To read this content please select one of the options below:

Regulating digital security by design? Implications of the perspectives from DSbD programme stakeholders

Ian Slesinger (Information Security Group, Royal Holloway, University of London, Egham, UK)
Niki Panteli (Department of Management Science, Lancaster University Management School, Lancaster, UK)
Lizzie Coles-Kemp (Information Security Group, Royal Holloway, University of London, Egham, UK)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 18 June 2024

Issue publication date: 20 November 2024

20

Abstract

Purpose

As part of the growing necessity for inter-organisational and multi-disciplinary interaction to facilitate complex innovation in digital security, there needs to be greater engagement with regulation in the innovation process. This is particularly true in the case of security technologies that are embedded within wider systems and that are largely invisible to most of the users of that system. This paper aims to describe stakeholders’ perspectives on regulation in the digital security innovation process and evaluates the implications of these perspectives on anticipatory regulation in digital security.

Design/methodology/approach

Using a qualitative methodology based on semi-structured expert interviews and ethnographic participant observation, the study draws on the authors’ involvement in a formally organised programme of academia–industry–government collaboration called Digital Security by Design (DSbD).

Findings

The study highlights a relational dimension to establishing regulatory responsibilities that is enabled through interdisciplinary dialogue. The study contributes to understanding the multifaceted roles of regulation in digital security innovation across organisations and areas of expertise. It does so by identifying four themes in how regulation is perceived in the DSbD programme: ethical imperative, adding value, adoption lever and passive compliance.

Practical implications

Incorporating regulatory responsibilities through dialogue early in the innovation process, rather than only once a security technology’s deleterious effects are noticeable, which could make digital innovation and transformation safer and better regulated. It can also make regulation successfully adopted, rather than an exercise in damage control or an adversarial process between regulators and organisations.

Originality/value

This paper presents original empirical research on how regulation is considered by stakeholders in a novel multi-disciplinary digital security innovation process. It then uses these findings as a basis to evaluate the implications for establishing regulatory responsibilities for a class of security technologies that are embedded within wider systems and that are largely invisible to most of the users of those wider systems.

Keywords

Acknowledgements

The authors would like to thank their participants for the time and effort they spent engaging with them. Contributions from Slesinger, Coles-Kemp, and Panteli were funded by ESRC, grant number: ES/V003666/1. For the purpose of open access, the author has applied a Creative Commons Attribution (CC BY) licence to any Author Accepted Manuscript version arising.

Citation

Slesinger, I., Panteli, N. and Coles-Kemp, L. (2024), "Regulating digital security by design? Implications of the perspectives from DSbD programme stakeholders", Information and Computer Security, Vol. 32 No. 5, pp. 676-690. https://doi.org/10.1108/ICS-01-2023-0010

Publisher

:

Emerald Publishing Limited

Copyright © 2024, Emerald Publishing Limited

Related articles