Discovering and Disciplining Computer Abuse in Organizations: A Field Study

As information systems (IS) managers and computer security administrators attempt to address what may be a serious and persistent problem of computer abuse in organizations, two important aspects must be considered: discovery of abuse incidents and discipline of perpetrators. This field study examines how IS managers address these two activities. Data for the study were gathered using victimization surveys of 1,063 randomly selected members of the DPMA (Data Processing Management Association). Results of the study suggest that purposeful detection of abuse incidents is used less than other methods of discovering abuse. Furthermore, the results show that certain perpetrators are able to hide their identities and abusive activities. Based on these results, the study conclusions present a model that shows how security efforts should be managed in terms of security effort allocations and disciplinary actions.