IDEAS home Printed from https://ideas.repec.org/p/ehl/lserod/68348.html
   My bibliography  Save this paper

Resistance and power in a security certification scheme: the case of c:cure

Author

Listed:
  • Silva, Leiser
  • Hsu, Carol
  • Backhouse, James
  • McDonnell, Aidan

Abstract

Using the lens of Clegg's circuits of power (CoP) framework, this study examines the resistance to a UK information security certification scheme through three episodes of power that led to its withdrawal in 2000. The UK authorities sought to generate market competition between a generic certificate scheme with lower costs and international recognition and one based on technical rigor, but they failed in their objectives because of resistance from organizational players. This paper makes contributions to the understanding of the discursive nature of resistance to change in the research of standards and certification, and contributes to the literature by formulating the concept of discourse resilience: the property of discourses to resist change. It identifies the non-agentic nature of resistance in the absence of coercive power and presents a reflection on legitimacy as a required attribute for the acceptance of a certificate scheme. The research finds that what organizations deem to be legitimate is the result of power.

Suggested Citation

  • Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    • Handle: RePEc:ehl:lserod:68348
    as

    Download full text from publisher

    File URL: http://eprints.lse.ac.uk/68348/
    File Function: Open access version.
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Pushkala Prasad & Anshuman Prasad, 2000. "Stretching the Iron Cage: The Constitution and Implications of Routine Workplace Resistance," Organization Science, INFORMS, vol. 11(4), pages 387-403, August.
    2. Hayagreeva Rao, 1994. "The Social Construction of Reputation: Certification Contests, Legitimation, and the Survival of Organizations in the American Automobile Industry: 1895–1912," Strategic Management Journal, Wiley Blackwell, vol. 15(S1), pages 29-44, December.
    3. Smith, Adam, 1977. "An Inquiry into the Nature and Causes of the Wealth of Nations," University of Chicago Press Economics Books, University of Chicago Press, number 9780226763743 edited by Cannan, Edwin, September.
    4. Olivier Boiral, 2003. "ISO 9000: Outside the Iron Cage," Organization Science, INFORMS, vol. 14(6), pages 720-737, December.
    5. Allen S. Lee & Richard L. Baskerville, 2003. "Generalizing Generalizability in Information Systems Research," Information Systems Research, INFORMS, vol. 14(3), pages 221-243, September.
    6. A.M. Lima, Marcos & Resende, Marcelo & Hasenclever, Lia, 2000. "Quality certification and performance of Brazilian firms: An empirical study," International Journal of Production Economics, Elsevier, vol. 66(2), pages 143-147, June.
    7. Leland, Hayne E, 1979. "Quacks, Lemons, and Licensing: A Theory of Minimum Quality Standards," Journal of Political Economy, University of Chicago Press, vol. 87(6), pages 1328-1346, December.
    8. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    9. Ruihua Joy Jiang & Pratima Bansal, 2003. "Seeing the Need for ISO 14001," Journal of Management Studies, Wiley Blackwell, vol. 40(4), pages 1047-1067, June.
    10. Swann, Peter & Shurmer, Mark, 1994. "The emergence of standards in PC software: who would benefit from institutional intervention?," Information Economics and Policy, Elsevier, vol. 6(3-4), pages 295-318, December.
    11. Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    12. Foray, Dominique, 1994. "Users, standards and the economics of coalitions and committees," Information Economics and Policy, Elsevier, vol. 6(3-4), pages 269-293, December.
    13. Rajiv Sabherwal & Rudy Hirschheim & Tim Goles, 2001. "The Dynamics of Alignment: Insights from a Punctuated Equilibrium Model," Organization Science, INFORMS, vol. 12(2), pages 179-197, April.
    14. Ku, Cheng-Yuan & Chang, Yi-Wen & Yen, David C., 2009. "National information security policy and its implementation: A case study in Taiwan," Telecommunications Policy, Elsevier, vol. 33(7), pages 371-384, August.
    15. Marie-Laure Salles-Djelic, 1998. "Exporting the American Model," Post-Print hal-01892020, HAL.
    16. Stanley M. Besen & Joseph Farrell, 1994. "Choosing How to Compete: Strategies and Tactics in Standardization," Journal of Economic Perspectives, American Economic Association, vol. 8(2), pages 117-131, Spring.
