Using Accountability to Reduce Access Policy Violations in Information Systems

Article

Vance, Anthony; Lowry, Paul Benjamin; Eggett, Denis

Brigham Young University; City University of Hong Kong; Brigham Young University; United States Department of Energy (DOE); Pacific Northwest National Laboratory

JOURNAL OF MANAGEMENT INFORMATION SYSTEMS

0742-1222

10.2753/MIS0742-1222290410

2013

263-289

Access policy violations by organizational insiders are a major security concern for organizations because these violations commonly result in fraud, unauthorized disclosure, theft of intellectual property, and other abuses. Given the operational demands of dynamic organizations, current approaches to curbing access policy violations are insufficient. This study presents a new approach for reducing access policy violations, introducing both the theory of accountability and the factorial survey to the information systems field. We identify four system mechanisms that heighten an individual's perception of accountability: identifiability, awareness of logging, awareness of audit, and electronic presence. These accountability mechanisms substantially reduce intentions to commit access policy violations. These results not only point to several avenues for future research on access policy violations but also suggest highly practical design-artifact solutions that can be easily implemented with minimal impact on organizational insiders.