The Common Body of Knowledge: A Framework to Promote Relevant Information Security Research

Abstract

This study proposes using an established common body of knowledge (CBK) as one means of organizing information security literature. Consistent with calls for more relevant information systems (IS) research, this industry-developed framework can motivate future research towards topics that are important to the security practitioner. In this review, forty-eight articles from ten IS journals from 1995 to 2004 are selected and cross-referenced to the ten domains of the information security CBK. Further, we distinguish articles as empirical research, frameworks, or tutorials. Generally, this study identified a need for additional empirical research in every CBK domain including topics related to legal aspects of information security. Specifically, this study identified a need for additional IS security research relating to applications development, physical security, operations security, and business continuity. The CBK framework is inherently practitioner oriented and using it will promote relevancy by steering IS research towards topics important to practitioners. This is important considering the frequent calls by prominent information systems scholars for more relevant research. Few research frameworks have emerged from the literature that specifically classify the diversity of security threats and range of problems that businesses today face. With the recent surge of interest in security, the need for a comprehensive framework that also promotes relevant research can be of great value.