Understanding the offender/environment dynamic for computer crimes: assessing the feasibility of applying criminological theory to the IS security context

There is currently a paucity of literature focusing on the relationship between the actual actions of staff members, who perpetrate some form of computer abuse, and the organisational environment in which such actions take place. A greater understanding of such a relationship may complement existing security practices by possibly highlighting new areas for safeguard implementation. In addition, if insights are afforded into the actions of dishonest staff, prior to the actual perpetration of a crime, then organisations may be able to expand their preventive scope, rather than relying solely on technical safeguards to stop the actual commission of some form of computer abuse. To help facilitate a greater understanding of the offender/environment dynamic, this paper assesses the feasibility of applying criminological theory to the IS security context. More specifically, three theories are advanced, which focus on the offender's behaviour in a criminal setting. After opening with a description of the theories, the paper provides an account of the Barings Bank collapse. Events highlighted in the case study are used to assess whether concepts central to the theories are supported by the data. The paper concludes by summarising the major findings and discussing future research possibilities.

[1]  T. Hirschi Causes of Delinquency. , 1970, British medical journal.

[2]  R. Clarke Situational Crime Prevention , 1995, Crime and Justice.

[3]  Stephen Fay The collapse of Barings , 1996 .

[4]  Dennis C. Duffala Convenience Stores, Armed Robbery, and Physical Environmental Features , 1976 .

[5]  R. Willison,et al.  Opportunities for computer abuse : assessing a crime specific approach in the case of Barings Bank , 2002 .

[6]  R. Clarke,et al.  Modeling Offenders' Decisions: A Framework for Research and Policy , 1985, Crime and Justice.

[7]  Robert Willison,et al.  Understanding the perpetration of employee computer crime in the organisational context , 2006, Inf. Organ..

[8]  Lawrence E. Cohen,et al.  Social Change and Crime Rate Trends: A Routine Activity Approach , 1979 .

[9]  Robert Willison,et al.  Reducing Computer Fraud Through Situational Crime Prevention , 2000, SEC.

[10]  Henk Sol,et al.  Proceedings of the 54th Hawaii International Conference on System Sciences , 1997, HICSS 2015.

[11]  S. M. McCune,et al.  American Behavioral Scientist , 1977 .

[12]  Robert Willison,et al.  Understanding the offender/environment dynamic for computer crimes , 2005, Inf. Technol. People.

[13]  R. Clarke Situational Crime Prevention: Successful Case Studies , 1992 .

[14]  J. Backhouse,et al.  Opportunities for computer abuse: Considering systems risk from the offender's perspective , 2005 .

[15]  Robert Willison,et al.  Considering the Offender: Addressing the Procedural Stages of Computer Crime in an Organisational Context , 2005 .

[16]  D. Cornish THE PROCEDURAL ANALYSIS OF OFFENDING AND ITS RELEVANCE FOR SITUATIONAL PREVENTION , 1994 .

[17]  R. Willison Understanding and Addressing Criminal Opportunity: The Application of Situational Crime Prevention to IS Security , 2000 .

[18]  M. Lynn Hawaii International Conference on System Sciences , 1996 .