Abstract
This study investigates employee behavior of unauthorized access attempts on information systems (IS) applications in a financial institution and examines how opportunity contexts facilitate such behavior. By contextualizing multilevel criminal opportunity theory, we develop a model that considers both employee- and department-level opportunity contexts. At the employee level, we hypothesize that the scope and data value of the applications that an employee has legitimately accessed, together with the time when and location where the employee initiates access, affect the likelihood of the employee making unauthorized access attempts. At the department level, we hypothesize that department size moderates the impact of employee-level contextual variables on the likelihood of an employee making unauthorized attempts. To test these hypotheses, we collected six months of access log data from an enterprise single sign-on system of a financial institution. We find the hypothesized main effects of all employee-level contextual variables and department size are supported. In addition, department size reinforces the effects of data value, off-hour access, off-site access, and their interaction term, except for that of scope, on the outcome variable. Robustness analyses indicate that the proposed model does not align with those employees who might not know the systems well enough or who might make honest mistakes. We also discuss the theoretical and practical implications of the study.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.