Given that there are an increasing number of information security breaches, organizations are being driven to adopt best practice for coping with attacks. Information security standards are designed to embody best practice and the legitimacy of these standards is a core issue for standardizing organizations. This study uncovers how structures at play in de jure standard development affect the input and throughput legitimacy of standards. We participated as members responsible for standards on information security and our analysis revealed two structures: consensus and warfare. A major implication of the combination of these structures is that legitimacy claims based on appeals to best practice are futile because it is difficult to know which the best practice is.

鉴于存在越来越多的信息安全漏洞，组织正被迫采用最佳实践来应对攻击。信息安全标准旨在体现最佳实践，这些标准的合法性是标准化组织的核心问题。这项研究揭示了法律标准开发中的结构如何影响标准的输入和吞吐量合法性。我们作为负责信息安全标准的成员参与其中，我们的分析揭示了两种结构：共识和战争。这些结构组合的一个主要含义是，基于诉诸最佳实践的合法性主张是徒劳的，因为很难知道哪个是最佳实践。