IDEAS home Printed from https://ideas.repec.org/p/ehl/lserod/68348.html
   My bibliography  Save this paper

Resistance and power in a security certification scheme: the case of c:cure

Author

Listed:
  • Silva, Leiser
  • Hsu, Carol
  • Backhouse, James
  • McDonnell, Aidan

Abstract

Using the lens of Clegg's circuits of power (CoP) framework, this study examines the resistance to a UK information security certification scheme through three episodes of power that led to its withdrawal in 2000. The UK authorities sought to generate market competition between a generic certificate scheme with lower costs and international recognition and one based on technical rigor, but they failed in their objectives because of resistance from organizational players. This paper makes contributions to the understanding of the discursive nature of resistance to change in the research of standards and certification, and contributes to the literature by formulating the concept of discourse resilience: the property of discourses to resist change. It identifies the non-agentic nature of resistance in the absence of coercive power and presents a reflection on legitimacy as a required attribute for the acceptance of a certificate scheme. The research finds that what organizations deem to be legitimate is the result of power.

Suggested Citation

  • Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    • Handle: RePEc:ehl:lserod:68348
    as

    Download full text from publisher

    File URL: http://eprints.lse.ac.uk/68348/
    File Function: Open access version.
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Pushkala Prasad & Anshuman Prasad, 2000. "Stretching the Iron Cage: The Constitution and Implications of Routine Workplace Resistance," Organization Science, INFORMS, vol. 11(4), pages 387-403, August.
    2. Hayagreeva Rao, 1994. "The Social Construction of Reputation: Certification Contests, Legitimation, and the Survival of Organizations in the American Automobile Industry: 1895–1912," Strategic Management Journal, Wiley Blackwell, vol. 15(S1), pages 29-44, December.
    3. Smith, Adam, 1977. "An Inquiry into the Nature and Causes of the Wealth of Nations," University of Chicago Press Economics Books, University of Chicago Press, number 9780226763743 edited by Cannan, Edwin, January.
    4. Olivier Boiral, 2003. "ISO 9000: Outside the Iron Cage," Organization Science, INFORMS, vol. 14(6), pages 720-737, December.
    5. Allen S. Lee & Richard L. Baskerville, 2003. "Generalizing Generalizability in Information Systems Research," Information Systems Research, INFORMS, vol. 14(3), pages 221-243, September.
    6. A.M. Lima, Marcos & Resende, Marcelo & Hasenclever, Lia, 2000. "Quality certification and performance of Brazilian firms: An empirical study," International Journal of Production Economics, Elsevier, vol. 66(2), pages 143-147, June.
    7. Leland, Hayne E, 1979. "Quacks, Lemons, and Licensing: A Theory of Minimum Quality Standards," Journal of Political Economy, University of Chicago Press, vol. 87(6), pages 1328-1346, December.
    8. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    9. Ruihua Joy Jiang & Pratima Bansal, 2003. "Seeing the Need for ISO 14001," Journal of Management Studies, Wiley Blackwell, vol. 40(4), pages 1047-1067, June.
    10. Swann, Peter & Shurmer, Mark, 1994. "The emergence of standards in PC software: who would benefit from institutional intervention?," Information Economics and Policy, Elsevier, vol. 6(3-4), pages 295-318, December.
    11. Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    12. Foray, Dominique, 1994. "Users, standards and the economics of coalitions and committees," Information Economics and Policy, Elsevier, vol. 6(3-4), pages 269-293, December.
    13. Rajiv Sabherwal & Rudy Hirschheim & Tim Goles, 2001. "The Dynamics of Alignment: Insights from a Punctuated Equilibrium Model," Organization Science, INFORMS, vol. 12(2), pages 179-197, April.
    14. Ku, Cheng-Yuan & Chang, Yi-Wen & Yen, David C., 2009. "National information security policy and its implementation: A case study in Taiwan," Telecommunications Policy, Elsevier, vol. 33(7), pages 371-384, August.
    15. Marie-Laure Salles-Djelic, 1998. "Exporting the American Model," Post-Print hal-01892020, HAL.
    16. Stanley M. Besen & Joseph Farrell, 1994. "Choosing How to Compete: Strategies and Tactics in Standardization," Journal of Economic Perspectives, American Economic Association, vol. 8(2), pages 117-131, Spring.
    17. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Milad Mirbabaie & Felix Brünker & Nicholas R. J. Möllmann Frick & Stefan Stieglitz, 2022. "The rise of artificial intelligence – understanding the AI identity threat at the workplace," Electronic Markets, Springer;IIM University of St. Gallen, vol. 32(1), pages 73-99, March.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Belleflamme, Paul, 2002. "Coordination on formal vs. de facto standards: a dynamic approach," European Journal of Political Economy, Elsevier, vol. 18(1), pages 153-176, March.
