The Ethics Of Meaning

This dissertation develops an ethics of meaning. In the first chapter, I offer an account of meaning that comprehends its many varieties—natural, cultural, linguistic, literary, and ethical meaning, for example—by appeal to the structural role meaning plays in the practice of interpretation. In Chapter 2, I develop a distinctive account of the concept of ethical meaning (“meaning” as it’s used in the phrase “the meaning of life”). In Chapter 3, I develop a new account of irony on the basis of the comprehensive-interpretive account of meaning introduced in Chapter 1

A Critical Assessment of IS Security Research between 1990-2004

This paper reviews the IS security literature for the period 1990-2004. More specifically three security journals and the top twenty IS journals were examined. In total 1280 IS security papers were analysed in terms of theories, research methods and research topics. Our research found that 1043 of the papers contained no theory. In addition, almost 1000 of the papers were categorized as ‘subjectiveargumentative’ in terms of methodology, with field experiments, surveys, case studies and action research accounting for less that 10% (8.10%) of all the papers. Fifty nine research topics were identified with fourteen of these topics totaling 71.05% of the articles. This papers offers implications for future research directions on IS security, scholars to publish IS security research, tenure practice, and IS security classification schemas

Overcoming the insider: reducing employee crime through Situational Crime Prevention

Information security has become increasingly important for organizations, given their dependence on ICT. Not surprisingly, therefore, the external threats posed by hackers and viruses have received extensive coverage in the mass media. Yet numerous security surveys also point to the 'insider' threat of employee computer crime. In 2006, for example, the Global Security Survey by Deloitte reports that 28% of respondent organizations encountered considerable internal computer fraud. This figure may not appear high, but the impact of crime perpetrated by insiders can be profound. Donn Parker argues that 'cyber-criminals' should be considered in terms of their criminal attributes, which include skills, knowledge, resources, access and motives (SKRAM). It is as a consequence of such attributes, acquired within the organization, that employers can pose a major threat. Hence, employees use skills gained through their legitimate work duties for illegitimate gain. A knowledge of security vulnerabilities can be exploited, utilising resources and access are provided by companies. It may even be the case that the motive is created by the organization in the form of employee disgruntlement. These criminal attributes aid offenders in the pursuit of their criminal acts, which in the extreme can bring down an organization. In the main, companies have addressed the insider threat through a workforce, which is made aware of its information security responsibilities and acts accordingly. Thus, security policies and complementary education and awareness programmes are now commonplace for organizations. That said, little progress has been made in understanding the insider threat from an offender's perspective. As organizations attempt to grapple with the behavior of dishonest employees, criminology potentially offers a body of knowledge for addressing this problem. It is suggested that Situational Crime Prevention (SCP), a relative newcomer to criminology, can help enhance initiatives aimed at addressing the insider threat. In this article, we discuss how recent criminological developments that focus on the criminal act, represent a departure from traditional criminology, which examines the causes of criminality. As part of these recent developments we discuss SCP. After defining this approach, we illustrate how it can inform and enhance information security practices. In recent years, a number of criminologists have criticised their discipline for assuming that the task of explaining the causes of criminality is the same as explaining the criminal act. Simply to explain how people develop a criminal disposition is only half the equation. What is also required is an explanation of how crimes are perpetrated. Criminological approaches, which focus on the criminal act, would appear to offer more to information security practitioners than their dispositional counterparts. Accordingly, the SCP approach can offer additional tools for practitioners in their fight against insider computer crime

Understanding the Offender/Environment Dynamic for Computer Crimes

There is currently a paucity of literature focusing on the relationship between the actions of staff members, who perpetrate some form of computer abuse, and the organisational environment in which such actions take place. A greater understanding of such a relationship may complement existing security practices by possibly highlighting new areas for safeguard implementation. To help facilitate a greater understanding of the offender/environment dynamic, this paper assesses the feasibility of applying criminological theory to the IS security context. More specifically, three theories are advanced, which focus on the offender’s behaviour in a criminal setting. Drawing on an account of the Barings Bank collapse, events highlighted in the case study are used to assess whether concepts central to the theories are supported by the data. It is noted that while one of the theories is to be found wanting in terms of conceptual sophistication, the case can be made for the further exploration of applying all three in the IS security context

Understanding and Addressing Workplace Disgruntlement through the Application of Organisational Justice

Within the IS security field, employee computer crime has received increased attention. Indeed, a number of researchers have focused their attention on the behaviour of the ‘insider’, both prior to and during the perpetration. Despite this, there is currently an absence of academic insight into the problem of workplace disgruntlement and how this may motivate employee computer crime. To address this deficiency, this paper draws on a body of knowledge called ‘organisational justice’, which examines how perceptions of fairness are formed. Under this umbrella term are four constructs which relate to different organisational phenomena and influence employees’ fairness perceptions. It is believed that these constructs, entitled distributive, procedural, interactional and informational justice, and the theories which underpin them, can not only assist in understanding, but also in mitigating disgruntlement. To illustrate this, a case of employee computer sabotage is analysed, highlighting which forms of organisational justice occurred, and how they could have been addressed. The discussion section notes how mitigating disgruntlement provides a new area for safeguard implementation, with the final part of the paper discussing the conclusions and potential for future research

