NCJ Number
221392
Date Published
2007
Length
201 pages
Annotation
This book reports on a study that examined the effectiveness of security policies, security awareness programs, computer monitoring, and preventative security software in deterring information system (IS) misuse by insiders in an organizational setting.
Abstract
The findings suggest that security countermeasures are effective in deterring IS misuse by insiders in an organizational setting. Respondents who reported greater awareness of security policies, security awareness programs, monitoring practices, and preventative security software within their organizations perceived a greater threat of punishment for IS misuse. In turn, this was associated with lower IS misuse intentions. Consistent with the predictions of general deterrence theory, perceived certainty and severity of sanctions both had significant negative influences on IS misuse intention. This study contributes to existing research that has successfully applied general deterrence theory to the domain of IS security. This study used Straub's (1986) definition of IS misuse as "unauthorized, deliberate, and internally recognizable misuse of assets of the local organizational information system by individuals, including violations against hardware, computer programs, data, and computer service.” As is common in field studies, this study used a survey methodology for data collection. The survey questionnaire was distributed to a sample of working adults taking evening classes in two large northeastern U.S. universities during the fall 2004 and spring 2005 semesters. Out of 356 questionnaires distributed, 252 were completed and returned (71-percent response rate). The questionnaire was designed to capture respondents' intentions and perceived certainty and severity of organizational sanctions regarding various IS misuse scenarios, as well as to measure the other variables included in the research model. Tables and figures, 378 references, and appended IS misuse scenarios, survey items, data analysis, and hypotheses tests