This research argues that organizational power impacts the development and implementation of
Information Systems (IS) Security policy. The study was conducted via an in depth case study at the IT
department within a large financial organization in the United States. The theoretical foundation for the
research was based was Clegg’s (2002) Circuits of Power. A conceptual framework was created
utilizing Circuits of Power. This was used to study power relationships and how they might affect the
formulation and implementation of IS Security policy in this organization. The case study demonstrated
that power relationships have a clear impact on the IS security policy process. Though there is a strong
security culture at the organization and a well defined set of processes, an improvement in the process
and ensuing security culture is possible by accounting for the effect of power relationships.
Lapke, M and Dhillon, Gaurpreet, "Power Relationships in Information Systems Security Policy Formulation and Implementation" (2008). ECIS 2008 Proceedings. 119.