Understanding the perpetration of employee computer crime in the organisational context

Willison, Robert

doi:10.1016/j.infoandorg.2006.08.001

Cited by 88 publications

(67 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…But the greatest threat of all is the insider threat -the organizational member who is a 'trusted agent' inside the firewall (Im & Baskerville, 2005;Stanton et al, 2005;Willison, 2006;Willison & Backhouse, 2006). This employee or other constituent with a valid username and password regularly interacts with the information assets of the organization.…”

mentioning

confidence: 99%

Behavioral and policy issues in information systems security: the insider threat

Warkentin

Willison

2009

European Journal of Information Systems

Self Cite

284

130

View full text Add to dashboard Cite

mentioning

confidence: 99%

Behavioral and policy issues in information systems security: the insider threat

Warkentin

Willison

2009

European Journal of Information Systems

Self Cite

284

130

View full text Add to dashboard Cite

“…However, any security system to protect the integrity of information and data in a telework environment is effective only to the extent that teleworkers follow security guidelines and protocols (Boss & Kirsch, 2007;Pahnila, Siponen, & Mahmood, 2007;Siponen, 2005;Willison, 2006).…”

Section: Empirical Research In Information Security and Assurancementioning

confidence: 99%

Examination of the Factors that Influence Teleworkers' Willingness to Comply with Information Security Guidelines

Godlove

2012

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

With the increased use of teleworkers, it is important to understand how teleworker attitudes are related to willingness to accept and follow guidelines that maintain data security in the telework environment. The objective of the study was to evaluate the application of the theory of planned behavior and the idea of subjective norms as a means of explaining teleworker compliance in using information technology (IT) security guidelines in a telework environment. A sample of 150 respondents who considered themselves formal and informal teleworkers and were eligible for membership in The Telework Exchange completed a Teleworker Security Survey. Descriptive and linear regression analyses were used to determine relationships existing between willingness to follow organizational teleworker data information security guidelines and practices. The findings of the analyses demonstrated that Personal Attitude, Social Pressure, and Sense of Control represented a weak to moderate model for explaining teleworker willingness to follow an organization's security guidelines. This study is significant to organizations with teleworkers by identifying insight on the risks of teleworkers to data security, knowledge about what they can do to protect the confidentiality and integrity of data, and the intent of teleworkers to follow security protocols in a telework environment.

show abstract

“…To assist in their development the use of what is termed a 'universal script' has been proposed. 2,8,9 In essence, this form of script provides a framework that helps to distinguish between the script's stages and, subsequently, the corresponding criminal actions. Table 2 displays the universal script framework, and an illustrative example of computer crime.…”

Section: Applying Situational Crime Prevention To Information Securitymentioning

confidence: 99%

Overcoming the insider

Willison

Siponen

2009

Commun. ACM

Self Cite

View full text Add to dashboard Cite

Information security has become increasingly important for organizations, given their dependence on ICT. Not surprisingly, therefore, the external threats posed by hackers and viruses have received extensive coverage in the mass media. Yet numerous security surveys also point to the 'insider' threat of employee computer crime. In 2006, for example, the Global Security Survey by Deloitte reports that 28% of respondent organizations encountered considerable internal computer fraud. This figure may not appear high, but the impact of crime perpetrated by insiders can be profound. Donn Parker argues that 'cyber-criminals' should be considered in terms of their criminal attributes, which include skills, knowledge, resources, access and motives (SKRAM). It is as a consequence of such attributes, acquired within the organization, that employers can pose a major threat. Hence, employees use skills gained through their legitimate work duties for illegitimate gain. A knowledge of security vulnerabilities can be exploited, utilising resources and access are provided by companies. It may even be the case that the motive is created by the organization in the form of employee disgruntlement. These criminal attributes aid offenders in the pursuit of their criminal acts, which in the extreme can bring down an organization. In the main, companies have addressed the insider threat through a workforce, which is made aware of its information security responsibilities and acts accordingly. Thus, security policies and complementary education and awareness programmes are now commonplace for organizations. That said, little progress has been made in understanding the insider threat from an offender's perspective. As organizations attempt to grapple with the behavior of dishonest employees, criminology potentially offers a body of knowledge for addressing this problem. It is suggested that Situational Crime Prevention (SCP), a relative newcomer to criminology, can help enhance initiatives aimed at addressing the insider threat. In this article, we discuss how recent criminological developments that focus on the criminal act, represent a departure from traditional criminology, which examines the causes of criminality. As part of these recent developments we discuss SCP. After defining this approach, we illustrate how it can inform and enhance information security practices. In recent years, a number of criminologists have criticised their discipline for assuming that the task of explaining the causes of criminality is the same as explaining the criminal act. Simply to explain how people develop a criminal disposition is only half the equation. What is also required is an explanation of how crimes are perpetrated. Criminological approaches, which focus on the criminal act, would appear to offer more to information security practitioners than their dispositional counterparts. Accordingly, the SCP approach can offer additional tools for practitioners in their fight against insider computer crime.

show abstract

Understanding the perpetration of employee computer crime in the organisational context

Cited by 88 publications

References 39 publications

Behavioral and policy issues in information systems security: the insider threat

Behavioral and policy issues in information systems security: the insider threat

Examination of the Factors that Influence Teleworkers' Willingness to Comply with Information Security Guidelines

Overcoming the insider

Contact Info

Product

Resources

About