Using Accountability to Reduce Access Policy Violations in Information Systems

被引：151

作者：

Vance, Anthony ^{[1
]}

Lowry, Paul Benjamin ^{[2
]}

Eggett, Denis ^{[3
,4
]}

机构：

[1] Brigham Young Univ, Marriott Sch Management, Provo, UT 84602 USA

[2] City Univ Hong Kong, Hong Kong, Hong Kong, Peoples R China

[3] Brigham Young Univ, Provo, UT 84602 USA

[4] Pacific NW Natl Lab, Richland, WA 99352 USA

来源：

JOURNAL OF MANAGEMENT INFORMATION SYSTEMS | 2013年 / 29卷 / 04期

关键词：

access policy violations; accountability; accountability theory; awareness; evaluation; factorial survey method; identifiability; information security; monitoring; social presence; ETHICAL DECISION-MAKING; SOCIAL PRESENCE; INTERACTIVITY MODEL; RATIONAL CHOICE; COMPUTER; COMMUNICATION; CUES; ANONYMITY; DEINDIVIDUATION; IDENTIFIABILITY;

D O I：

10.2753/MIS0742-1222290410

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Access policy violations by organizational insiders are a major security concern for organizations because these violations commonly result in fraud, unauthorized disclosure, theft of intellectual property, and other abuses. Given the operational demands of dynamic organizations, current approaches to curbing access policy violations are insufficient. This study presents a new approach for reducing access policy violations, introducing both the theory of accountability and the factorial survey to the information systems field. We identify four system mechanisms that heighten an individual's perception of accountability: identifiability, awareness of logging, awareness of audit, and electronic presence. These accountability mechanisms substantially reduce intentions to commit access policy violations. These results not only point to several avenues for future research on access policy violations but also suggest highly practical design-artifact solutions that can be easily implemented with minimal impact on organizational insiders.

引用

页码：263 / 289

页数：27

共 50 条

[41] ACCOUNTABILITY AND ACCREDITATION: PUTTING INFORMATION SYSTEMS ACCREDITATION INTO PERSPECTIVE
Reichgelt, Han
Yaverbaum, Gayle
COMMUNICATIONS OF THE ASSOCIATION FOR INFORMATION SYSTEMS, 2007, 20 : 416 - 428
[42] A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures
Seifermann, Stephan
Heinrich, Robert
Werle, Dominik
Reussner, Ralf
SECRYPT 2021: PROCEEDINGS OF THE 18TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2021, : 26 - 37
[43] Information access and retrieval with hypermedia information systems
Oliver, R
Oliver, H
BRITISH JOURNAL OF EDUCATIONAL TECHNOLOGY, 1996, 27 (01) : 33 - 44
[44] Design and inspection policy for redundant systems using information of warranty
Seo, JH
Roh, SA
ON THE CONVERGENCE OF BIO-INFORMATION-, ENVIRONMENTAL-, ENERGY-, SPACE- AND NANO-TECHNOLOGIES, PTS 1 AND 2, 2005, 277-279 : 226 - 232
[45] Pregnancy registration systems can enhance health systems, increase accountability and reduce mortality
Labrique, Alain B.
Pereira, Shreya
Christian, Parul
Murthy, Nirmala
Bartlett, Linda
Mehl, Garrett
REPRODUCTIVE HEALTH MATTERS, 2012, 20 (39) : 113 - 117
[46] Can peers help reduce violations of information security policies? The role of peer monitoring
Yazdanmehr, Adel
Wang, Jingguo
EUROPEAN JOURNAL OF INFORMATION SYSTEMS, 2023, 32 (03) : 508 - 528
[47] Accountability, Affordability, Access: A Review of the Recent Trends in Higher Education Policy Research
Conner, Thaddieus W.
Rabovsky, Thomas M.
POLICY STUDIES JOURNAL, 2011, 39 : 93 - 112
[48] Influencing State Policy: Information, Access and Timing
Jackson-Elmoore, Cynthia
AMERICAN JOURNAL OF HEALTH EDUCATION, 2006, 37 (03) : 159 - 169
[49] Global health policy and free access to information
Iglehart, JK
HEALTH AFFAIRS, 2004, 23 (03) : 7 - 8
[50] LOCAL INFORMATION POLICY - CONFIDENTIALITY AND PUBLIC ACCESS
STALLING.CW
PUBLIC ADMINISTRATION REVIEW, 1974, 34 (03) : 197 - 204

← 1 2 3 4 5 →