Circuits of power: A study of mandated compliance to an information systems security de jure standard in a government organization

Stephen Smith, Donald Winchester, Deborah Bunker, Rodger Jamieson

Research output: Contribution to journalArticlepeer-review

110 Citations (Scopus)


Organizations need to protect information assets against cyber crime, denial-of-service attacks, web hackers, data breaches, identity and credit card theft, and fraud. Criminals often try to achieve financial, political, or personal gain through these attacks, so the threats that their actions prompt are insidious motivators for organizations to adopt information systems security (ISS) approaches. Extant ISS research has traditionally examined ISS in E-commerce business organizations. The present study investigates ISS within government, analyzing power relationships during an ISS standards adoption and accreditation process, where a head of state mandates that all government agencies are to comply with a national de jure ISS standard. Using a canonical action research method, designated managers of ISS services across small, medium, and large agencies were monitored and assessed for progress to accreditation through surveys, interviews, participant observation at round table forums, and focus groups. By 2008, accreditation status across the 89 agencies participating in this study was approximately 33 percentfully accredited, with 67 percent partially compliant. The research uses Clegg's (1989) circuits of power frame-work to interpret power, resistance, norms, and cultural relationships in the process of compliance. The paper highlights that a strategy based on organization subunit size is helpful in motivating and assisting organizations to move toward accreditation. Mandated standard accreditation was inhibited by insufficient resource allocation, lack of senior management input, and commitment. Factors contributing to this resistance were group norms and cultural biases.
Original languageEnglish
Pages (from-to)463-486
Number of pages24
JournalMIS Quarterly: Management Information Systems
Issue numberSPEC. ISSUE 3
Publication statusPublished - 1 Jan 2010
Externally publishedYes


  • Canonical action research
  • Circuits of power
  • Culture
  • E-commerce
  • ISS de jure standards
  • Information systems security (ISS)
  • Institutionalization
  • Norms
  • Politics and power
  • Resistance


Dive into the research topics of 'Circuits of power: A study of mandated compliance to an information systems security de jure standard in a government organization'. Together they form a unique fingerprint.

Cite this