An Exploratory Study of the Effects of Knowledge Sharing Methods on Cyber Security Practice




knowledge sharing, social media, cyber security, security compliance


In a networked global economy, cyber security threats have accelerated at an enormous rate. The security infrastructure at organisational and national levels are often ineffective against these threats. As a result, academics have focused their research on information security risks and technical perspectives to enhance human-related security measures. To further extend this trend of research, this study examines the effects of three knowledge sharing methods on user security practices: security training, social media communication, and local security experts (non-IT staff). The study adopts a phenomenological method employing in-depth focus group interviews with 30 participants from eight organisations located in Ho Chi Minh city, Vietnam. The study expands on understanding factors contributing to self-efficacy and security practice through various knowledge sharing channels. Current methods of periodical training and broadcast emails were found to be less effective in encouraging participants to develop security self-efficacy and were often ignored. Security knowledge sharing through social media and local experts were identified as supplementary methods in maintaining employees’ security awareness. In particular, social media is suggested as a preferred channel for disseminating urgent security alerts and seeking peer advice. Local security experts are praised for providing timely and contextualised security advice where member trust is needed. This study suggests that provisions of contemporary channels for security information and knowledge sharing between organisations and employees can gain regular attention from employees, hence leading to more effective security practices.


Aloul, F. A. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3, 176-183. doi:10.4304/jait.3.3.176-183

Ashenden, D. (2008). Information security management: A human challenge? Information Security Technical Report, 13, 195-201. doi:10.1016/j.istr.2008.10.006

Ashworth, P. (1999). ‘‘Bracketing’’ in phenomenology: Renouncing assumptions in hearing about student cheating, International Journal of Qualitative Studies in Education, 12(6), 707–721. doi: 10.1080/095183999235845

Barlow, J., Warkentin, M., Ormond, D. & Dennis, A. (2018). Don't even think about it! The effects of antineutralization, informational, and normative communication on information security compliance. Journal of the Association for Information Systems, 19, 689-715. doi:10.17705/1jais.00506

Brandl, D. (2012). 3 pillars of industrial cyber security. Control Engineering, 59, 8

Brennan, L. & Binney, W. (2010). Fear, guilt and shame appeals in social marketing. Journal of Business Research, 63, 140-146. doi:10.1016/j.jbusres.2009.02.006

Brown, J.S. & Duguid, P. (1999), Balancing act: How to capture knowledge without killing it, Harvard Business Review, 78, 3, 73-80

Bulgurcu, B., Cavusoglu., H. & Benbast, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security swareness, MIS Quarterly, 34, 3, 523-548. doi: 10.1016/j.cose.2020.101963

Burke, B. (2016). Gamify: How gamification motivates people to do extraordinary things, Routledge.

Chang, C. M., Hsu, M. H. & Lee, Y. J. (2015). Factors influencing knowledge-sharing behavior in virtual communities: A Longitudinal Investigation. Information Systems Management, 32, 331-340. doi:10.1080/10580530.2015.1080002

Cherdantseva, Y., Hilton, J., Rana, O. & Ivins, W. (2016). A multifaceted evaluation of the reference model of information assurance & security. Computers & Security, 63, 45-66. doi:10.1016/j.cose.2016.09.007

Clark, R. C. (2008). Building expertise: Cognitive methods for training and performance improvement, San Francisco, CA, John Wiley & Sons

Cilesiz, S. (2011). A phenomenological approach to experiences with technology: current state, promise, and future directions for research, Education Tech Research Dev, 59, 487–510. doi:10.1007/s11423-010-9173-2

Creswell, J. W. (2007). Qualitative inquiry and research design: Choosing among five approaches (2nd ed.), Thousand Oaks, CA: Sage.

Crossler, R. E., Johnston, A. C., Lowry, P. B., Hud, Q., Warkentin, M. & Baskerville, R. (2013). Future directions for behavioral information security research. Computer & Security, 32, 90-101. doi:10.1016/j.cose.2012.09.010

Cummings, J. N. (2004). Work groups, structural diversity, and knowledge sharing in a global organization. Management Science, 50, 352-364. doi:10.1287/mnsc.1030.0134

Dworkin, S. L. (2012). Sample size policy for qualitative studies using in-depth interviews. Archives of sexual behavior, 41, 1319. doi:10.1007/s10508-012-0016-6

Feledi, D., Fenz, S. & Lechner, L. (2013). Toward web-based information security knowledge sharing. Information Security Technical Report, 17, 199-209. doi:10.1016/j.istr.2013.03.004

Furnell, S. & Rajendran, A. (2012). Understanding the influences on information security behaviour. Computer Fraud & Security, 2012, 12-15. doi:10.1016/s1361-3723(12)70053-2

Gupta, R. & Brooks, H. (2013). Using social media for global security, John Wiley & Sons

Hajli, N. & Lin, X. (2016). Exploring the security of information sharing on social networking sites: The role of perceived control of information. Journal of Business Ethics, 133, 111-123. doi:10.1007/s10551-014-2346-x

