Using Accountability to Reduce Access Policy Violations in Information Systems
Journal of Management Information Systems, Vol. 29(4), pp. 263–289 (doi: 10.2753/MIS0742-1222290410)
47 Pages Posted: 11 Nov 2012 Last revised: 22 Aug 2014
Date Written: July 1, 2013
Abstract
Access policy violations by organizational insiders are a major security concern for organizations because these violations commonly result in fraud, unauthorized disclosure, theft of intellectual property, and other abuses. Given the operational demands of dynamic organizations, current approaches to curbing access policy violations are insufficient. This study presents a new approach for reducing access policy violations, introducing both the theory of accountability and the factorial survey to the IS field. We identify four system mechanisms that heighten an individual’s perception of accountability: identifiability, awareness of logging, awareness of audit, and electronic presence. These accountability mechanisms substantially reduce intentions to commit access policy violations. These results not only point to several avenues for future research on access policy violations but also suggest highly practical design-artifact solutions that can be easily implemented with minimal impact on organizational insiders.
Keywords: accountability, accountability theory, access policy violations, factorial survey method, information security, identifiability, monitoring, evaluation, awareness, social presence
Suggested Citation: Suggested Citation