Employee computer crime represents a substantial threat for organisations. Yet information security researchers and practitioners currently lack a clear understanding of how these crimes are perpetrated, which, as a consequence, hinders security efforts. We argue that recent developments in criminology can assist in addressing the insider threat. More specifically, we demonstrate how an approach, entitled Situational Crime Prevention, can not only enhance an understanding of employee computer crime, but also strengthen security practices which are designed to address this problem.
Introduction: Information security has become increasingly important for organisations, given their dependence on ICT. Not surprisingly, therefore, the external threats posed by hackers and viruses have received extensive coverage in the mass-media. Yet numerous security surveys also point to the ‘insider’ threat of employee computer crime. In 2006, for example, the Global Security Survey by Deloitte reports that 28% of respondent organizations encountered considerable internal computer fraud [5]. Although this number may not appear high, the impact of crime perpetrated by insiders can be profound.
Author: Robert Willison,Mikko Siponen
Source: Copenhagen Business School
Download URL 2: Visit Now