    17. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Milad Mirbabaie & Felix Brünker & Nicholas R. J. Möllmann Frick & Stefan Stieglitz, 2022. "The rise of artificial intelligence – understanding the AI identity threat at the workplace," Electronic Markets, Springer;IIM University of St. Gallen, vol. 32(1), pages 73-99, March.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. V. S. Prakash Attili & Saji K. Mathew & Vijayan Sugumaran, 2022. "Information Privacy Assimilation in IT Organizations," Information Systems Frontiers, Springer, vol. 24(5), pages 1497-1513, October.
    2. Belleflamme, Paul, 2002. "Coordination on formal vs. de facto standards: a dynamic approach," European Journal of Political Economy, Elsevier, vol. 18(1), pages 153-176, March.
    3. Luis Perez-Batres & Jonathan Doh & Van Miller & Michael Pisani, 2012. "Stakeholder Pressures as Determinants of CSR Strategic Choice: Why do Firms Choose Symbolic Versus Substantive Self-Regulatory Codes of Conduct?," Journal of Business Ethics, Springer, vol. 110(2), pages 157-172, October.
    4. Olivier Boiral, 2007. "Corporate Greening Through ISO 14001: A Rational Myth?," Organization Science, INFORMS, vol. 18(1), pages 127-146, February.
    5. Scott D. Graffin & Andrew J. Ward, 2010. "Certifications and Reputation: Determining the Standard of Desirability Amidst Uncertainty," Organization Science, INFORMS, vol. 21(2), pages 331-346, April.
    6. Myeonggil Choi & Jungwoo Lee & Kumju Hwang, 2018. "Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism," Sustainability, MDPI, vol. 10(5), pages 1-25, May.
    7. Lauren Lanahan & Daniel Armanios, 2018. "Does More Certification Always Benefit a Venture?," Organization Science, INFORMS, vol. 29(5), pages 931-947, October.
    8. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 2017. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 19(3), pages 509-524, June.
    9. Sumantra Sarkar & Anthony Vance & Balasubramaniam Ramesh & Menelaos Demestihas & Daniel Thomas Wu, 2020. "The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context," Information Systems Research, INFORMS, vol. 31(4), pages 1240-1259, December.
    10. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    11. Jack Shih-Chieh Hsu & Sheng-Pao Shih & Yu Wen Hung & Paul Benjamin Lowry, 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information Systems Research, INFORMS, vol. 26(2), pages 282-300, June.
    12. Mengmeng Song & Joseph Ugrin & Man Li & Jinnan Wu & Shanshan Guo & Wenpei Zhang, 2021. "Do Deterrence Mechanisms Reduce Cyberloafing When It Is an Observed Workplace Norm? A Moderated Mediation Model," IJERPH, MDPI, vol. 18(13), pages 1-16, June.
    13. Alberto Díaz de Junguitu & Erlantz Allur, 2019. "The Adoption of Environmental Management Systems Based on ISO 14001, EMAS, and Alternative Models for SMEs: A Qualitative Empirical Study," Sustainability, MDPI, vol. 11(24), pages 1-17, December.
    14. Singh, Prakash J., 2008. "Empirical assessment of ISO 9000 related management practices and performance relationships," International Journal of Production Economics, Elsevier, vol. 113(1), pages 40-59, May.
    15. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    16. Pieter Jong & Antony Paulraj & Constantin Blome, 2014. "The Financial Impact of ISO 14001 Certification: Top-Line, Bottom-Line, or Both?," Journal of Business Ethics, Springer, vol. 119(1), pages 131-149, January.
    17. Deishin Lee & Haim Mendelson, 2007. "Adoption of Information Technology Under Network Effects," Information Systems Research, INFORMS, vol. 18(4), pages 395-413, December.
    18. A. J. Burns & Tom L. Roberts & Clay Posey & Paul Benjamin Lowry & Bryan Fuller, 2023. "Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse," Information Systems Research, INFORMS, vol. 34(1), pages 342-362, March.
    19. Eun Hee Park & Jongwoo Kim & Lynn Wiles, 2023. "The role of collectivism and moderating effect of IT proficiency on intention to disclose protected health information," Information Technology and Management, Springer, vol. 24(2), pages 177-193, June.
    20. Stefano Castriota & Marco Delmastro, 2010. "Individual and Collective Reputation: Lessons from the Wine Market," L'industria, Società editrice il Mulino, issue 1, pages 149-172.

    More about this item

    Keywords

    Information security certification; Circuits of power; Resistance; Qualitative research;
    All these keywords.

    JEL classification:

    • J50 - Labor and Demographic Economics - - Labor-Management Relations, Trade Unions, and Collective Bargaining - - - General
    • G32 - Financial Economics - - Corporate Finance and Governance - - - Financing Policy; Financial Risk and Risk Management; Capital and Ownership Structure; Value of Firms; Goodwill

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ehl:lserod:68348. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: LSERO Manager (email available below). General contact details of provider: https://edirc.repec.org/data/lsepsuk.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.