Wednesday, January 13, 2010

Knowledge - Management and Retention

Along digital forensics and information security I have always been interested in knowledge management and knowledge retention subjects. These areas are especially relevant to Information Security/Digital Forensics because these disciplines heavily rely on highly knowledgeable professionals. When such professionals leave the organisation, they create a giant gap that has to be filled.

There are several publications on this topic, many of them packed with unnecessary statistical data, useless formulas and usually boring as dry toast.

I just finished reading a book by Jay Liebowitz "Knowledge Retention Strategies and Solutions" and I was pleasantly surprised by the quality of material. This book is written to be concise and full of insights and knowledge of topic.

It is hard to disagree with the author who suggests that "younger workers are less likely to stay with one employer for more than a few years" and that a "learning organization" must develop "knowledge retention strategies so that critical knowledge does not walk out the door".

Unfortunately, I haven't seen many such organisations around, at least not in this industry. Instead, I came across many good professionals who would keep their expertise to themselves and only share the knowledge when it suits they own interests. In his book Liebowitz identifies major challenges to knowledge sharing and states that 'about 80% of knowledge management is people, culture, and process, and only 20% is technology' such as document management systems, wiki's etc. He suggests that the experts should be motivated to share their knowledge "through being recognized and rewarded". Of course this would require a competent management capable of creating the right atmosphere and build a high level of trust throughout an organisation.

The author also mentioned the knowledge-engineering paradox, which I found to be quite amusing but dead right. The knowledge-engineering paradox 'means that the more expert an individual, the more compiled his/her knowledge and the harder it is to extract that knowledge'. Recently, I was surprised when someone told me, that occasionally it is hard to get a quick technical explanation from me. I thought about it for a moment and then realised that I have to decompile this information first and only after that, translate it to a language understandable by a non technical person.

This book is a good read and should be a valuable addition to every computer forensics manager's library.

1 comment:

Notnice said...

Ah yes the definitions of 'reward' and 'recognition' can be warped in quite an Orwellian manner in certain circles.

It takes considerable time to decompile, generalise and sanitise hours/days of work on a particular job to repackage it for a broader audience. If that time commitment is not understood or supported then the organization cannot expect to retain either the individual or their accumulated knowledge.