The Emerald Research Register for this journal is available at www.emeraldinsight.com/researchregister The current issue and full text archive of this journal is available at www.emeraldinsight.com/0968-5227.htm Information systems security from a knowledge management perspective Petros Belsis and Spyros Kokolakis Information systems security 189 University of the Aegean, Department of Information and Communication Systems Engineering, Samos, Greece, and Evangelos Kiountouzis Athens University of Economics and Business, Department of Informatics, Athens, Greece Abstract Purpose - Information systems security management is a knowledge-intensive activity that currently depends heavily on the experience of security experts. However, the knowledge dimension of IS security management has been neglected, both by research and industry. This paper aims to explore the sources of IS security knowledge and the potential role of an IS security knowledge management system. Design/methodology/approach - The results of this paper are based on eld research involving ve organizations (public and private) and ve security experts and consultants. A model to illustrate the structure of IS security knowledge in an organization is then proposed. Findings - Successful security management largely depends on the involvement of users and other stakeholders in security analysis, design, and implementation, as well as in actively defending the IS. However, most stakeholders lack the required knowledge of IS security issues that would allow them to play an important role in IS security management. Originality/value - In this paper, the knowledge management aspect of IS security management is highlighted. Moreover, the basic sources of security-related knowledge have been identied and a model of IS security knowledge has been created. Also, the activities to be supported by a security-focused KM system have been identied. Thus, the basis for the development of specialized security KM systems is set. Keywords Knowledge management systems, Information systems, Greece Paper type Research paper Introduction Information Systems (IS) security has become a major concern for modern enterprises and organizations, as most organizational activities, nowadays, depend heavily on information and communication technologies. In response, a plethora of tools and mechanisms have been developed, covering almost every aspect of IS security. However, the actual effectiveness of current security solutions has been seriously questioned, as the volume of security related incidents and consequent nancial losses continues to increase in magnitude, as well as in severity. Security tools and mechanisms have a limited effectiveness for the reason that security is primarily a \"people issue\