article

Free access

Deterring internal information systems misuse

Authors:

John D'Arcy,

Anat HovavAuthors Info & Claims

Communications of the ACM, Volume 50, Issue 10

Pages 113 - 117

https://doi.org/10.1145/1290958.1290971

Published: 01 October 2007 Publication History

All formats PDF

Abstract

Deterring employee intentions to misuse computer systems requires complementary technical and procedural controls.

References

[1]

Galletta, D. and Polak, P. An empirical investigation of antecedents of Internet abuse in the workplace. In Proceedings of the Second Annual Workshop on HCI Research in MIS (Seattle, Dec. 12--13, 2003), 47--51.

Google Scholar

[2]

Gordon, L., Loeb, M., Lucyshyn, W., and Richardson. R. 2006 CSI/FBI Computer Crime and Security Survey. Computer Security Institute, San Francisco, CA; www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml.

Google Scholar

[3]

Hays, R., Hayashi, T., and Stewart, A. A five-item measure of socially desirable response set. Educational and Psychology Measurement 49, 3 (1989), 629--637.

Crossref

Google Scholar

[4]

InformationWeek. U.S. Information Security Research Report. InformationWeek (Aug. 29, 2005); www.informationweek.com/reports/showReport.jhtml?articleID=170100861.

Google Scholar

[5]

Lee, J. and Lee, Y. A holistic model of computer abuse within organizations. Information Management & Computer Security 10, 2 (2002), 57--63.

Google Scholar

[6]

Lee, S.M., Lee, S.-G., and Yoo, S. An integrative model of computer abuse based on social control and general deterrence theories. Information and Management 41, 6 (2004), 707--718.

Digital Library

Google Scholar

[7]

Parker, D. Fighting Computer Crime. John Wiley & Sons, New York, 1998.

Digital Library

Google Scholar

[8]

Standage, T. The weakest link. The Economist (Oct. 26, 2002), 11--14.

Google Scholar

[9]

Stanton, J., Stam, K., Mastrangelo, P., and Jolton, J. An analysis of end-user security behaviors. Computers & Security 24, 2 (2005), 124--133.

Crossref

Google Scholar

[10]

Straub, D. and Welke, R. Coping with systems risk: Security planning models for management decision making. MIS Quarterly 22, 4 (Dec. 1998), 441--469.

Digital Library

Google Scholar

[11]

Straub, D. Effective IS security: An empirical study. Information Systems Research 1, 3 (1990), 255--276.

Digital Library

Google Scholar

[12]

Wiant, T. Policy and Its Impact on Medical Record Security. Unpublished doctoral dissertation, University of Kentucky, 2003.

Digital Library

Google Scholar

Cited By

View all

Johnston AGoel SWilliams K(2024)From cyber benign to cyber malicious: unveiling the evolution of insider cyber maliciousness from a stage theory perspectiveEuropean Journal of Information Systems10.1080/0960085X.2024.2413072(1-19)Online publication date: 7-Oct-2024
https://doi.org/10.1080/0960085X.2024.2413072
Yazdanmehr AJawad MBenbunan-Fich RWang J(2024)The role of ethical climates in employee information security policy violationsDecision Support Systems10.1016/j.dss.2023.114086177(114086)Online publication date: Feb-2024
https://doi.org/10.1016/j.dss.2023.114086
Niemimaa M(2024)Incorrect compliance and correct noncompliance with information security policies: A framework of rule-related information security behaviourComputers & Security10.1016/j.cose.2024.103986145(103986)Online publication date: Oct-2024
https://doi.org/10.1016/j.cose.2024.103986
Show More Cited By

Index Terms

Deterring internal information systems misuse

Recommendations

Computer Misuse: Response, Regulation and the Law
Computer misuse and the law

In parallel with increases in computer use for all kinds of functions in business and commerce, there has been an increase in computer crime. While the Law Commission's recent working paper on computer misuse addressed several important issues, it came ...
Computer misuse and misconduct in public office
CRIME AND CRIMINAL JUSTICE

A number of recent prosecutions against police officers for misuse of confidential material are considered. They show that the Crown Prosecution Service is relying in more serious cases on the offence of misconduct in public office rather than ...

