine that suggests deploying war-fighting resources in a manner that presents successive lines of defense”. This application tool is intended at ensuring that information’s application is done in a safe manner without exposing it to any potential threats. In this type of strategy, an organization increases its resistance to deny the enemy any chance of penetration. An organization will deploy enough preventive measures at the early stages of the organization to make it more difficult for the enemy.
These barriers can be enhanced by creating access control to ensure that access is only allowed to known and authorized users. Measures such as internet protocols are able to ensure that data in only fed from know sources (Johnson, 2001). Defense-in-depth strategy commonly uses tools such as demilitarized zones and other detection methods to help an organization identify and deal with a threat before it causes any damage to an organization’s data warehouse. Users are required by the system to scan their data and information before using it in an organization’s systems. In this strategy, it is common for organizations to install monitoring tools and traffic control measures to ensure that all information is verified before being fed or retrieved from the systems.
Defense-in-depth strengths include a fast deployment speed and its ability to adapt to dynamic threats (Hislop, 2005.). The strategy offers high levels of flexibility and speed since more people can feed, access and use information at the same time. Its weaknesses in include increased expenses arising from the required equipment and security tools such as access-control devices and firewalls. The strategy calls for more labor and regular maintenance and monitoring, all which increase costs and complexity. Major processes in the strategy such as configuring, implementing and monitoring information and the systems are complex and involving, creating more loopholes for mistakes.
System-high
“A system-high approach strictly controls access to vital systems and forces all people applying the information in different places to comply with a meticulous clearance process that notionally eliminates the need for security barriers” (Cunningham and Fried, 2002). One way through which an organization can do this is ensure that information is only applicable through one specific terminal, hence eliminating all other external connectivity.
This strategy’s strengths include the fact that data application and protection are done at a lower cost since it does not require all the security technologies used in defense-in-depth strategy. The applicability and protection levels are high since information can only be accessed through one controlled terminal making it easier to monitor. The approach also reduces the number of equipments needed, making it less technical and more cheaper. Its weaknesses include rigidity and its inability to respond to other dynamic threats that may arise. The strategy makes deployment more slow since access is controlled.
Comparing the two
These two processes are designed to allow high levels of safety when using and applying information. “They both provide an integrated development platform required to create data driven rich information application, object oriented re-use and multi-project support” (Hislop, 2005). They both encourage adoption of technology by offering simple application tools that may not require a complex training environment.
The defense-in-depth system allows on-demand access to users since it does not have a lot of restrictions for users. This tools allows a highly interactive and adaptable application process. Its applications are diverse and may change as required by the users at that particular time, ensuring flexibility. Defense-in-depth systems has also been praised by many data experts for allowing comprehensive data access, dependability and robust performance, even though all these may come at a higher cost compared to other applications.
The system-high system on the other hand offers content from a unified platform ensuring consistency and uniformity. This way, users can make the right decision in a timely and uniform manner. Users are allowed personalized experiences and are assured safety of the information they give or access. Since the system-high tool does not require a lot of complex equipment for application, it slashes cost and streamlines financial interaction processes, allowing better customer satisfaction at an affordable rate.
Conclusion
The role of information technology has never been more vital than it is today in boosting any company’s performance. The nature of information technology is constantly changing with more abundance and accessibility being established each day (Cronin, 2009). The uses of information technology are equally expanding due to new and better technologies of collecting, sharing and applying information.
As this happens, the need for information security and assurance gets bigger. Data storage and applicability is more sophisticated and cheaper today simplifying the management of information which may be in the form of images, words, and numbers. All these positive changes have combined forces to give businesses, governments and other institutions many unprecedented opportunities to create high performances in information applications.
Information application concepts include availability, integrity, authenticity, non-repudiation and confidentiality. Where these concepts lack, information may not be valuable to an organization and when it is, its application and use may expose a business to major risks. The world today has gone digital and undergone a revolution which makes information easily accessible. The world today is also very electronic and the global networks are a state-of-art (Jashapara, 2005). Following the efficiency of the internet and its applicability in US department of defense, its use has since then proliferated to every part of the world.
The kind if connectivity brought about by the internet has however been a cause of worry and a source of conflict over issues concerning privacy and how information should be used. Therefore, there is an increased need for more efficient information application strategies to ensure customers and businesses are protected.
Commonly used strategies include defense-in-depth and system-high. They both offer high levels of safe applicability but bring with them different advantages and disadvantages. Their major differences lie in the cost of implementation and methods through which they offer protection. For an organization to ensure maximized productivity and customer satisfaction, they must invest in a strategy that offers protection, flexibility and does so in a cost effective manner.
Both these processes are multi-layered, offering advantages that allow early detection of threats to ensure businesses deal with them before they proliferate. A multi-layered information application strategy enables businesses to create observation and monitoring measures, ensure only authorized access to an organization’s date warehouse, provide sufficient scans for all information being fed in the system and protect an organization’s valuable information from regular users.
It is important to note that before a business decides on which application tools to use, there are many factors to consider. Prior to implementing any strategy, architects of the process should ensure that they fully understand the goals and objectives an organization intends to achieve from the process. There should also be measures to address major challenges in information applicability today such as being able to accommodate diverse values and cultures, as well as being able to accommodate different global systems. As data becomes more available, companies also require to have a proper sorting system to ensure they only invest in what is useful to them.
Reference list
Alee, V., 1997. The knowledge evolution: Expanding organizational intelligence. Boston, Mass: Butterworth-Heineman.
Awad, E.M. and Hassan, G., 2004. Knowledge management. Pearson Prentice Hall.
Beccerra-Fernandez, I. Avelino, G. and Rajiv, S., 2004. Knowledge management: Challenges, solutions and technologies. Pearson: Prentice Hall.
Cronin, O., 2009. Information assurance: A survey of current practice. International Journal of Information Management, 14(3), pp. 204-222.
Cunningham, R. and Fried, D., 2002. Adaptable Real-Time Information Assurance. Aerospace, 6 (4), pp. 2678-2682.
Gutl, C. and Victor, M.G., (n.d). Semantic meeting information application: A contribution for enhanced knowledge transfer and learning in companies. Austria: University of Applied Sciences Degree Program.
Hislop, D., 2005. Knowledge management in organizations, 2nd ed. Oxford: Oxford University Press.
Jashapara, A., 2005. Organizing knowledge: An integrated approach. Harlow: FT Prentice Hall.
Johnson, C.M., 2001. A survey of current research on online communities of practice. The Internet and Higher Education, 4(1), pp. 45-60.
Pervaiz, K.A. Lim, K.K. and Loh, A.Y., 2001. Learning through knowledge management. Boston: Butterworth-Heineman.