Why Individual Employees Commit Malicious Computer Abuse: A Routine Activity Theory Perspective

Luo, Xin; Han, Lei; Hu, Qing; Xu, Heng

doi:10.17705/1jais.00646

Cited by 17 publications

(12 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mitigating security threats and safeguarding information security has become an important organizational strategic agenda. Among a variety of security threats, employees' information security policy (ISP) violation has been deemed to be a major concern to organizations (Chen et al, 2021;Luo et al, 2020;Moody et al, 2018;Siponen and Vance, 2010). Academics and practitioners have recognized the significant negative outcomes of employees' ISP violation behavior.…”

Section: Introductionmentioning

confidence: 99%

Ethical leadership and employee information security policy (ISP) violation: exploring dual-mediation paths

Xue

Luo

et al. 2021

OCJ

View full text Add to dashboard Cite

PurposeA growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS security, the security literature lacks a theoretical and empirical investigation of the relationship between ethical leadership and employees' security behavior, such as information security policy (ISP) violation. Drawing on social learning and social exchange theories, this paper empirically tests the impact of ethical leadership on employees' ISP violation intention through both information security climate (i.e. from a moral manager's perspective) and affective commitment (i.e. from a moral person's perspective).Design/methodology/approachThe research was developed based on social learning theory and social exchange theory. To measure the variables in the model, the authors used and adapted measurement items from previous studies. The authors conducted a scenario-based survey with 339 valid responses to test and validate the research model.FindingsResults indicated that information security climate fully mediates the relationship between ethical leadership and ISP violation intention. The authors also found that information security climate enhances the negative effect of affective commitment on ISP violation intention.Originality/valueThis research contributes to the literature of information security by introducing the role of ethical leadership and integrating two theories into our research model. This study also calls attention to how information security climate and affective commitment mediate the relationship between ethical leadership and employees' ISP violation intention. The theory-driven study provides important pragmatic guidance for enhancing the understanding of the importance of ethical leadership in information systems security research.

show abstract

Section: Introductionmentioning

confidence: 99%

Ethical leadership and employee information security policy (ISP) violation: exploring dual-mediation paths

Xue

Luo

et al. 2021

OCJ

View full text Add to dashboard Cite

show abstract

“…The elements of IIDTRC often involve compromise of consumers' PID and business commercial data through account identity fraud, account take-over, privacy counterfeiting and account withdrawal. Studies noted that the majority of consumers do not shop online because of their personal data security risks and lack of trust in its employees (Lyytinen & Grover, 2017;Zimmer et al, 2010), and noted that many consumers believed that retailers were primarily responsible for online transactions safety against identity theft and cyber-enabled crimes. Unfortunately, such consumers' perceptions still remain an irony.…”

Section: Historic Decades Of Increasing Incidents and Impacts Of Inte...mentioning

confidence: 99%

“…Researchers (e.g., Wakunuma & Stahl, 2014) have noted that at times, honest employees face increasing challenges of external pressure through coercion luring them to compromise their professional work ethics and commit IIDTRC. Luo et al (2020) developed a comprehensive model of employee-committed malicious computer abuse to indicate the effects of the individual characteristics of self-control, hacking self-efficacy, moral beliefs, and the effect of security guardianship in organisational settings. Their model shows how certain circumstances can lead an employee to commit a malicious their organisation.…”

Section: The Nature Of Internal Identity Theft Related Crimes In Busi...mentioning

confidence: 99%

The Application of Role-Based Framework in Preventing Internal Identity Theft Related Crimes: A Qualitative Case Study of UK Retail Companies

Okeke

Eiza

2022

Inf Syst Front

View full text Add to dashboard Cite

This paper aims to examine the challenges of preventing internal identity theft related crimes (IIDTRC) in the UK retail sector. Using an in-depth multiple case studies of a selected number of cross-functional management teams in the UK retail companies, management roles were analysed. We used semi-structured interview as a qualitative data collection technique and used Nvivo aided thematic analysis and interpretivism underpinned by Role-Based Framework (RBF) for analysis. Our findings revealed that vagueness of roles and lack of clarity in sharing data security responsibilities are the major challenges of preventing IIDTRC in UK retail companies. We suggest an application of RBF which provides a conceptual analysis for cross-functional management team to address the challenges of preventing IIDTRC. RBF enables clarity of shared roles where both information security and crimes prevention teams work in unison is required to prevent IIDTRC to maximise internal data security. Contributions for policymakers are offered in this paper.

show abstract

“…According to RAT, the occurrence of workplace crime would be leveraged under difference level of guardianship [13]. Organizations need to implement both internal guardianship and external guardianship in monitoring sales representatives.…”

Section: Introductionmentioning

confidence: 99%

Detecting Red Flag of Workplace Crime Using Mobile Data on Abnormal Usage Activities

Wang¹,

Xue²,

Liu³

et al. 2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

The purpose of this paper is to investigate how to detect the workplace crime of organizational sales representatives (e.g., sales who work with external customers) through abnormal activities that can be traced by mobile devices and applications. The guardianship capability of organizations is considered as the moderator influencing the monitoring of abnormal usage activities calculated by deep learning. In this study, we conduct event history analysis on the occurrence of workplace crime utilizing a longitudinal panel data set, which comprises 197179 weekly observations in 3 years (2017)(2018)(2019). Our finding provides evidence that the abnormal activity pattern is an effective signal for identifying workplace crimes. Furthermore, we illustrate how to design monitoring modes based on guardianship capability in order to maximize the effectiveness of mobile monitoring in reducing workplace crimes.

show abstract

Why Individual Employees Commit Malicious Computer Abuse: A Routine Activity Theory Perspective

Cited by 17 publications

References 52 publications

Ethical leadership and employee information security policy (ISP) violation: exploring dual-mediation paths

Ethical leadership and employee information security policy (ISP) violation: exploring dual-mediation paths

The Application of Role-Based Framework in Preventing Internal Identity Theft Related Crimes: A Qualitative Case Study of UK Retail Companies

Detecting Red Flag of Workplace Crime Using Mobile Data on Abnormal Usage Activities

Contact Info

Product

Resources

About