Reviews

Reviewer: Gordon B. Davis

An important objective of organizations is to deter or prevent employee misuse of information technology (IT) resources. The authors surveyed 579 employees from eight organizations. They presented five scenarios of IT misuse that offered potential benefit to an employee and asked respondents to rate the likelihood that they would misuse the system. They also asked about their awareness of four types of security measures to prevent or detect misuse: security policies, security awareness programs, computer monitoring, and preventive security software. The results were interesting. The respondents seemed to be influenced more by security policies and security awareness programs than by technical practices, such as computer monitoring and security software. The results suggest the importance of preventing misuse with security policies and security awareness procedures. Technical solutions were important, but were perceived to be less effective when there was not strong evidence of a commitment to security. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Communications of the ACM Volume 50, Issue 10

October 2007

109 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1290958

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2007

Published in CACM Volume 50, Issue 10

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

77
Total Citations
View Citations
2,280
Total Downloads

Downloads (Last 12 months)201
Downloads (Last 6 weeks)29

Reflects downloads up to 17 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Johnston AGoel SWilliams K(2024)From cyber benign to cyber malicious: unveiling the evolution of insider cyber maliciousness from a stage theory perspectiveEuropean Journal of Information Systems10.1080/0960085X.2024.2413072(1-19)Online publication date: 7-Oct-2024
https://doi.org/10.1080/0960085X.2024.2413072
Yazdanmehr AJawad MBenbunan-Fich RWang J(2024)The role of ethical climates in employee information security policy violationsDecision Support Systems10.1016/j.dss.2023.114086177(114086)Online publication date: Feb-2024
https://doi.org/10.1016/j.dss.2023.114086
Niemimaa M(2024)Incorrect compliance and correct noncompliance with information security policies: A framework of rule-related information security behaviourComputers & Security10.1016/j.cose.2024.103986145(103986)Online publication date: Oct-2024
https://doi.org/10.1016/j.cose.2024.103986
Möller DHaas R(2024)Cybersecurity Needs and Benefits: The Four Rings ModelProceedings of International Conference on Information Technology and Applications10.1007/978-981-99-8324-7_39(461-471)Online publication date: 18-Mar-2024
https://doi.org/10.1007/978-981-99-8324-7_39
Burns ARoberts TPosey CLowry PFuller B(2023)Going Beyond DeterrenceInformation Systems Research10.1287/isre.2022.113334:1(342-362)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1287/isre.2022.1133
Möller DVakilzadian H(2023)Cybersecurity Awareness Training: A Use Case Model2023 IEEE International Conference on Electro Information Technology (eIT)10.1109/eIT57321.2023.10187349(242-247)Online publication date: 18-May-2023
https://doi.org/10.1109/eIT57321.2023.10187349
Shojaifar AFricker S(2023)Design and evaluation of a self-paced cybersecurity toolInformation & Computer Security10.1108/ICS-09-2021-014531:2(244-262)Online publication date: 26-Apr-2023
https://doi.org/10.1108/ICS-09-2021-0145
Posey CShoss M(2023)Employees as a Source of Security Issues in Times of Change and Stress: A Longitudinal Examination of Employees’ Security Violations during the COVID-19 PandemicJournal of Business and Psychology10.1007/s10869-023-09917-439:5(1027-1048)Online publication date: 28-Oct-2023
https://doi.org/10.1007/s10869-023-09917-4
Emmanuel KHamid T(2023)A Qualitative Study of the Effects of Socio—organizational Factors on the Information Security Culture of Employees in a Financial InstitutionProceedings of ICACTCE'23 — The International Conference on Advances in Communication Technology and Computer Engineering10.1007/978-3-031-37164-6_10(119-141)Online publication date: 24-Sep-2023
https://doi.org/10.1007/978-3-031-37164-6_10
Siponen MSoliman WVance A(2022)Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research DirectionsACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/3514097.351410153:1(25-60)Online publication date: 24-Jan-2022
https://dl.acm.org/doi/10.1145/3514097.3514101
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Computer Misuse: Response, Regulation and the Law

Computer misuse and the law

Computer misuse and misconduct in public office

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations