Abstract
This paper uses the perspective of power in the study of IS security management. We explore the role of power in the implementation of an information systems security policy, using the Circuits of Power as a Framework for the analysis. A case study research was conducted in a public sector organization that introduced a security policy in order to comply with the law. The authors interviewed members of the organization to explore the different aspects of power relations which were intertwined with the implementation of the policy and used the Circuits of Power to analyze the data gathered. The conclusions derived from the analysis illustrate the role of power in the policy implementation process and indicate that a power perspective provides useful insight in the study of factors affecting the implementation of security policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Avgerou, C.: Information systems: what sort of science is it? Omega 28, 567–579 (2000)
Markus, L.: Power, Politics, and MIS Implementation. Communications of the ACM 26(6), 430–444 (1983)
Silva, L., Backhouse, J.: The Circuits-of-Power Framework for Studying Power in Institutionalization of Information Systems. Journal of the Association for Information Systems 4(6), 294–336 (2003)
Doolin, B.: Power and resistance in the implementation of a medical management information system. Info Systems J. 14, 343–362 (2004)
Karyda, M., Kiountouzis, E., Kokolakis, S.: Information systems security policies: a contextual perspective. Computers and Security 24(3), 246–260 (2005)
Hone, K., Eloff, J.: What makes an effective security policy? Network and Security 6, 14–16 (2002)
Goodwin, B.: Companies are at risk from staff ignorance. Computer Weekly, 00104787, 1/27/2004 (2004)
Hirschheim, R., Newman, M.: Symbolism and Information Systems Development: Myth, Metaphor and Magic. Information Systems Research 2(1), 29–62 (1991)
Zuboff, S.: In the age of the smart machine. Basic Books, New York (1988)
Sewell, G., Wilkinson, B.: Someone to watch over me: surveillance, discipline and just-in-time labour process. Sociology 26, 271–289 (1992)
Markus, L., Bjorn-Andersen, N.: Power over users: Its exercise by system professionals. Communications of the ACM 30(6), 498–504 (1987)
Jasperson, J., Carte, T., Saunders, C., Butler, B., Croes, H., Zheng, W.: Review: Power and Information Technology Research. MIS Quarterly 26(4), 397–459 (2002)
Dhillon, G., Backhouse, J.: Current directions in IS security research: towards socio-organisational perspectives. Information Systems Journal (11), 127–153 (2001)
Karyda, M., Kokolakis, S., Kiountouzis, E.: Redefining Information Systems Security: Viable Information Systems. In: The Proceedings of the 16th IFIP International Conference on Information Security (SEC 2001), Paris, France, June 2001, pp. 453–467. Kluwer Academic Publishers, Dordrecht (2001)
Lipson, H., Fisher, D.: Survivability – a new technical and business perspective on security. In: The proceedings of the New Security Paradigm Workshop, June 1999, Canada (1999)
Dhillon, G., Backhouse, J.: Information System Security Management in the new Millennium. Communications of the ACM 43(7), 125–128 (2000)
Introna, L., Pouloudi, A.: Privacy in the Information Age: Stakeholders, Interests and Values. Journal of Business Ethics 22, 27–38 (1999)
Wood, C.: An unappreciated reason why security policies fail. Computer Fraud and Security 10, 13–14 (2000)
Wood, C.: Information systems security: Management success factors. Computer and Security 6, 314–320 (1987)
Clegg, S.R.: Frameworks of power. Sage Publications, London (1989)
Callon, M.: Some elements of sociology of translation: Domestication of the scallops and the fishermen of St Brieuc Bay. In: Law, J. (ed.) Power, Action and Belief, pp. 196–233. Routledge and Kegan Paul, London (1986)
Latour, B.: Science in Action. Harvard University Press, Cambridge, MA (1987)
Foucault, M.: Power/Knowledge: Selected interviews and other writings 1972-77. Harvester Press, Brighton, UK (1980)
Lukes, S.: Power: A radical view. The Macmillan Press Ltd, London (1974)
Giddens, A.: The constitution of society. Polity press, Cambridge, UK (1984)
Backhouse, J., Hsu, C., Silva, L.: Circuits of Power in Creating de jure Standards: Shaping an International Information Systems Security Standard. MIS Quarterly 30, 413–438 (2006)
Latour, B.: Reassembling the Social: An Introduction to Actor-Network-Theory. Oxford University Press, Oxford (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fragos, C., Karyda, M., Kiountouzis, E. (2007). Using the Lens of Circuits of Power in Information Systems Security Management. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)