    2. Luis Perez-Batres & Jonathan Doh & Van Miller & Michael Pisani, 2012. "Stakeholder Pressures as Determinants of CSR Strategic Choice: Why do Firms Choose Symbolic Versus Substantive Self-Regulatory Codes of Conduct?," Journal of Business Ethics, Springer, vol. 110(2), pages 157-172, October.
    3. Scott D. Graffin & Andrew J. Ward, 2010. "Certifications and Reputation: Determining the Standard of Desirability Amidst Uncertainty," Organization Science, INFORMS, vol. 21(2), pages 331-346, April.
    4. V. S. Prakash Attili & Saji K. Mathew & Vijayan Sugumaran, 2022. "Information Privacy Assimilation in IT Organizations," Information Systems Frontiers, Springer, vol. 24(5), pages 1497-1513, October.
    5. Olivier Boiral, 2007. "Corporate Greening Through ISO 14001: A Rational Myth?," Organization Science, INFORMS, vol. 18(1), pages 127-146, February.
    6. Myeonggil Choi & Jungwoo Lee & Kumju Hwang, 2018. "Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism," Sustainability, MDPI, vol. 10(5), pages 1-25, May.
    7. Sumantra Sarkar & Anthony Vance & Balasubramaniam Ramesh & Menelaos Demestihas & Daniel Thomas Wu, 2020. "The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context," Information Systems Research, INFORMS, vol. 31(4), pages 1240-1259, December.
    8. Mengmeng Song & Joseph Ugrin & Man Li & Jinnan Wu & Shanshan Guo & Wenpei Zhang, 2021. "Do Deterrence Mechanisms Reduce Cyberloafing When It Is an Observed Workplace Norm? A Moderated Mediation Model," IJERPH, MDPI, vol. 18(13), pages 1-16, June.
    9. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    10. A. J. Burns & Tom L. Roberts & Clay Posey & Paul Benjamin Lowry & Bryan Fuller, 2023. "Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse," Information Systems Research, INFORMS, vol. 34(1), pages 342-362, March.
    11. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    12. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    13. Yajiong Xue & Huigang Liang & Liansheng Wu, 2011. "Punishment, Justice, and Compliance in Mandatory IT Settings," Information Systems Research, INFORMS, vol. 22(2), pages 400-414, June.
    14. Jaehyeon Ju & Daegon Cho & Jae Kyu Lee & Jae‐Hyeon Ahn, 2021. "Can It Clean Up Your Inbox? Evidence from South Korean Anti‐spam Legislation," Production and Operations Management, Production and Operations Management Society, vol. 30(8), pages 2636-2652, August.
    15. Hou, Ye & Gao, Ping & Nicholson, Brian, 2018. "Understanding organisational responses to regulative pressures in information security management: The case of a Chinese hospital," Technological Forecasting and Social Change, Elsevier, vol. 126(C), pages 64-75.
    16. Stefano Castriota & Marco Delmastro, 2010. "Individual and Collective Reputation: Lessons from the Wine Market," L'industria, Società editrice il Mulino, issue 1, pages 149-172.
    17. Pablo Arocena & Raquel Orcos & Fedaous Zouaghi, 2021. "The impact of ISO 14001 on firm environmental and economic performance: The moderating role of size and environmental awareness," Business Strategy and the Environment, Wiley Blackwell, vol. 30(2), pages 955-967, February.
    18. Li, Yuanxiang John & Hoffman, Elizabeth, 2023. "Designing an incentive mechanism for information security policy compliance: An experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 212(C), pages 138-159.
    19. Paul Lowry & Clay Posey & Tom Roberts & Rebecca Bennett, 2014. "Is Your Banker Leaking Your Personal Information? The Roles of Ethics and Individual-Level Cultural Characteristics in Predicting Organizational Computer Abuse," Journal of Business Ethics, Springer, vol. 121(3), pages 385-401, May.
    20. van de Kaa, Geerten & Janssen, Marijn & Rezaei, Jafar, 2018. "Standards battles for business-to-government data exchange: Identifying success factors for standard dominance using the Best Worst Method," Technological Forecasting and Social Change, Elsevier, vol. 137(C), pages 182-189.

    More about this item

    Keywords

    Information security certification; Circuits of power; Resistance; Qualitative research;
    All these keywords.

    JEL classification:

    • J50 - Labor and Demographic Economics - - Labor-Management Relations, Trade Unions, and Collective Bargaining - - - General
    • G32 - Financial Economics - - Corporate Finance and Governance - - - Financing Policy; Financial Risk and Risk Management; Capital and Ownership Structure; Value of Firms; Goodwill

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ehl:lserod:68348. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: LSERO Manager (email available below). General contact details of provider: https://edirc.repec.org/data/lsepsuk.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.