Interpreting computer fraud committed by employees

Doctoral thesis English OPEN
Kesar, S

This research provides a "rich insight'' into the management of Information \ud Systems (IS) security within the context of computer fraud committed by employees. It \ud argues that management within organisations can impact the understanding of \ud employees (at low-level positions) as to what is 'acceptable" practice when abiding by \ud IS security policies and procedures. Therefore, the growing problem of computer fraud \ud does not occur because of "bad people', but rather because of IS security loopholes \ud within the organisation. Such loopholes can create 'suitable opportunities' where \ud employees may find that the rewards of committing an act are higher than the chances \ud of being caught.\ud This research departs from the traditional functionalist view and approaches the \ud problem of computer fraud from a socio-technical perspective to employ an interpretive \ud research approach. This constitutes a major contribution to IS security studies. It uses \ud the Crime Specific Opportunity Structure model from criminology, as the conceptual \ud framework for initial data collection of the single embedded case study. The findings of \ud the case study (at Technology Corporation) suggest that perceptions of IS security held \ud by employees at high-level positions influence how employees at low-level positions \ud comply with IS security guidelines. To illustrate this argument, this research introduces \ud the notion of "Shared Responsibility" from victimology to reduce the gap between \ud "espoused theory' and 'theory-in-use'. Although, there were no 'reported' cases of \ud computer fraud committed by employees in Technology Corporation, implications are \ud drawn on the role management's perceptions about IS security play in the context of \ud facilitation, precipitation and provocation and consequently, a working environment \ud created where k suitable opportunities' may exist for employees to commit computer \ud fraud (input type in particular).
Share - Bookmark