How Moral Intensity and Impulsivity Moderate the Influence of Accountability on Access Policy Violations in Information Systems
Seventh Workshop on Information Security and Privacy 2013 (WISP 2013) at the 2013 International Conference on Information Systems (ICIS 2013), Milan, Italy, December 14
8 Pages Posted: 23 Nov 2014
Date Written: December 14, 2013
Abstract
A persistent threat to the security of information systems is that of malicious insiders. These insiders, who by definition are trusted, are a major concern for organizations because of their ability to misuse access privileges, steal intellectual property, and commit fraud (Rubenstein 2008; Schmitt 2011). The recent high-profile cases of Private Manning and Edward Snowden have further raised organizations’ concerns of the insider threat (Savage 2013). Consequently, it is important to identify ways to reduce insiders’ abuse of information systems.
Previous research has shown the potential of perceived accountability within systems to reduce access policy violations, one common form of insider abuse (Vance et al. 2013). This research expands on this previous effort by showing how the constructs of moral intensity and impulsivity moderate the influence of accountability mechanisms on access policy violations. Our research question is,
RQ: How do moral intensity and impulsivity influence the effect of accountability on intentions to violate the access policy?
We conducted a field study that presented hypothetical scenarios and a simulated accountability user interface (UI) artifacts to professional users of an Oracle PeopleSoft human resource management system (HRMS) and financial management system (FMS). We anticipate that the analysis will show how the influence of impulsivity and moral intensity influence the effectiveness of these accountability UI artifacts in reducing access policy violations.
Suggested Citation: Suggested Citation