Höne, K. & Eloff, J. H. P. (2002). Information security policy — what do international information security standards say? Computers & Security, 21, 402-409. doi:10.1016/S0167-4048(02)00504-7

Hwang, Y. & Kim, D. J. (2007). Understanding affective commitment, collectivist culture, and social influence in relation to knowledge sharing in technology mediated learning. IEEE Transactions on Professional Communication, 50, 232-248. doi: 10.1109/TPC.2007.902664

Ipe, M. (2003), Knowledge sharing in organizations: A conceptual framework, Human Resource Development Review, 2, 4, 337-359. doi: 10.1177/1534484303257985

Jafari, N. N. & Charband, Y. (2016). Knowledge sharing mechanisms and techniques in project teams: Literature review, classification, and current trends. Computers in Human Behavior, 62, 730-742. doi:10.1016/j.chb.2016.05.003

Johnston, A. C. & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. Management Information Systems Quarterly, 34, 549-566. doi:10.2307/25750691

Juniper Research. (2017). Cybercrime & the Internet of Threats [Online]. Available: [Accessed 30 May 2018]

Kaplan, A. M. & Haenlein, M. (2010). Users of the world, unite! The challenges and opportunities of Social Media. Business Horizons, 53, 59-68. doi:10.1016/j.bushor.2009.09.003

Kettinger, W. J., Li, Y., Davis, J. M. & Kettinger, L. (2015). The roles of psychological climate, information management capabilities, and IT support on knowledge-sharing: an MOA perspective. European Journal of Information Systems, 24, 59-75. doi:10.1057/ejis.2013.25

Khan, B., Alghathbar, K. S., Nabi, S. & Khan, M. (2011). Effectiveness of information security awareness methods based on psychological theories. African Journal of Business Management, 5, 10862-10868. doi:10.5897/AJBM11.067

Kwahk, K. Y. & Park, D. H. (2016). The effects of network sharing on knowledge-sharing activities and job performance in enterprise social media environments. Computers in Human Behavior, 55, 826-839. doi: 10.1016/j.chb.2015.09.044

Liao, L. F. (2008). Impact of manager's social power on R&D employees' knowledge-sharing behaviour. International Journal of Technology Management, 41, 169-182. doi:10.1504/IJTM.2008.01599

Liu, D., Ji, Y. & Mookerjee, V. (2011). Knowledge sharing and investment decisions in information security. Decision Support Systems, 52, 95-107. doi:10.1016/j.dss.2011.05.007

Mallinder, J. & Drabwell, P. (2013). Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack. Journal of Business Continuity & Emergency Planning, 7, 103. doi:Retrieved from:

Mittal, S. & Dhar, R. L. (2015). Transformational leadership and employee creativity: mediating role of creative self-efficacy and moderating role of knowledge sharing. Management Decision, 53, 894-910. doi:10.1108/MD-07-2014-0464

Moustakas, C. 1994. Phenomenological research methods. Thousand Oaks, CA: Sage

Nonaka, I. & Takeuchi, H. (1995), The knowledge creation company: how Japanese companies create the dynamics of innovation, New York: Oxford University Press

Nonaka, I., Von Krogh, G. & Voelpel, S. (2006), Organizational knowledge creation theory: Evolutionary paths and future advances, Organization Studies, 27, 8, 1179-1208. doi: 10.1177/0170840606066312

Oh, S. (2012). The characteristics and motivations of health answerers for sharing information, knowledge, and experiences in online environments. Journal of the American Society for Information Science and Technology, 63, 543-557. doi:10.1002/asi.21676

Oostervink, N., Agterberg, M. & Huysman, M. (2016). Knowledge sharing on enterprise social media: Practices to cope with institutional complexity. Journal of Computer‐Mediated Communication, 21, 156-176. doi:10.1111/jcc4.12153

Park, S.-K., Lee, S.-H., Kim, T.-Y., Jun, H.-J. & Kim, T.-S. (2017). A performance evaluation of information security training in public sector. Journal of Computer Virology and Hacking Techniques, 13, 289-296. doi: 10.1007/s11416-017-0305-7

Pattabiraman, A., Srinivasan, S., Swaminathan, K. & Gupta, M. (2018). Fortifying corporate human wall: A literature review of security awareness and training. Information Technology Risk Management and Compliance in Modern Organizations. IGI Global

Pham, C. H., El-den, J. & Richardson, J. (2016). Stress-based security compliance model-An exploratory study. Journal of Information and Computer Security, 24, 326-347. doi:10.1108/ICS-10-2014-0067

Pham, C.H, Brennan, L and Furnell, S., (2019). Information security burnout: Identification of sources and mitigating factors from security demands and resources. Journal of Information Security and Applications, 46, 96-107. doi:10.1016/j.jisa.2019.03.012

Popovac, M. & Fine, P. (2018). An intervention using the Information-Motivation-Behavioral Skills Model: Tackling cyberaggression and cyberbullying in South African adolescents. Reducing Cyberbullying in Schools: International Evidence-Based Best Practices, 225

