Asia pacific journal of information systems

The Korea Society of Management Information Systems (한국경영정보학회)
권호 표지

An Integrated Computer Security Model Based on the General Trust Theory

신뢰성이론을 바탕으로 한 통합 컴퓨터 보안 모형에 관한 연구

  • Published : 2002.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

For the last two decades, there has been much research on computer abuse from the perspective of the general deterrence theory based on objectism, which covers security policy, security awareness programs, and physical security system. The traditional view offered by the general deterrence theory indicates that security policy, security awareness, and security system play a major role in preventing computer abuse. In spite of continuous organizational efforts and investments based on these systematic factors, the incidence of computer abuse in organizations is still rapidly increasing. This paper proposes another perspective-the social control theory based on subjectism-in preventing computer abuse. According to the social control theory, organizational trust, which comprises organizational attachment, commitment, involvement and norms, can prevent computer abuse by reducing insider's computer abuse. The aim of this article is to assess the role of organizational trust come from attachment, commitment, involvement, norms in preventing computer abuse. The results indicate that both organizational trust and deterrent factors are effective in preventing computer abuse.

Keywords

References

  1. Agnew, R., 'A Longitudinal Test of Social Control Theory and Delinquency,' Journal of Research in Crime and Delinquency, Vol. 28, No.2, May 1991, pp. 126-156 https://doi.org/10.1177/0022427891028002002
  2. Agnew, R., 'Foundation for a Social Con-trol Theory of Crime and Delinquency,' Criminology, Vol. 30, No.1, 1992, pp. 47-87 https://doi.org/10.1111/j.1745-9125.1992.tb01093.x
  3. Agnew, R., 'Why Do They Do It? An Examination of The Intervening Mecha-nisms between Social Control Variables and Delinquency,' Journal of Research in Crime and Delinquency, Vol. 30, No. 3, August 1993, pp. 245-266 https://doi.org/10.1177/0022427893030003001
  4. Agnew, R., 'Testing The Leading Crime Theories: An Alternative Strategy Focus-ing on Motivational Process,' Journal of Research in Crime and Delinquency, Vol. 32, No.4, November 1995, pp. 363-398 https://doi.org/10.1177/0022427895032004001
  5. Agnew, R., and White H.R., 'An Empi-rical Test of Social Control Theory,' Journal of Research in Crime and Delinquency, Vol. 30, No. 4, 1992, pp. 475-498
  6. Anderson, B., M.D. Homes, M.D., and Os-tresh, E., 'Male and Female Delinquent's Attachment and Effects of Attachments on Severity of Self-Reported Delinquency,' Crime Justice and Behavior, Vol.26, No. 4, Dec. 1999, pp. 435-452 https://doi.org/10.1177/0093854899026004002
  7. Andress, M., and Fonseca, B., 'Manage People to Protect Data,' InfoWorld.com, Nov. 2000
  8. Bagozzi, R, P., 'An Examination of the Validity of Two Models of Attitude,' Mul-tivariate Behavioral Research, Vol. 16, 1992, pp. 323-359
  9. Beccaria, C., On Crime and Punishments, Indianapolis, IN, Bobbs Merril, 1963
  10. Bernard, T.J., 'Control Criticism of Strain Theory: An Assessment of Theoretical and Empirical Adequacy,' Journal of Research in Crime and Delinquency, Vol. 21, 1984, pp. 353-372 https://doi.org/10.1177/0022427884021004005
  11. BreidenbachInformationweek, S., 'How Se-cure Are You?' Informationweek, August, 2000, pp. 71-78
  12. Cole, S., 'The Growth of Scientific Knowl-edge: Theories of Deviance as a Case Study,' In Lewis A. Caser (ed.), The Idea of Social Structure: Papers in Honor of Robert K. Merton, Harcourt Brace, NY, Javanovich, 1975
  13. Computer Security Institute, Issues and Trends: 1999 CSI/FBI Computer Crime and Security Survey, March 1999
  14. Costello, B.J., and Vowell, P.R., 'Testing Control Theory and Differential Associa-tion: A Reanalysis of the Richmond Youth Project Data,' Criminology, Vol. 37, No. 4, 1999, pp. 815-840 https://doi.org/10.1111/j.1745-9125.1999.tb00506.x
  15. Crockett,J., 'EmployeeAwareness: A Good Bet for Better Security,' Consulting- Speci-fying Engineer, 1998, pp. 20-21
