Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse

Author:

Burns A. J.1ORCID,Roberts Tom L.2ORCID,Posey Clay3ORCID,Lowry Paul Benjamin4ORCID,Fuller Bryan5ORCID

Affiliation:

1. Stephenson Department of Entrepreneurship and Information Systems, E. J. Ourso College of Business, Louisiana State University, Baton Rouge, Louisiana 70803;

2. Soules College of Business, The University of Texas at Tyler, Tyler, Texas 75799;

3. Information Systems Department, Marriott School of Business, Brigham Young University, Provo, Utah 84602;

4. Business Information Technology, Pamplin College of Business, Virginia Tech, Blacksburg, Virginia 24061;

5. Department of Management, Louisiana Tech University, Ruston, Louisiana 71272

Abstract

Reports indicate that employees are willing to share sensitive information under certain circumstances, and one-third to half of security breaches are tied to insiders. These statistics reveal that organizational security efforts, which most often rely on deterrence-based sanctions to address the insider threats to information security, are insufficient. Thus, insiders’ computer abuse (ICA)—unauthorized and deliberate misuse of organizational information resources by organizational insiders—remains a significant issue for industry. We present a motive–control theory of ICA that distinguishes among instrumental and expressive motives and internal and external controls. Specifically, we show that organizational deterrents (e.g., sanctions) do not create motives for ICA, but weaken existing motives (e.g., financial benefits). Conversely, financial benefits and psychological contract violations create motives to perform ICA, and insiders’ self-control diminishes the influence of these motives. The implications for practice are threefold: (1) organizations should make efforts to reduce psychological contract breach for employees by increasing the congruence between expectations and reality to reduce expressive motives for ICA; (2) organizations should seek maintain personnel with adequate self-control to diminish the impact of harmful ICA motives should they arise; and (3) organizations should develop targeted sanctions for committing ICA to control the harmful influence of financial motives.

Publisher

Institute for Operations Research and the Management Sciences (INFORMS)

Subject

Library and Information Sciences,Information Systems and Management,Computer Networks and Communications,Information Systems,Management Information Systems

Cited by 17 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3