Using the Lens of Circuits of Power in Information Systems Security Management

This paper uses the perspective of power in the study of IS security management. We explore the role of power in the implementation of an information systems security policy, using the Circuits of Power as a Framework for the analysis. A case study research was conducted in a public sector organization that introduced a security policy in order to comply with the law. The authors interviewed members of the organization to explore the different aspects of power relations which were intertwined with the implementation of the policy and used the Circuits of Power to analyze the data gathered. The conclusions derived from the analysis illustrate the role of power in the policy implementation process and indicate that a power perspective provides useful insight in the study of factors affecting the implementation of security policies.

[1]  Gurpreet Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[2]  James Backhouse,et al.  Circuits of Power in Creating de jure Standards: Shaping an International Information Systems Security Standard , 2006, MIS Q..

[3]  SilvaLeiser,et al.  Circuits of power in creating de jure standards , 2006 .

[4]  Shoshana Zuboff In the Age of the Smart Machine , 1988 .

[5]  G. Sewell,et al.  `Someone to Watch Over Me': Surveillance, Discipline and the Just-in-Time Labour Process , 1992 .

[6]  A. Giddens The Constitution of Society , 1985 .

[7]  Shoshana Zuboff,et al.  In the Age of the Smart Machine: The Future of Work and Power , 1989 .

[8]  M. Lynne Markus,et al.  Power, politics, and MIS implementation , 1987, CACM.

[9]  Charles Cresson Wood An Unappreciated Reason Why Information Security Policies Fail , 2000 .

[10]  Chrisanthi Avgerou,et al.  Information systems: what sort of science is it? , 2000 .

[11]  S. Lukes Power: A Radical View , 1974 .

[12]  Rudy Hirschheim,et al.  Symbolism and Information Systems Development: Myth, Metaphor and Magic , 1991, Inf. Syst. Res..

[13]  B. Latour Reassembling the Social: An Introduction to Actor-Network-Theory , 2005 .

[14]  Brian S. Butler,et al.  Power and Information Technology Research: A Metatriangulation Review , 2002, MIS Q..

[15]  M. Callon Some Elements of a Sociology of Translation: Domestication of the Scallops and the Fishermen of St Brieuc Bay , 1984 .

[16]  Bill Doolin,et al.  Power and resistance in the implementation of a medical management information system , 2004, Inf. Syst. J..

[17]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[18]  James Backhouse,et al.  The Circuits-of-Power Framework for Studying Power in Institutionalization of Information Systems , 2003, J. Assoc. Inf. Syst..

[19]  Lucas D. Introna,et al.  Privacy in the Information Age: Stakeholders, Interests and Values , 1999, Journal of business ethics : JBE.

[20]  Niels Bjørn-Andersen,et al.  International Conference on Information Systems ( ICIS ) 1986 POWER OVER USERS : ITS EXERCISE BY SYSTEM PROFESSIONALS , 2017 .

[21]  Stewart Clegg,et al.  Frameworks of power , 1989 .

[22]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[23]  B. Latour Science in Action , 1987 .

[24]  Charles Cresson Wood,et al.  Information systems security: Management success factors , 1987, Comput. Secur..

[25]  M. Foucault,et al.  Power/Knowledge: Selected Interviews and Other Writings 1972-1977 , 1980 .

[26]  David A. Fisher,et al.  Survivability—a new technical and business perspective on security , 1999, NSPW '99.

[27]  Evangelos A. Kiountouzis,et al.  Redefining Information Systems Security: Viable Information Systems , 2001, SEC.

[28]  Jan H. P. Eloff,et al.  Feature: What Makes an Effective Information Security Policy? , 2002 .

[29]  JaspersonJon Sean,et al.  Review: power and information technology research , 2002 .