Powell, J. (2018). An introduction to systems theory: from hard to soft systems thinking in the management of complex organizations. Complexity and Healthcare Organization. CRC Press

Puhakainen, P. & Siponen, M. (2010). Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly, 34, 757–778. doi:10.2307/25750704

Raineri, N. & Paillé, P. (2016). Linking corporate policy and supervisory support with environmental citizenship behaviors: The role of employee environmental beliefs and commitment. Journal of Business Ethics, 137, 129-148. doi:10.1007/s10551-015-2548-x

Ramus, C. & Steger, U. (2000). The roles of supervisory support behaviors and environmental policy in employee "Ecoinitiatives" at leading-Eege European companies. Academy of Management Journal, 43, 605. doi:10.2307/1556357

Rhee, H.-S., Kim, C. & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security, 28, 816-826. doi:10.1016/j.cose.2009.05.008

Rocha Flores, W., Antonsen, E. & Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, 43, 90-110. doi:10.1016/j.cose.2014.03.004

Safa, N. S. & Von Solms, R. (2016). An information security knowledge sharing model in organizations. Computers in Human Behavior, 57, 442-451. doi: 10.1016/j.chb.2015.12.037

Safa, N. S., Von Solms, R. & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82. doi:10.1016/j.cose.2015.10.006

Schlienger, T. & Teufel, S. (2002). Information security culture. Security in the Information Society. Springer

Shafiq, M., Zia-ur-Rehman, D. M. & Rashid, M. (2013). Impact of compensation, training and development and supervisory support on organizational commitment. Compensation & Benefits Review, 45, 278-285. doi:10.1177/0886368713515965

Sindiren, E. & Ciylan, B. (2018). Privileged account management approach for preventing insider attacks. International Journal of Computer Science and Network Security, 18, 33-42

Sommestad, T., Hallberg, J., Lundholm, K. & Bengtsson, J. (2014). Variables influencing information security policy compliance: A systematic review of quantitative studies. Information Management & Computer Security, 22, 42–75. doi:10.1108/IMCS-08-2012-0045

Sommestad, T., Karlzén, H. & Hallberg, J. (2015). The sufficiency of the theory of planned behavior for explaining information security policy compliance. Information and Computer Security, 23, 200-217. doi:10.1108/ICS-04-2014-0025

Tamjidyamcholo, A., Bin Baba, M. S., Tamjid, H. & Gholipour, R. (2013). Information security – Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language. Computers & Education, 68, 223-232. doi:10.1016/j.compedu.2013.05.010

Tamjidyamcholo, A., Bin Baba, M. S., Shuib, N. L. & Rohani, V. A. (2014). Evaluation model for knowledge sharing in information security professional virtual community. Computers & Security, 43, 19-34. doi:10.1016/j.cose.2014.02.010

Torres, H. G. & Gupta, S. (2018). The Misunderstood Link: Information Security Training Strategy

Wang, S. & Noe, R. A. (2010). Knowledge sharing: A review and directions for future research. Human Resource Management Review, 20, 115-131. doi:10.1016/j.hrmr.2009.10.001

Warkentin, M., Johnston, A. C. & Shropshire, J. (2011). The influence of the informal social learning environment on information privacy policy compliance efficacy and intention. European Journal of Information Systems, 20, 267-284. doi:10.1057/ejis.2010.72

Wasko, M. M. & Faraj, S. (2000). “It is what one does”: why people participate and help others in electronic communities of practice. The Journal of Strategic Information Systems, 9, 155-173. doi: 10.1016/S0963-8687(00)00045-7

Willems, C. & Meinel, C.(2012) Online assessment for hands-on cyber security training in a virtual lab. Global Engineering Education Conference (EDUCON), 2012 IEEE, 1-10

Willison, R., Warkentin, M. & Johnston, A. C. (2018). Examining employee computer abuse intentions: insights from justice, deterrence and neutralization perspectives. Information Systems Journal, 28, 266-293. doi:10.1111/isj.12129

Yang, J.-T. (2009). Individual attitudes to learning and sharing individual and organisational knowledge in the hospitality industry. The Service Industries Journal, 29, 1723-1743. doi:10.1080/02642060902793490

Zhang, S. & Costa, S. (2018). Mobile phone usage patterns, security concerns, and security practices of digital generation. International Journal of Mobile Human Computer Interaction (IJMHCI), 10, 23-39.

Zhang, X., Pablos, P. O. d. & Zhou, Z. (2012). Effect of knowledge sharing visibility on incentive-based relationship in Electronic Knowledge Management Systems: An empirical investigation. Computers in Human Behavior, 29, 307-313. doi:10.1016/j.chb.2012.01.029




How to Cite

Pham, H. C., Ulhaq, I., Nguyen, M., & Nkhoma, M. (2021). An Exploratory Study of the Effects of Knowledge Sharing Methods on Cyber Security Practice. Australasian Journal of Information Systems, 25.



Research Articles