article

Discovering and disciplining computer abuse in organizations: a field study

Authors:

Detmar W. Straub, Jr.,

William D. NanceAuthors Info & Claims

MIS Quarterly, Volume 14, Issue 1

Pages 45 - 60

https://doi.org/10.2307/249307

Published: 01 March 1990 Publication History

Abstract

As information systems (IS) managers and computer security administrators attempt to address what may be a serious and persistent problem of computer abuse in organizations, two important aspects must be considered: discovery of abuse incidents and discipline of perpetrators. This field study examines how IS managers address these two activities.Data for the study were gathered using victimization surveys of 1,063 randomly selected members of the DPMA (Data Processing Management Association). Results of the study suggest that purposeful detection of abuse incidents is used less than other methods of discovering abuse. Furthermore, the results show that certain perpetrators are able to hide their identities and abusive activities. Based on these results, the study conclusions present a model that shows how security efforts should be managed in terms of security effort allocations and disciplinary actions.

References

[1]

ABA. "Report on Computer Crime," pamphlet prepared by the Task Force on Computer Crime, American Bar Association, Section on Criminal Justice, 1800 M Street, Washington. D.C. 20036, 1984.

[2]

AICPA. "Report on the Study of EDP-Related Fraud in the Banking and Insurance Industries," pamphlet from the American Institute of Certified Public Accountants, 1211 Avenue of the Americas, New York, NY, 1984.

[3]

AICPA. "The Auditor's Responsibility to Detect and Report Errors and Irregularities," Statement on Auditing Standards #53, American Institute of Certified Public Accountants, 1988.

[4]

August, R.S. "Turning the Computer into a Criminal," Barrister, Fall 1983, p. 13ff.

[5]

Bequai, A. "A Security Checklist," Computerworld , December 23, 1985, p. 33.

[6]

Chaum, D. "Security without Identification: Transaction Systems to Make Big Brother Obsolete," Communications of the ACM (28:10), October 1985, pp. 1030-1044.

Digital Library

[7]

Clyde, A.R. "Insider Threat on Automated Information Systems," 4th Insider Threat Identification System Conference. Bethesda, MA, August 1987.

[8]

Colton, K.W., Tien, J.M., Tvedt, S., Dunn. B. and Barnett, A.I. "Electronic Fund Transfer Systems and Crime," U.S. Department of Justice, Bureau of Justice Statistics, Washington, D.C., 1982.

[9]

Data Processing Auditing Report. "Who Is a Computer-Fraud-Prone Employee?" July 1986, pp. 6-7.

[10]

Eagleson, D. "Of Sticky Wickets, Tricky Digits," Systems User, July 1986, p. 6ff.

[11]

Ernst & Whinney. "The 1989 Computer Abuse Survey: A Report," pamphlet, Ernst & Young, 2000 National City Center, Cleveland, OH 44114, 1989.

[12]

Goldstein, B. "Investigating Computer Crime," Computer Crime Digest, February 1984, pp. 8-10.

[13]

Hoffer, J.A. and Straub, D.W. "The 9 to 5 Underground: Are You Policing Computer Crimes?" Sloan Management Review, Summer 1989, pp. 35-43.

[14]

Kling, R. "Computer Abuse and Computer Crime as Organizational Activities," Computer Law Journal (2:2), 1980, pp. 186-196.

[15]

Kusserow, R.P. "Computer-Related Fraud and Abuse in Government Agencies," unpublished paper, U.S. Dept. of Health and Human Services, Washington, D.C., 1983.

[16]

LaPlante, A. "Computer Fraud Threat Increasing, Study Says," Infoworld (18), May 1987, p. 47.

[17]

Lee, J.A., Segal, G. and Steier, R. "Positive Alternatives: A Report on the ACM Panel on Hacking," Communications of the ACM (29:4), April 1986, pp. 297-299.

Digital Library

[18]

Leinfuss, E. "Computer Crime: How Deep Does It Go," MIS Week, February 10, 1986, p. 41.

[19]

Local Government Audit Inspectorate. "Computer Fraud Survey," unpublished paper, sponsored by the Department of the Environment, Great Britain, 1981.

[20]

Makley, W.K. "Computer Security's Worst Enemy: Management Apathy," The Office (105:3), March 1987, pp. 115-116.

[21]

Maude, T. and Maude, D. "Hardware Protection Against Software Piracy," Communications of the ACM (27:9), September 1984, pp. 950-959.

Digital Library

[22]

Parker, D.B., Crime by Computer, Scribner's, New York, NY, 1976.

[23]

Parker, D.B. Computer Security Management, Reston, Reston, VA, 1981.

[24]

Parker, D.B. Fighting Computer Crime, Scribner's, New York, NY, 1983.

[25]

Perry, W.E. "Security Problems are People Problems," Government Computer News, March 27, 1987a, pp. 27-28.

[26]

Perry, W.E. "An Introduction to EDP Auditing," Auerbach Data Security Management, 82-03-30, July-August 1987b.

[27]

Research Institute of America. "Safeguarding Your Business against Theft and Vandalism," Computer Crime Digest, November 1983, p. 5.

[28]

Sherizen, S. "Shortcomings of Computer Crime Law," Computerworld, November 25, 1985, p. 17.

[29]

Solarz, A. "Computer-Related Embezzlement," Computers & Security (6:1); February 1987, pp. 49-53.

Digital Library

[30]

Spafford, E. "Crisis and Aftermath," Communications of the ACM (32:6), June 1989, pp. 678-687.

Digital Library

[31]

Straub, D.W. "Computer Abuse and Computer Security: Update on an Empirical Study," Security, Audit, and Control Review (4:2), ACM Special Interest Group journal, Spring 1986a, pp. 21-31.

