Browsing by Author "Willison, Robert"
Now showing items 1-7 of 7
-
Addressing the Procedural Stages of Computer Crime in an Organisational ContextWillison, Robert (København, 2005)[More information][Less information]
Abstract: IS security represents a growing concern for organisations. Although hackers and viruses are often the basis of such concerns, the inside threat of employee computer crime should not be underestimated. From an academic perspective, there are a modest but growing number of texts which examine the ‘insider’ problem. While attention has been given to the influence on offender actions through deterrent safeguards, there has been a lack of insight into the interactive relationship between offender choices made during the actual perpetration of computer crimes, and the context in which such crimes take place. Knowledge of this relationship would be of obvious interest to practitioners who would aim to manipulate the environment and influence offender choices accordingly. To address this oversight, this paper, therefore, advances two criminological theories which it is argued can be used to examine the stages an offender must go through in order for a crime to be committed i.e. the ‘procedural stages’ of computer crime. Hence, this paper illustrates how the two theories, entitled the rational choice perspective and situational crime prevention, can be applied to the IS domain, thereby offering a theoretical basis on which to analyse offender choices/behaviour during perpetration. Through such an analysis greater insights may be offered into selecting appropriate safeguards to prevent computer crime. URI: http://hdl.handle.net/10398/6462 Files in this item: 1
09_2005.pdf (436.8Kb) -
Willison, Robert; Siponen, Mikko (København, 2007)[More information][Less information]
Abstract: This paper reviews the IS security literature for the period 1990-2004. More specifically three security journals and the top twenty IS journals were examined. In total 1280 papers were analysed in terms of theories, research methods and research topics. Our research found that 1043 of the papers contained no theory. In addition, almost 1000 of the papers were categorized as ‘subjective-argumentative’ in terms of methodology, with field experiments, surveys, case studies and action research accounting for less that 10% (8.10%) of all the papers. Fifty nine research topics were identified with fourteen of these topics totaling 71.05% of the articles. This papers offers implications for future research directions on IS security, scholars to publish IS security research, tenure practice, and IS security classification schemas. URI: http://hdl.handle.net/10398/6505 Files in this item: 1
inf_wp_2007-001.pdf (1.305Mb) -
Understanding and Addressing Workplace Disgruntlement through the Application of Organisational JusticeWillison, Robert (, 2009)[More information][Less information]
Abstract: Within the IS security field, employee computer crime has received increased attention. Indeed, a number of researchers have focused their attention on the behaviour of the ‘insider’, both prior to and during the perpetration. Despite this, there is currently an absence of academic insight into the problem of workplace disgruntlement and how this may motivate employee computer crime. To address this deficiency, this paper draws on a body of knowledge called ‘organisational justice’, which examines how perceptions of fairness are formed. Under this umbrella term are four constructs which relate to different organisational phenomena and influence employees’ fairness perceptions. It is believed that these constructs, entitled distributive, procedural, interactional and informational justice, and the theories which underpin them, can not only assist in understanding, but also in mitigating disgruntlement. To illustrate this, a case of employee computer sabotage is analysed, highlighting which forms of organisational justice occurred, and how they could have been addressed. The discussion section notes how mitigating disgruntlement provides a new area for safeguard implementation, with the final part of the paper discussing the conclusions and potential for future research. URI: http://hdl.handle.net/10398/7759 Files in this item: 1
WP_2009_001.pdf (249.0Kb) -
Considering systems risk from the offender’s perspectiveWillison, Robert; Backhouse, James (København, 2005)[More information][Less information]
Abstract: Systems risk refers to the likelihood that an IS is inadequately guarded against certain types of damage or loss. While risks are posed by acts of God, hackers and viruses, consideration should also be given to the ‘insider’ threat of dishonest employees, intent on undertaking some form of computer abuse. Against this backdrop, a number of researchers have addressed the extent to which security managers are cognizant of the very nature of systems risk. In particular, they note how security practitioners’ knowledge of local threats, which form part of such risk, is often fragmented. This contributes to situations where risk reducing efforts are often less than effective. Security efforts are further complicated given that the task of managing systems risk requires input from a number of departments including, for example, HR, compliance, IS/IT and physical security. In a bid to complement existing research, but also offer a fresh perspective, this paper addresses systems risk from the offender’s perspective. If systems risk entails the likelihood that an IS is inadequately protected, this text considers those conditions, within the organisational context, which offer a criminal opportunity for the offender. To achieve this goal a model known as the ‘Crime Specific Opportunity Structure’ is advanced. Focussing on the opportunities for computer abuse, the model addresses the nature of such opportunities with regards to the organisational context and the threats posed by rogue employees. Drawing on a number of criminological theories, it is believed the model may help inform managers about local threats and, by so doing, enhance safeguard implementation. URI: http://hdl.handle.net/10398/6453 Files in this item: 1
10_2005.pdf (413.3Kb) -
reducing employee computer crime through Situational Crime PreventionWillison, Robert; Siponen, Mikko (København, 2006)[More information][Less information]
Abstract: Employee computer crime represents a substantial threat for organisations. Yet information security researchers and practitioners currently lack a clear understanding of how these crimes are perpetrated, which, as a consequence, hinders security efforts. We argue that recent developments in criminology can assist in addressing the insider threat. More specifically, we demonstrate how an approach, entitled Situational Crime Prevention, can not only enhance an understanding of employee computer crime, but also strengthen security practices which are designed to address this problem. URI: http://hdl.handle.net/10398/6456 Files in this item: 1
11_2006.pdf (167.9Kb) -
Willison, Robert (København, 2005)[More information][Less information]
Abstract: There is currently a paucity of literature focusing on the relationship between the actions of staff members, who perpetrate some form of computer abuse, and the organisational environment in which such actions take place. A greater understanding of such a relationship may complement existing security practices by possibly highlighting new areas for safeguard implementation. To help facilitate a greater understanding of the offender/environment dynamic, this paper assesses the feasibility of applying criminological theory to the IS security context. More specifically, three theories are advanced, which focus on the offender’s behaviour in a criminal setting. Drawing on an account of the Barings Bank collapse, events highlighted in the case study are used to assess whether concepts central to the theories are supported by the data. It is noted that while one of the theories is to be found wanting in terms of conceptual sophistication, the case can be made for the further exploration of applying all three in the IS security context. URI: http://hdl.handle.net/10398/6468 Files in this item: 1
04_2005.pdf (97.42Kb) -
Willison, Robert (København, 2006)[More information][Less information]
Abstract: While hackers and viruses fuel the IS security concerns for organisations, the problems posed by employee computer crime should not be underestimated. Indeed, a growing number of IS security researchers have turned their attention to the ‘insider’ threat. However, to date, there has been a lack of insight into the relationship between the actual behaviour of offenders during the perpetration of computer crime, and the organisational context in which the behaviour takes place. To address this deficiency, this paper advances two criminological theories, which it is argued can be used to examine the stages an offender must go through in order for a crime to be committed. In addition, this paper illustrates how the two theories, entitled the Rational Choice Perspective and Situational Crime Prevention, can be applied to the IS domain, thereby offering a theoretical basis on which to analyse the offender/context relationship during the perpetration of computer crime. By so doing, practitioners may use these insights to inform and enhance the selection of safeguards in a bid to improve prevention programmes. URI: http://hdl.handle.net/10398/6463 Files in this item: 1
wp_2006_004.pdf (429.5Kb)
Now showing items 1-7 of 7