Search results
1 – 10 of over 8000Past studies suggest that computer security countermeasures such as security policies, systems, and awareness programs would be effective in preventing computer abuse in…
Abstract
Past studies suggest that computer security countermeasures such as security policies, systems, and awareness programs would be effective in preventing computer abuse in organizations. They are based on the general deterrence theory, which posits that when an organization implements countermeasures that threaten abusers, its computer abuse problems would be deterred. However, computer abuse problems persist in many organizations despite these measures. This article proposes a new model of computer abuse that extends the traditional model with the social criminology theories. Focusing on computer abuse within organizations, the model explains the phenomenon through social lenses such as social bonds and social learning. The new model contributes to our theoretical body of knowledge on computer abuse by providing a new angle for approaching the problem. It suggests to practitioners that both technical and social solutions should be implemented to reduce the pervasive computer abuse problems.
Details
Keywords
Richard Baskerville, Eun Hee Park and Jongwoo Kim
The purpose of this paper is to develop and evaluate an integrated computer abuse model that incorporates both organizational abuse settings and the psychological processes of the…
Abstract
Purpose
The purpose of this paper is to develop and evaluate an integrated computer abuse model that incorporates both organizational abuse settings and the psychological processes of the abuser.
Design/methodology/approach
The paper developed an emote opportunity (EO) model through a comprehensive literature review and conducted a case study to evaluate the explanatory and prescriptive usefulness of the model.
Findings
The EO model helps explain the interaction between organization-centric factors and individual-centric factors. It also helps explain how potential computer abusers elicit an emotion process component that ultimately contributes to computer abuse behaviors. The model connects both organizational external regulation processes and individual internal regulation processes to emote process components of potential abusers.
Research limitations/implications
The study considers only organizational computing resources as the target of computer abuse. The model is evaluated by historical data from a computer abuse case. Future research with contemporary empirical data would further evaluate these findings. Organizations should be aware of the opportunities they create for abuse and the emotional state-of-mind of potential abusers within organizations.
Practical implications
Organizations should take a holistic approach that incorporates personal emotions and organizational abuse opportunity settings to prevent computer abuse.
Originality/value
A multilevel, integrated EO model incorporating organizational environment and individual emotion processes provides an elaborated and holistic understanding of computer abuse. The model helps organizations consider the emotional state-of-mind of abusers as well as their organizational situation.
Details
Keywords
Vic Kamay and Tony Adams
Analyses some of the 497 cases of computer abuse recorded by theAustralian Computer Abuse Research Bureau, since its inception in 1978.Features include perpetrators and the law…
Abstract
Analyses some of the 497 cases of computer abuse recorded by the Australian Computer Abuse Research Bureau, since its inception in 1978. Features include perpetrators and the law, and computer abuse by industry.
Details
Keywords
One of the main aims of information systems security (ISS) is toprevent unauthorized access to and tampering with information systemsresources. In April 1993 the first ever…
Abstract
One of the main aims of information systems security (ISS) is to prevent unauthorized access to and tampering with information systems resources. In April 1993 the first ever computer crime legislation came into existence in Hong Kong. Issues relating to computer fraud, hacking, and other types of threats to ISS are addressed by the legislation. As a legislative tool used in the control of computer crime, the Hong Kong experience is worth examining because it is the first major effort of this kind in the important and fast growing Far East region. In critically examining this legislation and its implications on ISS management, contributes towards a better understanding of the regulatory control of computer crime and its policy implications. Makes comparisons with countries which have a longer history of computer crime control.
Details
Keywords
Eileen M. Decker, Matthew Morin and Eric M. Rosner
This chapter explores the laws and unique challenges associated with the investigation and prosecution of cybercrime. Crimes that involve the misuse of computers (e.g., hacking…
Abstract
This chapter explores the laws and unique challenges associated with the investigation and prosecution of cybercrime. Crimes that involve the misuse of computers (e.g., hacking, denial of service, and ransomware attacks) and criminal activity that uses computers to commit the act are both covered (e.g., fraud, theft, and money laundering). This chapter also describes the roles of the various federal agencies involved in investigating cybercrime, common cybercrime terms and trends, the statutes frequently used to prosecute cybercrimes, and the challenges and complexity of investigating cybercrime.
