Pluralistic Ignorance in the Personal Use of the Internet and System Monitoring

Previous research suggests that computer security countermeasures would be effective in preventing computer abuse in organizations. However, computer abuse problems still persist despite these efforts. This study proposes a new model of computer abuse that explains a causal link between abusive behavior and a psychological state toward this behavior, drawn on the theory of pluralistic ignorance. Pluralistic ignorance is a form of erroneous social interference that is both an immediate cause and a consequence of literal inconsistency between private attitudes and public behavior. Under pluralistic ignorance, mistakenly perceived social norms overwhelm personal attitudes and subsequently lead to overt behavior contrary to an actor’s attitude. This new model contributes to the theoretical body of knowledge on computer abuse by providing a new angle for approaching the problem. In addition, it suggests to practitioners that social solutions should be considered, along with technical countermeasures, to reduce the pervasive computer abuse problems

Computer Abuse: The Emerging Crime and the Need for Legislation

Advancements in computerization and the growing use of computers in business, government, education, and the private sector has resulted in the expanding potential for criminal infiltration. The problems of computer crime are in great part attributable to the shortcomings of our criminal laws, which were written long before there was knowledge of computer crimes. Moreover, there is a reluctance of our legal establishments to adapt to the new technology\u27s potential harm. This Note urges that new federal legislation be passed as a means to counteract future computer crimes

Legal Problems of Computer Abuse

Computer abuse consists of incidents caused by intentional acts from which a perpetrator realized or could have realized a gain and/or a victim suffered or could have suffered a loss. In this Article, Susan Hubbell Nycum discusses a wide variety of criminal acts relating to computers and notes that, because of the unique nature of the computer itself, these acts do not fit within traditional criminal classifications. Reform at both the state and federal levels is necessary if the law is to provide adequate protection for computer hardware and software users. The accelerating, almost uncontrolled increase in computer use affects the court system as well. The material presented herein is based on a multi-year study supported in part by the National Science Foundation. The study now includes an analysis of over 500 reported incidents of computer abuse

Taking It Out on IT: A Mechanistic Model of Abusive Supervision and Computer Abuse

One salient issue in organizational information security is computer abuse. Drawing on the management literature, we identify abusive supervision as a potential factor that affects the latter. As such, this paper proposes a model that formulates why subordinates commit computer abuse in response to abusive supervision. The model focuses on the mechanism of displacing aggression in retaliating against the organization. Drawing upon neutralization and deterrence theories and grounded in appraisal theory, the model offers several propositions. Most notably, the model identifies an interplay among the relevant appraisals, the emotion of anger, neutralization, deterrence and computer abuse. The model also incorporates two conditional moderators, including supervisor’s organization embodiment and controllability. The specific propositions and implications are discussed

AN INVESTIGATION INTO THE USE AND USEFULNESS OF SECURITY SO TWARE IN DETECTING COMPUTER ABUSE

Computer security remains an important issue in the management of organizational information systems. Losses resulting from computer abuse and errors are substantial, and IS managers continue to cite security and control as a key management issue. With continued expansion of clistributed data processing and storage, the need to both prevent and detect violations also increases. This latter aspect, detection of computer abuse incidents, is the focus of this study. This empirical study examines the prevalence and sophistication of security software system installations across the United States. Using a victimization survey of 528 randomly-selected DPMA members, the study examines discovered incidents of computer abuse in organizations and attempts to identify relationships between comprehensive (i.e., sophisticated) security software and successful discovery of abuse. More comprehensive security software was found to be associated with greater ability to identify perpetrators of abuse and to discover more serious computer abuse incidents. Larger organizations used both a greater number and more sophisticated security software systems than smaller organizations. Wholesale/retail trade organizations used less comprehensive software than average, while manufacturing organizations and public utilities used more comprehensive software. Surprisingly, no relationships were found between the maturity of an organization\u27s security function and the number and/or sophistication of security software systems utilized

How Explanation Adequacy of Security Policy Changes Decreases Organizational Computer Abuse

We use Fairness Theory to help explain why sometimes security policy sometimes backfire and increase security violations. Explanation adequacy—a key component of Fairness Theory—is expected to increase employees’ trust in their organization. This trust should decrease internal computer abuse incidents following the implementation of security changes. The results of our analysis provide support for Fairness Theory as applied to our context of computer abuse. First, the simple act of giving employees advance notification for future information security changes positively influences employees’ perceptions of organizational communication efforts. The adequacy of these explanations is also buoyed by SETA programs. Second, explanation adequacy and SETA programs work in unison to foster organizational trust. Finally, organizational trust significantly decreases internal computer abuse incidents. Our findings show how organizational communication can influence the overall effectiveness of information security changes among employees and how organizations can avoid becoming victim to their own efforts