Understanding the Perpetration of Employee Computer Crime in the Organisational Context

While hackers and viruses fuel the IS security concerns for organisations, the problems posed by employee computer crime should not be underestimated. Indeed, a growing number of IS security researchers have turned their attention to the ‘insider’ threat. However, to date, there has been a lack of insight into the relationship between the actual behaviour of offenders during the perpetration of computer crime, and the organisational context in which the behaviour takes place. To address this deficiency, this paper advances two criminological theories, which it is argued can be used to examine the stages an offender must go through in order for a crime to be committed. In addition, this paper illustrates how the two theories, entitled the Rational Choice Perspective and Situational Crime Prevention, can be applied to the IS domain, thereby offering a theoretical basis on which to analyse the offender/context relationship during the perpetration of computer crime. By so doing, practitioners may use these insights to inform and enhance the selection of safeguards in a bid to improve prevention programmes

Addressing the Procedural Stages of Computer Crime in an Organisational Context

IS security represents a growing concern for organisations. Although hackers and viruses are often the basis of such concerns, the inside threat of employee computer crime should not be underestimated. From an academic perspective, there are a modest but growing number of texts which examine the ‘insider’ problem. While attention has been given to the influence on offender actions through deterrent safeguards, there has been a lack of insight into the interactive relationship between offender choices made during the actual perpetration of computer crimes, and the context in which such crimes take place. Knowledge of this relationship would be of obvious interest to practitioners who would aim to manipulate the environment and influence offender choices accordingly. To address this oversight, this paper, therefore, advances two criminological theories which it is argued can be used to examine the stages an offender must go through in order for a crime to be committed i.e. the ‘procedural stages’ of computer crime. Hence, this paper illustrates how the two theories, entitled the rational choice perspective and situational crime prevention, can be applied to the IS domain, thereby offering a theoretical basis on which to analyse offender choices/behaviour during perpetration. Through such an analysis greater insights may be offered into selecting appropriate safeguards to prevent computer crime

A Tale of Two Deterrents: Considering the Role of Absolute and Restrictive Deterrence to Inspire New Directions in Behavioral and Organizational Security Research

This research-perspective article reviews and contributes to the literature that explains how to deter internal computer abuse (ICA), which is criminal computer behavior committed by organizational insiders. ICA accounts for a large portion of insider trading, fraud, embezzlement, the selling of trade secrets, customer privacy violations, and other criminal behaviors, all of which are highly damaging to organizations. Although ICA represents a momentous threat for organizations, and despite numerous calls to examine this behavior, the academic response has thus far been lukewarm. However, a few security researchers have examined ICA’s influence in an organizational context and addressed potential means of deterring it. However, the results of these studies have been mixed, leading to a debate on the applicability of deterrence theory (DT) to ICA. We argue that more compelling opportunities will arise in DT research if security researchers more deeply study its assumptions and more carefully recontextualize it. The purpose of this article is to advance a deterrence research agenda that is grounded in the pivotal criminological deterrence literature. Drawing on the distinction between absolute and restrictive deterrence and aligning them with rational choice theory (RCT), this paper shows how deterrence can be used to mitigate the participation in and frequency of ICA. We thus propose that future research on the deterrent effects of ICA should be anchored in a more general RCT, rather than in examinations of deterrence as an isolated construct. We then explain how adopting RCT with DT opens up new avenues of research. Consequently, we propose three areas for future research, which cover not only the implications for the study of ICA deterrence, but also the potential motivations for these types of offenses and the skills required to undertake them

Opportunities for computer abuse: Assessing a crime specific approach in the case of Barings Bank.

Within the field of IS security little has been written on the subject of criminal opportunity. More precisely, little has been written on what exactly constitutes an opportunity, and the relationship between employees, who may might act as potential offenders, and the IS context in which such opportunities may be afforded. The purpose of this study is to assess the feasibility of a model known as the 'crime specific opportunity structure', which, as the name suggests maps out those elements which are thought to form an opportunity. Drawing on a number of criminological theories, the model considers the role of potential offenders in a work place setting by viewing them as rational decision-makers, who assess their environment, and possible opportunities, in cost-benefit terms. Furthermore, the model takes a crime-specific approach as each type of crime is made up of a unique mix of elements. Ignoring the idiosyncratic nature of specific crimes severely reduces an understanding of each type of crime, and further hinders effective prevention programmes. An ethnographic account of the collapse of a financial institution is used to assess the feasibility of the model

A Critical assesment of IS Security Research Between 1990-2004

This paper reviews the IS security literature for the period 1990-2004. More specifically three security journals and the top twenty IS journals were examined. In total 1280 papers were analysed in terms of theories, research methods and research topics. Our research found that 1043 of the papers contained no theory. In addition, almost 1000 of the papers were categorized as ‘subjective-argumentative’ in terms of methodology, with field experiments, surveys, case studies and action research accounting for less that 10% (8.10%) of all the papers. Fifty nine research topics were identified with fourteen of these topics totaling 71.05% of the articles. This papers offers implications for future research directions on IS security, scholars to publish IS security research, tenure practice, and IS security classification schemas