Understanding the offender/environment dynamic for computer crimes

While a number of IS security researchers consider the threat posed by employees who perpetrate computer crime, there is currently a lack of insight into how the offender interacts with the criminal context both prior to and during commission. A greater understanding of this relationship may complement existing security practices by possibly highlighting new areas for safeguard implementation. To help facilitate a greater understanding of the offender/environment dynamic, this paper, therefore, aims to assess the feasibility of applying three criminological theories to the IS security context. Rather than focusing on why people become criminals, these theories entitled routine activity theory, environmental criminology and the rational choice perspective, focus on the criminal act.

Drawing on an account of the Barings Bank collapse, events highlighted in the case study are used to assess whether concepts central to the theories are supported by the data.

Analysis indicates support for the concepts central to environmental criminology and the rational choice perspective. While case study evidence supports two of the concepts advanced by routine activity theory, as a whole the theory is found wanting, as the “guardianship” and “handled offender” concepts appear to lack the necessary sophistication to theoretically accommodate and explain supervisory and control failings cited in the case study.

While future research could encompass continued application of the theories to further assess their suitability for the IS domain, consideration could also be given to the application of the preventive tools and methods which have been developed in tandem with the three criminological approaches. Another stream of future research may involve the application of the theories in conjunction with existing security practices.

Greater knowledge of the offender/context dynamic may feasibly enhance existing security practices by possibly highlighting new areas for safeguard implementation.

From an IS security perspective, there is currently a lack of insight into the offender/context dynamic. The paper presents a group of criminological theories, which have previously not been considered for application in the IS context. The theories may feasibly throw light on the behaviour of offenders in the criminal context, both prior to and during commission.