Methodological Aspects of Information Sharing in Organizations …

Designing the processes of information flow in businesses and developing the systems of appropriate information flow is dedicated to the execution of correct information transmission tasks. The process of information transfer takes places between various structures within a business organisation, but it includes also the stages of collecting, storing, processing and concealing the secret/confidential information in the systems which operate for the needs of these structures.

The process of information transfer is important due to the correct flow of information in business entities. Information flow is the key issue determining a robust, appropriate and correct operation of a given unit (entity). Developing IT systems for the needs of effective management of an organisation is characterised by the fact the flow of information in the designed systems is quick and credible, i.e. that the information transmitted reaches its recipient without any interruptions or errors.

It is necessary to turn attention to the fact that information must be transferred in all possible directions, which are determined by the types of business structures within which the information transfer processes are executed. The vertical transfer refers to information sent between the lowest level employees, via intermediary levels, to the highest level, i.e. company management. Information is frequently collected at the lowest level, it is then forwarded further but there can also be some simple data processing – i.e.

the processes of information grouping and sorting are executed. At the intermediate level, frequently the information available is subject to the processes of completion and processing; that is aimed to select the important contents and the meaning of the data held.

Information transferred to the management refer to various issues significant for a given organisation. It can refer also to external information. On the basis of information obtained by the management, action plans – both short and long-term – are developed in the form

of forecasts or multi-annual strategies. Plans developed by the management are implemented effectively when there is good communication and information flow between the participants of the planning process, i.e. both ways. The management presents its decisions to line managers. Line managers present them to their employees in such a way, that they know exactly their tasks and deadlines.

Information flow in IT management processes goes in two directions. On the one hand, this is the information flow from the lowest level, through the intermediate level to the highest one. On the other hand, this is the information flow from the highest level, via the intermediate level to the lowest one. Effective two-direction information flow guarantees its effective management. The fact that there are many stages in the information flow must not result in interruptions or errors; such type of flows with numerous intermediate points gives rise to the risk of appearance of such interruptions and misinformation.

Depending on the type of business entity, in which there is information flow, there can also be horizontal information flow, different to the vertical one, The horizontal direction of information flow refers to transfers between units at the same organisational level, co-operating with each other. Information flow – often boiling down to information exchange between various departments – enhances the work conducted jointly by all departments (or a group of them), joint projects or standard tasks executed in individual departments. In such cases the flow of information goes also two-ways.

In one direction, information is sent from department A to B. Department B can send information to department A, which is a reply to the information sent from department A, but it could also be an independent piece of information from department B to A, sent as original information.

Designing the information flow is a complicated process due to the fact that it must reflect the idea of the so-called ideal system [22], [33], [95], whose most important features are [22], [33], [95]:

 testability,

 intelligibility,

 cohesion,

 density,

 possibility to recreate data,

 ensuring data security,

 economy,

 functionality,

 simplicity,

 lack of internal contradictions.

In the information flow systems as well while designing data protection systems, due to the issues of secret/confidential information splitting and sharing, the most significant system feature is to guarantee the security of the split secret. This fact implies a need to execute the following stages of the information protection process:

 effective and confidential inputting the information/data into the system,

 full information processing – information splitting or sharing,

 storing the secret information and individual parts of the shared secret,

 defining various access rights to the confidential information, to individual secret parts for various users (secret trustees) or their groups.

Moreover, the security of the shared information refers to checking the system design, including its source code, with a view to verify whether the system has no hidden possibilities of accessing the protected information, which in the designed system version is labelled as unavailable. Apart from that, the IT system must have a possibility to re-produce the shared secret information in a breakdown situation. In this case it is necessary to determine the degree to which the shared secret is to be reproduced – entirely or partly.

It is inadmissible that, as a result of external interference (including system breakdown), it be impossible to recreate the information shared.

IT systems constructed for the needs of information management in business entities belong to the basic determinants conditioning the correct and effective operation of an entity, based on the basic information flow parameters. These parameters cover both the access time to some information and its effective exchange. Confidential information security systems are founded primarily on:

 fast and effective information exchange, including the confidential information,

 effective execution of confidential information sharing protocols, including the appropriate selection of algorithms guaranteeing information security,

 taking optimum decisions within the time available for the system to execute a given decision-taking task,

 effective re-creation of secret information, its analysis and correct interpretation executed by means of linguistic techniques,

 full personal verification of all security protocol participants,

 excluding persons who have not been positively verified in the course of data protection system implementation, at every stage of protocol execution,

 in the information process implemented in individual structures of a business entity, concerning the description of the tasks executed within specific units.

The information system is responsible for a correct management of the organisation as a result of effective management of its individual components. The operation of an information system is based on two levels, which include [22], [33], [95]:

 identification of repetitive actions in information processing, and

 identification of key decision-taking problems, which are particularly complex from the information and algorithm perspective.

The systems for information protection secure information of special importance and they can be used in decision supporting processes in the area of decisions on confidential information, as well as in the processes of co-ordination of various tasks related to the processes of concealing information. They refer to the execution of complex processes, related to a need to take decisions pursuant to many premises and, frequently with complex internal logic. Such systems operate within entities whose process of taking key and important decisions is extremely complex and multifaceted. This process is frequently conditioned by time or access to information as well as the use of state-of-the-art technologies, their never-ending modifications and adjustments to new solutions.

Supporting decisions in information systems is founded on the execution of the following tasks [63]:

 quick and unlimited access to large information sets,

 full analysis of the information held,

 formal or mathematical modelling of the analysed situation, phenomenon or some areas of reality,

 possibility to take into consideration expert knowledge in the form of set of rules contained in the IT system – an expert system.

Systems guaranteeing the security of information made secret can be designed for various areas of social and economic life. There is no clear limit to the application of the

above-mentioned information systems. They can be applied in many entities, structures, organisations and businesses.

Designing information flow in information systems for the management of confidential information depends therefore how the designed system is used and on the needs for which it is developed. The basic rules of designing the information flow for various systems are the same. They refer primarily to the guarantees of transmission confidentiality for confidential information transmission, transfer speed, information transfer security as well as the optimisation of costs of the entire process.

6.2. Model of Multilevel Threshold Schemes and Examples of