Details
Keywords
Debasish Banerjee, Thomas W. Jones and Timothy Paul Cronan
The area of computer abuse and professional ethics in computing is of interest to companies as well as ethics researchers. Expands the research in ethical behaviour of information…
Abstract
The area of computer abuse and professional ethics in computing is of interest to companies as well as ethics researchers. Expands the research in ethical behaviour of information system employees. Identifies empirically a few demographic variables that are associated with the ethical behaviour of information system (IS) personnel and raises a few issues for IS managers. In addition, indicates that the existing models of ethical behaviour, when used in the computing context, need to be suitably modified by including demographic variables.
Details
Keywords
Charles B. Foltz, Timothy Paul Cronan and Thomas W. Jones
This paper aims to examine the effectiveness of computer usage policies in university settings.
Abstract
Purpose
This paper aims to examine the effectiveness of computer usage policies in university settings.
Design/methodology/approach
Students enrolled in business courses at three midwestern universities were divided, by class, into control and experimental groups. All subjects were asked to complete a survey regarding their awareness of university computer usage policies, consequences of misuse, and methods of policy distribution. The experimental group was exposed to sample computer usage policies. Two weeks later, all subjects were asked to complete the same survey again.
Findings
Results suggest that most students have not read their university computer usage policies. However, the presence of a computer usage policy does influence students who have read those policies, but a single exposure is insufficient to influence all subjects.
Research limitations/implications
The sample is limited to students from three universities.
Practical implications
Written policy statements alone cannot serve as a cornerstone of security; multiple factors must be used to communicate the content of the deterrents.
Originality/value
This study notes that the existence of computer usage policies within a university (or organization) does not ensure that all users are familiar with the content of those policies and the penalties imposed for their violation. Providing a copy of computer usage policies to students (or employees) and verbally highlighting major points are not sufficient exposure to eliminate indifference about computer misuse.
Details
Keywords
A recent study of 50 Australian information systems developmentenvironments highlights a continuing lack of corporate security measuresby Australian business organizations…
Abstract
A recent study of 50 Australian information systems development environments highlights a continuing lack of corporate security measures by Australian business organizations. Project managers and developers are battling the rising surge of computer‐related crime with little support from their corporate management. This has occurred in spite of refinements in software development and the subsequent constraints on access to these systems at a working plane. Outlines, for corporate management, the results regarding lack of corporate commitment to the security of information systems in Australia and recommends actions to rectify the current predicament.
Details
Keywords
Dieter Fink and Daniel C. Duffy
User identifiers/passwords are an integral part of the first lineof defence of a computer system. Ideally, each user should have a uniquelogon assigned to him or her but because…
Abstract
User identifiers/passwords are an integral part of the first line of defence of a computer system. Ideally, each user should have a unique logon assigned to him or her but because of work demands, the practice of sharing logons in user groups is now emerging. A study of security officers in a large Australian organization examined the security awareness of these officers and the reasons for, and current management practices of, shared logons. It was found that work flow efficiency was more important than access control and that policies for user group access control are urgently needed.
Details
Keywords
Bowen Guan and Carol Hsu
The purpose of this paper is to investigate the association between abusive supervision and employees' information security policy (ISP) noncompliance intention, building on…
Abstract
Purpose
The purpose of this paper is to investigate the association between abusive supervision and employees' information security policy (ISP) noncompliance intention, building on affective commitment, normative commitment and continuance commitment. The study also examines the moderating effect of perceived certainty and severity of sanctions on the relationship between the three dimensions of organizational commitment and ISP noncompliance intention.
Design/methodology/approach
Survey methodology was used for data collection through a well-designed online questionnaire. Data was analyzed using the structural equation model with Amos v. 22.0 software.
Findings
This study demonstrates that abusive supervision has a significant, negative impact on affective, normative and continuance commitment, and the three dimensions of organizational commitment are negatively associated with employees' ISP noncompliance intention. Results also indicate that the moderating effect of perceived severity of sanctions is significant, and perceived certainty of sanctions plays a positive moderating role in the relationship between affective commitment and employees' ISP noncompliance intention.
Practical implications
Findings of this research are beneficial for organizational management in the relationships between supervisors and employees. These results provide significant evidence that avoiding abusive supervision is important in controlling employees' ISP noncompliance behavior.
Originality/value
This research fills an important gap in examining employees' ISP noncompliance intentions from the perspective of abusive supervision and the impact of affective, normative and continuance commitment on ISP noncompliance. The study is also of great value for information systems research to examine the moderating role of perceived certainty and severity of sanctions.
Details