  16. Davis F.D., 'A Technology Acceptance Model for Empirically Testing New Enduser Information Systems: Theory and Results,' Doctoral dissertation, MIT Sloan School of Management, Cambridge, MA, 1986
  17. Davis F.D., 'Perceived Usefulness, Per-ceived Ease of Use and User Acceptance of Information Technology,' MIS Quar-terly, Vol. 13, No. 3, September 1989, pp. 319-339
  18. Davis F.D., Bagozzi, R.P., and Warshaw, P.R., 'User Acceptance of Computer Tech-nology: A Comparison of Two Theoretical Models,' Management Science, Vol. 35, No. 8, August 1989, pp. 982-1003 https://doi.org/10.1287/mnsc.35.8.982
  19. Dhillon, G., and Backhouse, J., 'Informa-tion System Security Management in the New Millenniem,' Communications of ACM, Vol. 43, No. 7, July 2000, pp. 125-128 https://doi.org/10.1145/341852.341877
  20. Dinnie, G., 'The Second Annual Global Information Security Survey,' Information Management & Computer Security, Vol.7, No. 3, 1999, pp. 112-120
  21. Elis L., and Simpson, S.S., 'Informal Sanc-tion Threats and Corporate Crime: Ad-ditive Versus Multiplicative Models,' Journal of Research in Crime and Delinquency, Vol. 32, No. 4, Nov. 1995, pp. 399-424 https://doi.org/10.1177/0022427895032004002
  22. EIoff, M.M., and von Solms, S.H., 'Infor-mation Security Management: A Hierar-chical Framework for Various for Ap-proaches,' Computer and Security, Vol. 19, No. 3, 2000, pp. 243-256 https://doi.org/10.1016/S0167-4048(00)88613-7
  23. Elliott, D.S., Huizinga, D., and Ageton, S., Explaining Delinquency and Drug Use, BeverlyHill, CA, Sage, 1985
  24. Ernst and Young, Executive Guide to Internet Security, Information Systems Assurance and Advisory Services, 2000
  25. Gefen, D., Straub, D., and Boudreau, M., 'Structural Equation Model and Regres-sion: Guideline for Research Practice,' Communication of AIS, Vol. 4 Article 7, 2000, pp.
  26. Hirschi, T., Causes of Delinquency, Univer-sity of California Press, Berkeley, CA, 1969
  27. Hoffer, J.A., and Straub, D.W., 'The 9 to 5 Underground: Are You Policing Com-puter Crimes?' Sloan Management Review, Vol. 30, No. 4, Summer 1989, pp. 35-44
  28. Hsaio, .K., k., Kerr, D., and Madnick, S., Computer Security, Academic Press, New York, 1979
  29. Jenkins, P.H., 'School Delinquency and The School Social Bond,' Journal of Research in Crime and Delinquency, Vol. 34, No. 3, August 1997, pp. 337-367 https://doi.org/10.1177/0022427897034003003
  30. Jensen, G.F., 'Dis-Integrated theory: A Cri-tical Analysis of Attempts to Save Strain Theory,' Proceedings of the American Society of Criminology, Atlanta, GA, 1986
  31. Jreskog, K.G., and Srbom, D., New Features in PRELIS 2, Chicago: Scientific Software, 1993a
  32. Jreskog, K.G. and Srbom, D., New Features in PRELIS 8, Chicago: Scientific Software, 1993b
  33. Jreskog, K.G., and Srbom, D., LISREL 8: Structural Equation Modeling with the SIM-PLIS Command Language, Chicago: Scientific Software, 1993c
  34. Krohn, M., and Massey, J., 'Social Control and Delinquent Behavior: An Examination of the Elements of the Social Bonds,' Vol. 21, 1980, pp. 529-543 https://doi.org/10.1111/j.1533-8525.1980.tb00634.x
  35. Krohn, M., 'Control and Deterrence The-ories of Crime,' in Criminology: A contemporary Hand book, edited by Joseph F. Sheley, Belmont, CA, Wadsworth, 1995, pp. 329-347
  36. Kwok, L.F., and Longly, D., 'Information Security Management and Modeling,' In-formation Management & Computer Security, Vol. 7, No. 1, 1999, pp. 30-39 https://doi.org/10.1108/09685229910255179
  37. Lapierre, J., Filiatrault, P., and Chebet, J., 'Value Strategy rather than Quality Stra-tegy: A Case of Business to Business Pro-fessional Service,' Journal of Business Re-search, Vol. 45, 1999, pp. 235-246
  38. Mathieson, K., 'Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Be-havior,' Information System Research, Vol. 2, No. 3, 1991. pp. 173-191 https://doi.org/10.1287/isre.2.3.173
  39. Matsueda, R.L., 'Testing Control Theory and Differential Association: A Casual Modeling Approach,' American Sociolog-ical Review, Vol. 47, 1982, pp. 489-504 https://doi.org/10.2307/2095194
  40. McCollum, T., 'Computer Crime,' Nation's Business, Nov. 1997, pp. 18-26
