“Standardizing information security – a structurational analysis”
研究揭示了信息安全标准制定过程中共识与斗争两种结构如何影响标准的输入和过程合法性,指出基于最佳实践的合法性主张难以成立。
Given that there are an increasing number of information security breaches, organizations are being driven to adopt best practice for coping with attacks. Information security standards are designed to embody best practice and the legitimacy of these standards is a core issue for standardizing organizations. This study uncovers how structures at play in de jure standard development affect the input and throughput legitimacy of standards. We participated as members responsible for standards on information security and our analysis revealed two structures: consensus and warfare. A major implication of the combination of these structures is that legitimacy claims based on appeals to best practice are futile because it is difficult to know which the best practice is.