Purpose – To analyse common metaphors used in the intellectual capital (IC) and knowledge management literatures to conceptualise knowledge, in order to study the nature of the intellectual capital concept. Design/methodology/approach – A textual analysis methodology is used to analyse texts from The Knowledge-Creating Company by Nonaka and Takeuchi, Working Knowledge by Davenport and Prusak and “Brainpower” by Stewart, in order to identify underlying metaphors. Findings – Over 95 per cent of the statements about knowledge identified are based on some kind of metaphor. The two dominant metaphors that form the basis for the concept of intellectual capital are “knowledge as a resource” and “knowledge as capital”. Research limitations/implications – Metaphors highlight certain characteristics and ignore others, so the IC community should ask itself what characteristics of knowledge the “knowledge as a resource” and “knowledge as capital” metaphors ignore. Practical implications – Knowledge has no referent in the real world and requires metaphor to be defined, conceptualised, and acted upon. When using such metaphors we should become aware of their limitations as they steer us in certain directions and this may happen unconsciously. The paper concludes by asking whether we need new metaphors to better understand the mechanisms of the knowledge economy, hence allowing us to potentially change some of the more negative structural features of contemporary society. Originality/value – This paper is the first to highlight that intellectual capital is a metaphor and that the metaphorical nature of the concept has far reaching consequences.
Metaphors are at the basis of our understanding of reality. Using the theory of metaphor developed by Lakoff and Johnson (1980, 1999) this paper analyses common metaphors used in the intellectual capital and knowledge management literatures. An analysis of key works by Davenport & Prusak (2000), Nonaka & Takeuchi (1995), and Stewart (1991) suggests that at least 95 percent of all statements about either knowledge or intellectual capital are based on metaphors. The paper analyses the two metaphors that form the basis for the concept of intellectual capital: ‘Knowledge as a Resource’ and ‘Knowledge as Capital’, both of which derive their foundations from the industrial age. The paper goes into some of the implications of these findings for the theory and practice of intellectual capital. Common metaphors used in conceptualising abstract phenomena in traditional management practices unconsciously reinforce the established social order. The paper concludes by asking whether we need new metaphors to better understand the mechanisms of the knowledge economy, hence allowing us to potentially change some of the more negative structural features of contemporary society.
Crime script analysis as a methodology to analyse criminal processes is underdeveloped. This is apparent from the various approaches in which scholars apply crime scripting and present their cybercrime scripts. The plethora of scripting methods raise significant concerns about the reliability and validity of these scripting studies. In this methodological paper, we demonstrate how object-oriented modelling (OOM) could address some of the currently identified methodological issues, thereby refining crime script analysis. More specifically, we suggest to visualise crime scripts using static and dynamic modelling with the Unified Modelling Language (UML) to harmonise cybercrime scripts without compromising their depth. Static models visualise objects in a system or process, their attributes and their relationships. Dynamic models visualise actions and interactions during a process. Creating these models in addition to the typical textual narrative could aid analysts to more systematically consider, organise and relate key aspects of crime scripts. In turn, this approach might, amongst others, facilitate alternative ways of identifying intervention measures, theorising about offender decision-making, and an improved shared understanding of the crime phenomenon analysed. We illustrate the application of these models with a phishing script.
MULTIFILE
Prompt and timely response to incoming cyber-attacks and incidents is a core requirement for business continuity and safe operations for organizations operating at all levels (commercial, governmental, military). The effectiveness of these measures is significantly limited (and oftentimes defeated altogether) by the inefficiency of the attack identification and response process which is, effectively, a show-stopper for all attack prevention and reaction activities. The cognitive-intensive, human-driven alarm analysis procedures currently employed by Security Operation Centres are made ineffective (as opposed to only inefficient) by the sheer amount of alarm data produced, and the lack of mechanisms to automatically and soundly evaluate the arriving evidence to build operable risk-based metrics for incident response. This project will build foundational technologies to achieve Security Response Centres (SRC) based on three key components: (1) risk-based systems for alarm prioritization, (2) real-time, human-centric procedures for alarm operationalization, and (3) technology integration in response operations. In doing so, SeReNity will develop new techniques, methods, and systems at the intersection of the Design and Defence domains to deliver operable and accurate procedures for efficient incident response. To achieve this, this project will develop semantically and contextually rich alarm data to inform risk-based metrics on the mounting evidence of incoming cyber-attacks (as opposed to firing an alarm for each match of an IDS signature). SeReNity will achieve this by means of advanced techniques from machine learning and information mining and extraction, to identify attack patterns in the network traffic, and automatically identify threat types. Importantly, SeReNity will develop new mechanisms and interfaces to present the gathered evidence to SRC operators dynamically, and based on the specific threat (type) identified by the underlying technology. To achieve this, this project unifies Dutch excellence in intrusion detection, threat intelligence, and human-computer interaction with an industry-leading partner operating in the market of tailored solutions for Security Monitoring.