  41. Nance, W.D., and Straub, D.W., 'An Investigation into the Use and Usefulness of Security Software in Detecting Computer Abuse,' Proceedings of the 9th International Conference on Information Systems (ICIS), Minneapolis, MN, Dec. 1988, pp. 283-294
  42. Olson, J.S., and Olson, G.M., 'I2i trust in e-commerce,' Communications of ACM, Vol. 43, No. 12, Dec. 2000, p. 41
  43. Orlikowski, W., and Robey, D., 'Information Technology and the Structuring of Organizations,' Information Systems Research, Vol. 2, No. 2, 1991, pp. 143-169 https://doi.org/10.1287/isre.2.2.143
  44. Orlikowski, W., 'The Duality of Technol-ogy: Rethinking the Concept of Technol-ogy in Organizations,' Organization Science, Vol. 3, No. 3, 1992, pp. 398-427 https://doi.org/10.1287/orsc.3.3.398
  45. Parker, D.B., Computer Security management, Reston, VA, 1981
  46. Parker, D.B., Fighting Computer Crime - A New Framework for Protecting Information, John Wiley & Sons, New York, 1998
  47. Paternoster, R.L., 'The Deterrent Effect of the Perceived Certainty and Severity of Punishment: A Review of the Evidence and Issues,' Justice Quarterly, 1987, pp. 173-217
  48. Paternoster, R.L., and MazerolIe, P., 'The Social control Theory and Delinquency: a Replication and Extension,' Journal of Research in Crime and Delinquency, Vol. 31, No.3, August 1994, pp. 235-263 https://doi.org/10.1177/0022427894031003001
  49. Pedhazur, E.J., Multiple Regression in Be-havior Research: Explanation and Prediction, 3rd Edition, Harcourt Brace College Pub-lishers, Fort Worth, TX, 1997
  50. Power, R., Tangled Web: table of Digital Crime from the Shadows of Cyberspace, Que/Manmillan publishing, New York, August 2000
  51. Reed, G.E., and Rountree, P.W., 'Susceptibility to Peer Pressure and Adolescent Alcohol Use,' Proceedings of the American Society of Criminology, Miami, FL, 1994
  52. Reed, G.E., and Yeager, P.C., 'Organizational Offending and Neoclassical Crimi-nology: Challenging the Reach of a Ge-neral Theory of Crime,' Criminology, Vol. 34, 1996, pp. 357-382 https://doi.org/10.1111/j.1745-9125.1996.tb01211.x
  53. Rosnow, R.L. and Rosenthal, R., Beginning of Behavioral Research, 3rd edition, 1996
  54. Sampson, R.J., and Laub, J.H., Crime in the Making: Pathways and Turning Points Through Life, Cambridge, Mass.: Harvard Univer-sity Press, 1992
  55. Schaub, J.L., and Biery, K.D., The Ultimate Computer Security Survey, Butterworth Heine-mann, Newton, MA, 1995
  56. Shoemaker, J.F., The Theories of Delinquency, Oxford University Press, UK, 1990
  57. Siponen, M., 'A Conceptual Foundation for organizational Information security a-wareness,' Information Management & Computer Security, Vol. 8, No. 1, 2000, pp. 31-41 https://doi.org/10.1108/09685220010371394
  58. Smith, D.A., and Garton, P.R., 'Specifying Specific Deterrence,' American Sociological Review, Vol. 54, 1989, pp. 94-106 https://doi.org/10.2307/2095664
  59. Solms, R.V., 'Information Security Man-agement: Why Standards are Important,' Information Management & Computer Secu-rity, Vol. 7, No. 1, 1999, pp. 50-57 https://doi.org/10.1108/09685229910255223
  60. Straub, D.W., 'Effective IS Security: An Empirical Study,' Information Systems Re-search, Vol. 1, No. 3, 1990, pp. 255-276
  61. Straub, D.W., Keil, M., and Brenner, W.,'Test-ing the Technology Acceptance Model across Cultures: a Three Country Study,' , Vol. 21, No. 1, 1997, pp. 1-11 https://doi.org/10.1016/0378-7206(91)90009-Q
  62. Straub, D.W., and Nance, W.D., 'Disco-vering and Disciplining Computer Abuse in Organizations: A Field Study,' MIS Quarterly, Vol. 14, No. 1, March 1990, pp. 45-62 https://doi.org/10.2307/249307
  63. Straub, D.W., and. Welke, R.J., 'Coping With Systems Risk: Security Planning Models for Management Decision Mak-ing,' , Vol. 22, No. 4, Dec. 1998, pp. 441-465 https://doi.org/10.2307/249551
  64. Thompson, D., '1997 Computer Crime and Security Survey,' Information Management & Computer Security, Vol. 6, No. 2, 1998, pp. 78-101 https://doi.org/10.1108/09685229810209414
  65. Wood, C.C., Effective Information Security Management, Oxford, UK, Elsevier Advanced Technology, 1991