Author List: Smith, Stephen; Winchester, Donald; Bunker, Deborah; Jamieson, Rodger;
MIS Quarterly, 2010, Volume 34, Issue 3, Page 463-486.
Organizations need to protect information assets against cyber crime, denial-of-service attacks, web hackers, data breaches, identity and credit card theft, and fraud. Criminals often try to achieve financial, political, or personal gain through these attacks, so the threats that their actions prompt are insidious motivators for organizations to adopt information systems security (ISS) approaches. Extant ISS research has traditionally examined ISS in e-commerce business organizations. The present study investigates ISS within government, analyzing power relationships during an ISS standards adoption and accreditation process, where a head of state mandates that all government agencies are to comply with a national de jure ISS standard. Using a canonical action research method, designated managers of ISS services across small, medium, and large agencies were monitored and assessed for progress to accreditation through surveys, interviews, participant observation at round table forums, and focus groups. By 2008, accreditation status across the 89 agencies participating in this study was approximately 33 percent fully accredited, with 67 percent partially compliant. The research uses Clegg's (1989) circuits of power framework to interpret power, resistance, norms, and cultural relationships in the process of compliance. The paper highlights that a strategy based on organization subunit size is helpful in motivating and assisting organizations to move toward accreditation. Mandated standard accreditation was inhibited by insufficient resource allocation, lack of senior management input, and commitment. Factors contributing to this resistance were group norms and cultural biases.
Keywords: Canonical action research; circuits of power; culture; e-commerce; Information systems security (ISS); institutionalization; ISS de jure standards; norms; politics and power; resistance

List of Topics

#282 0.123 power perspective process study rational political perspectives politics theoretical longitudinal case social rationality formation construction shows multiple instead understanding fact
#186 0.118 security information compliance policy organizations breach disclosure policies deterrence breaches incidents results study abuse managed isp violations based comply protection
#86 0.095 methods information systems approach using method requirements used use developed effective develop determining research determine assessment useful series critical existing
#200 0.087 banking bank multilevel banks level individual implementation analysis resistance financial suggests modeling group large bank's services levels national data early
#79 0.081 public government private sector state policy political citizens governments contributors agencies issues forums mass development organizations issue differences economic study
#28 0.061 cultural culture differences cross-cultural states united status national cultures japanese studies japan influence comparison versus china participants country singapore diverse
#104 0.059 action research engagement principles model literature actions focus provides developed process emerging establish field build guidance known project elements insights
#192 0.051 small business businesses firms external firm's growth size level expertise used high major environment lack resources companies internally factors internal