Using accountability to reduce access policy violations in information systems

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

146 Scopus Citations
View graph of relations

Author(s)

  • Anthony Vance
  • Paul Benjamin Lowry
  • Dennis Eggett

Related Research Unit(s)

Detail(s)

Original languageEnglish
Pages (from-to)263-289
Journal / PublicationJournal of Management Information Systems
Volume29
Issue number4
Publication statusPublished - 1 Apr 2013

Abstract

Access policy violations by organizational insiders are a major security concern for organizations because these violations commonly result in fraud, unauthorized disclosure, theft of intellectual property, and other abuses. Given the operational demands of dynamic organizations, current approaches to curbing access policy violations are insufficient. This study presents a new approach for reducing access policy violations, introducing both the theory of accountability and the factorial survey to the information systems field. We identify four system mechanisms that heighten an individual's perception of accountability: identifiability, awareness of logging, awareness of audit, and electronic presence. These accountability mechanisms substantially reduce intentions to commit access policy violations. These results not only point to several avenues for future research on access policy violations but also suggest highly practical design-artifact solutions that can be easily implemented with minimal impact on organizational insiders. © 2013 M.E. Sharpe, Inc. All rights reserved.

Research Area(s)

  • access policy violations, accountability, accountability theory, awareness, evaluation, factorial survey method, identifiability, information security, monitoring, social presence

Citation Format(s)

Using accountability to reduce access policy violations in information systems. / Vance, Anthony; Lowry, Paul Benjamin; Eggett, Dennis.

In: Journal of Management Information Systems, Vol. 29, No. 4, 01.04.2013, p. 263-289.

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review