Journal of the Association for Information Systems


Prior information security studies have largely focused on understanding employee security behavior from a policy compliance perspective. We contend that there is a pressing need to develop a comprehensive understanding of the circumstances that lead to employee commitment of deliberate and malicious acts against organizational digital assets. Drawing on routine activity theory (RAT), we seek to establish a comprehensive model of employee-committed malicious computer abuse (MCA) by investigating the motivations of the offenders, the suitability of the desired targets, and the effect of security guardianship in organizational settings. Specifically, we delineate the effects of the individual characteristics of self-control, hacking self-efficacy, and moral beliefs, as well as the organizational aspects of deterrence based on the routine activity framework of crime. We tested this research model using research participants holding a wide range of corporate positions and possessing varying degrees of computer skills. Our findings offer fresh insights on insider security threats, identify new directions for future research, and provide managers with prescriptive guidance for formulating effective security policies and management programs for preventing MCA in organizations.





When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.