An integrative model of computer abuse based on social control and general deterrence theories

In spite of continuous organizational efforts and investments, computer abuse shows no sign of decline. According to social control theory (SCT), "organizational trust" can help prevent it by enhancing insiders' involvement in computer abuse. The aim of our study was to develop a new integrative model for analyzing computer abuse through assessing the role of Self Defense Intention (SDI) and Induction Control Intention (ICI). The results show that deterrence factors influence SDI and organizational factors significantly affect ICI and ICI decreases insiders' abuse. Interestingly, SDI negatively affects both insiders' and invaders' abuses.

[1]  Rik Farrow,et al.  Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace , 2000 .

[2]  Barbara J. Costello,et al.  TESTING CONTROL THEORY AND DIFFERENTIAL ASSOCIATION: A REANALYSIS OF THE RICHMOND YOUTH PROJECT DATA* , 1999 .

[3]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[4]  Garry Dinnie The Second Annual Global Information Security Survey , 1999, Inf. Manag. Comput. Secur..

[5]  J. Cacioppo,et al.  Attitude and Attitude Change , 1981 .

[6]  R. J. Boik Contrasts and Effect Sizes in Behavioral Research: A Correlational Approach , 2001 .

[7]  Sally S. Simpson,et al.  Informal Sanction Threats and Corporate Crime: Additive Versus Multiplicative Models , 1995 .

[8]  Jianyi Lin,et al.  Computer crime and security survey , 2002 .

[9]  P. Bentler,et al.  Comparative fit indexes in structural models. , 1990, Psychological bulletin.

[10]  G. Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[11]  Detmar W. Straub,et al.  Security concerns of system users: A study of perceptions of the adequacy of security , 1991, Inf. Manag..

[12]  David Thompson,et al.  1997 Computer Crime and Security Survey , 1998, Inf. Manag. Comput. Secur..

[13]  Charles Cresson Wood Effective information security management , 1991 .

[14]  R. Matsueda Testing control theory and differential association: A causal modeling approach. , 1982 .

[15]  R. Power CSI/FBI computer crime and security survey , 2001 .

[16]  A. Giddens The Constitution of Society , 1985 .

[17]  Fred D. Davis A technology acceptance model for empirically testing new end-user information systems : theory and results , 1985 .

[18]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[19]  I. Ajzen,et al.  Understanding Attitudes and Predicting Social Behavior , 1980 .

[20]  M. Holmes,et al.  Male and Female Delinquents' Attachments and Effects of Attachments on Severity of Self-Reported Delinquency , 1999 .

[21]  Detmar W. Straub,et al.  Structural Equation Modeling and Regression: Guidelines for Research Practice , 2000, Commun. Assoc. Inf. Syst..

[22]  Fiona Fui-Hoon Nah,et al.  An Integrated Model on Computer Abuse: A Pilot Study , 2001 .

[23]  Judith S. Olson,et al.  i2i trust in e-commerce , 2000, CACM.

[24]  M. Conner,et al.  The Theory of Planned Behaviour , 2004 .

[25]  Alexander Hars,et al.  Web Based Knowledge Infrastructures for the Sciences: An Adaptive Document , 2000, Commun. Assoc. Inf. Syst..

[26]  E. Shils The Constitution Of Society , 1982 .

[27]  Paul Mazerolle,et al.  General Strain Theory and Delinquency: A Replication and Extension , 1994 .

[28]  Susan H. Nycum,et al.  Computer crime , 1984, CACM.

[29]  Y. Braunstein,et al.  Information management , 1996 .

[30]  John Braithwaite,et al.  The Dialectics of Corporate Deterrence , 1994 .

[31]  Gina J. Medsker,et al.  A Review of Current Practices for Evaluating Causal Models in Organizational Behavior and Human Resources Management Research , 1994 .

[32]  Detmar W. Straub,et al.  Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[33]  Robert J. Sampson,et al.  Crime in the Making: Pathways and Turning Points Through Life. , 1994 .

