Using Accountability to Reduce Access Policy Violations in Information Systems

Journal of Management Information Systems, Vol. 29(4), pp. 263–289 (doi: 10.2753/MIS0742-1222290410)

47 Pages Posted: 11 Nov 2012 Last revised: 22 Aug 2014

See all articles by Anthony Vance

Anthony Vance

Brigham Young University - Department of Information Systems

Paul Benjamin Lowry

Virginia Polytechnic Institute & State University - Pamplin College of Business

Dennis L. Eggett

Brigham Young University - Center for Statistical Consultation and Collaborative Research

Date Written: July 1, 2013

Abstract

Access policy violations by organizational insiders are a major security concern for organizations because these violations commonly result in fraud, unauthorized disclosure, theft of intellectual property, and other abuses. Given the operational demands of dynamic organizations, current approaches to curbing access policy violations are insufficient. This study presents a new approach for reducing access policy violations, introducing both the theory of accountability and the factorial survey to the IS field. We identify four system mechanisms that heighten an individual’s perception of accountability: identifiability, awareness of logging, awareness of audit, and electronic presence. These accountability mechanisms substantially reduce intentions to commit access policy violations. These results not only point to several avenues for future research on access policy violations but also suggest highly practical design-artifact solutions that can be easily implemented with minimal impact on organizational insiders.

Keywords: accountability, accountability theory, access policy violations, factorial survey method, information security, identifiability, monitoring, evaluation, awareness, social presence

Suggested Citation

Vance, Anthony and Lowry, Paul Benjamin and Eggett, Dennis L., Using Accountability to Reduce Access Policy Violations in Information Systems (July 1, 2013). Journal of Management Information Systems, Vol. 29(4), pp. 263–289 (doi: 10.2753/MIS0742-1222290410). Available at SSRN: https://ssrn.com/abstract=2173671

Anthony Vance

Brigham Young University - Department of Information Systems ( email )

510 Tanner Building
Marriott School
Provo, UT 84602
United States

Paul Benjamin Lowry (Contact Author)

Virginia Polytechnic Institute & State University - Pamplin College of Business ( email )

1016 Pamplin Hall
Blacksburg, VA 24061
United States

Dennis L. Eggett

Brigham Young University - Center for Statistical Consultation and Collaborative Research ( email )

Register to save articles to
your library

Register

Paper statistics

Downloads
196
rank
148,257
Abstract Views
1,088
PlumX Metrics