Fighting computer crime: a new framework for protecting information
Fighting computer crime: a new framework for protecting information
Detering Highly Motivated Computer Abusers: A Field Experiment in Computer Security
IFIP/Sec '92 Proceedings of the IFIP TC11, Eigth International Conference on Information Security: IT Security: The Need for International Cooperation
Information Systems Research
The impact of deterrent countermeasures upon individual intent to commit misuse: a behavioral approach
An integrative model of computer abuse based on social control and general deterrence theories
Information and Management
Punishment and ethics deterrents: A study of insider security contravention
Journal of the American Society for Information Science and Technology
Understanding the perpetration of employee computer crime in the organisational context
Information and Organization
Deterring internal information systems misuse
Communications of the ACM
Neutralization theory and online software piracy: An empirical analysis
Ethics and Information Technology
Computers in Human Behavior
Violent street crime: Making sense of seemingly senseless acts
International Review of Law, Computers and Technology - CRIME AND CRIMINAL JUSTICE
Information Systems Research
Overcoming the insider: reducing employee computer crime through Situational Crime Prevention
Communications of the ACM - The Status of the P versus NP Problem
Prevalence, perceived seriousness, justification and regulation of cyberloafing in Singapore
Information and Management
Does deterrence work in reducing information security policy abuse by employees?
Communications of the ACM
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
Incident-centered information security: Managing a strategic balance between prevention and response
Information and Management
Hi-index | 0.00 |
Recent academic investigations of computer security policy violations have largely focused on nonmalicious noncompliance due to poor training, low employee motivation, weak affective commitment, or individual oversight. Established theoretical foundations applied to this domain have related to protection motivation, deterrence, planned behavior, self-efficacy, individual adoption factors, organizational commitment, and other individual cognitive factors. But another class of violation demands greater research emphasis: the intentional commission of computer security policy violation, or insider computer abuse. Whether motivated by greed, disgruntlement, or other psychological processes, this act has the greatest potential for loss and damage to the employer. We argue the focus must include not only the act and its immediate antecedents of intention (to commit computer abuse) and deterrence (of the crime), but also phenomena which temporally precede these areas. Specifically, we assert the need to consider the thought processes of the potential offender and how these are influenced by the organizational context, prior to deterrence. We believe the interplay between thought processes and this context may significantly impact the efficacy of IS security controls, specifically deterrence safeguards. Through this focus, we extend the Straub and Welke (1998) security action cycle framework and propose three areas worthy of empirical investigation--techniques of neutralization (rationalization), expressive/instrumental criminal motivations, and disgruntlement as a result of perceptions of organizational injustice--and propose questions for future research in these areas.