[34]  Robert Agnew,et al.  AN EMPIRICAL TEST OF GENERAL STRAIN THEORY , 1992 .

[35]  Delbert S. Elliott,et al.  Explaining Delinquency and Drug Use , 1985 .

[36]  Robert Agnew,et al.  A Longitudinal Test of Social Control Theory and Delinquency , 1991 .

[37]  J. Ellis Blanton,et al.  Computer infectors: Prevention, detection, and recovery , 1992, Inf. Manag..

[38]  R. Bagozzi An Examination Of The Validity Of Two Models Of Attitude. , 1981, Multivariate behavioral research.

[39]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[40]  M. Browne,et al.  Alternative Ways of Assessing Model Fit , 1992 .

[41]  Fred D. Davis,et al.  User Acceptance of Computer Technology: A Comparison of Two Theoretical Models , 1989 .

[42]  Gurpreet Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[43]  Robert Agnew,et al.  Why Do They Do it? An Examination of the Intervening Mechanisms between “Social Control” Variables and Delinquency , 1993 .

[44]  T. Hirschi Causes of Delinquency. , 1970, British medical journal.

[45]  I. Ajzen The theory of planned behavior , 1991 .

[46]  R. Agnew Foundation for a General Strain Theory of Crime and Delinquency , 1992, Crime, Inequality and the State.

[47]  Donn B. Parker,et al.  Fighting computer crime - a new framework for protecting information , 1998 .

[48]  R. Agnew Testing the Leading Crime Theories: An Alternative Strategy Focusing on Motivational Processes , 1995 .

[49]  H W Jordan,et al.  On crime and punishment. , 1990, Journal of the National Medical Association.

[50]  Rossouw von Solms,et al.  Information security management: why standards are important , 1999, Inf. Manag. Comput. Secur..

[51]  Karl G. Jöreskog,et al.  Model Search With TETRAD II and LISREL , 1990 .

[52]  James L. Schaub,et al.  The Ultimate Computer Security Survey , 1995 .

[53]  Detmar W. Straub,et al.  An Investigation into the Use and Usefulness of Security so Tware in Detecting Computer Abuse , 1988, ICIS.

[54]  Marvin D. Krohn,et al.  Social Control and Delinquent Behavior: An Examination of the Elements of the Social Bond , 1980 .

[55]  Sebastiaan H. von Solms,et al.  Information Security Management: A Hierarchical Framework for Various Approaches , 2000, Comput. Secur..

[56]  Karl G. Jöreskog,et al.  Lisrel 8: Structural Equation Modeling With the Simplis Command Language , 1993 .

[57]  Dennis Longley,et al.  Information security management and modelling , 1999, Inf. Manag. Comput. Secur..

[58]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[59]  Gary E. Reed,et al.  ORGANIZATIONAL OFFENDING AND NEOCLASSICAL CRIMINOLOGY: CHALLENGING THE REACH OF A GENERAL THEORY OF CRIME* , 1996 .

[60]  R. Paternoster,et al.  The deterrent effect of the perceived certainty and severity of punishment: A review of the evidence and issues , 1987 .

[61]  Boas Shamir,et al.  Security-related behavior of PC users in organizations , 1991, Inf. Manag..

[62]  이훈,et al.  지각된 유용성(Perceived Usefulness)의 영향분석 , 2004 .

[63]  Kieran Mathieson,et al.  Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behavior , 1991, Inf. Syst. Res..

[64]  Patrick R. Gartin,et al.  Specifying Specific Deterrence: The Influence of Arrest on Future Criminal Activity , 1989 .

[65]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[66]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[67]  Jozée Lapierre,et al.  Value Strategy Rather Than Quality Strategy: A Case of Business-to-Business Professional Services , 1999 .

[68]  Thomas J. Bernard Control Criticisms of Strain Theories: An Assessment of Theoretical and Empirical Adequacy , 1984 .