Location
67.303
Start Date
6-12-2016 11:30 AM
End Date
6-12-2016 12:00 PM
Presentation Type
Paper
Description
Abstract: This study examines the crafting of an information security policy as a process of legitimising. Drawing on organisational research on legitimacy and legitimisation and on 15-month ethnographic study of a multinational corporation that sought to craft a new policy, the study identifies four legitimising strategies employed during policy crafting: (1) inviting participation, (2) embedding into existing practices, (3) advertising and (4) formalising and professionalising. The study conceptualises policy crafting as being constituted through iterative and recursive relationship of legitimising strategies and policy amendments. The study contributes to literature on information security management, on information security policies and on legitimacy.
Legitimising Information Security Policy during Policy Crafting: Exploring Legitimising Strategies
67.303
Abstract: This study examines the crafting of an information security policy as a process of legitimising. Drawing on organisational research on legitimacy and legitimisation and on 15-month ethnographic study of a multinational corporation that sought to craft a new policy, the study identifies four legitimising strategies employed during policy crafting: (1) inviting participation, (2) embedding into existing practices, (3) advertising and (4) formalising and professionalising. The study conceptualises policy crafting as being constituted through iterative and recursive relationship of legitimising strategies and policy amendments. The study contributes to literature on information security management, on information security policies and on legitimacy.