[32]

Straub, D.W. Deterring Computer Abuse: the Effectiveness of Deterrent Countermeasures in the Computer Security Environment, unpublished dissertation, Indiana University School of Business, Bloomington, IN, 1986b.

[33]

Straub, D.W. "Validating Instruments in MIS ResearCh," MIS Quarterly (13:2), June 1989, pp. 147-167.

Digital Library

[34]

Straub, D.W. and Hoffer, J.A. "Computer Abuse and Computer Security Administration: A Study of Contemporary Information Security Methods," IRMIS Working Paper #W801, Indiana University School of Business, Bloomington, IN, 1988.

[35]

Warfel, G.H. "Identification Technology," Auerbach Data Security Management, 84-01-10, July-August 1986.

[36]

Webster, W.H. "Technology Transfer, Industrial Espionage and Computer Crime: The Problems We Are Facing," Computer Crime Digest, January 1985, pp. 1-5.

[37]

Wood, C.C. "Information Systems Security: Management Success Factors," Computers & Security (4:6), August 1987, pp. 314-320.

Digital Library

Cited By

Jiang HSiponen MJiang ZTsohou A(2024)The Impacts of Internet Monitoring on Employees’ Cyberloafing and Organizational Citizenship BehaviorInformation Systems Research10.1287/isre.2020.021635:3(1175-1194)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1287/isre.2020.0216
Burns ARoberts TPosey CLowry PFuller B(2023)Going Beyond DeterrenceInformation Systems Research10.1287/isre.2022.113334:1(342-362)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1287/isre.2022.1133
Zafar H(2022)Detecting and Rectifying the Non-Malicious Insider Threat in a Healthcare SettingInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.31576613:1(1-20)Online publication date: 30-Dec-2022
https://dl.acm.org/doi/10.4018/IJSSSP.315766
Show More Cited By

Index Terms

Discovering and disciplining computer abuse in organizations: a field study

Recommendations

Image-based sexual abuse: The extent, nature, and predictors of perpetration in a community sample of Australian residents
Abstract
Image-based sexual abuse (IBSA) involves three key behaviors: the non-consensual taking or creation of nude or sexual images; the non-consensual sharing or distribution of nude or sexual images; and threats made to distribute nude or ...
Highlights
- 1 in 10 (11.1%) of Australians aged 16–49 years surveyed, engaged in Image-Based Sexual Abuse (IBSA) perpetration.
A Correlational Study on Parental Rigidity and Physical Child Abuse
Cyber dating abuse in adolescents: Myths of romantic love, sexting practices and bullying
Abstract
Cyber dating abuse (CDA) is a growing problem with serious consequences for adolescents, hence the importance of understanding its relationship to other variables for developing more effective prevention strategies. The current study aimed first ...
Highlights
- Boys show more bullying, sexting, and myths of romantic love than girls.
- Results support the direct effect of sexting engagement on cyber dating abuse.
- Myths of romantic love have mediational effects on cyber dating abuse.
- ...

Comments

Information & Contributors

Information

Published In

cover image MIS Quarterly

MIS Quarterly Volume 14, Issue 1

March 1990

110 pages

ISSN:0276-7783

Editor:
James C. Emery
Univ. of of Pennsylvania, Philadelphia

Issue’s Table of Contents

Publisher

Society for Information Management and The Management Information Systems Research Center

United States

Publication History

Published: 01 March 1990

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

58
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jiang HSiponen MJiang ZTsohou A(2024)The Impacts of Internet Monitoring on Employees’ Cyberloafing and Organizational Citizenship BehaviorInformation Systems Research10.1287/isre.2020.021635:3(1175-1194)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1287/isre.2020.0216
Burns ARoberts TPosey CLowry PFuller B(2023)Going Beyond DeterrenceInformation Systems Research10.1287/isre.2022.113334:1(342-362)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1287/isre.2022.1133
Zafar H(2022)Detecting and Rectifying the Non-Malicious Insider Threat in a Healthcare SettingInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.31576613:1(1-20)Online publication date: 30-Dec-2022
https://dl.acm.org/doi/10.4018/IJSSSP.315766
Dey DGhoshal ALahiri A(2022)Circumventing CircumventionManagement Science10.1287/mnsc.2021.402768:4(2914-2931)Online publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1287/mnsc.2021.4027
Siponen MSoliman WVance A(2022)Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research DirectionsACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/3514097.351410153:1(25-60)Online publication date: 24-Jan-2022
https://dl.acm.org/doi/10.1145/3514097.3514101
Akande ATran V(2022)A Theoretical Foundation for Explaining and Predicting the Effectiveness of a Bring Your Own Device Program in OrganizationsSN Computer Science10.1007/s42979-022-01272-03:5Online publication date: 14-Jul-2022
https://dl.acm.org/doi/10.1007/s42979-022-01272-0
Wall JPalvia PD’Arcy J(2022)Theorizing the Behavioral Effects of Control Complementarity in Security Control PortfoliosInformation Systems Frontiers10.1007/s10796-021-10113-z24:2(637-658)Online publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1007/s10796-021-10113-z
Burns APosey CRoberts T(2021)Insiders’ Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral ComplexityInformation Systems Frontiers10.1007/s10796-019-09951-923:2(343-360)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s10796-019-09951-9
(2018)Information security model using decision tree for Jordanian public sectorInternational Journal of Electronic Security and Digital Forensics10.1504/IJESDF.2018.09301310:3(228-241)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJESDF.2018.093013
Wall JSingh R(2018)The Organization Man and the InnovatorACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/3210530.321053649:SI(67-80)Online publication date: 25-Apr-2018
https://dl.acm.org/doi/10.1145/3210530.3210536
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents