While hackers and viruses fuel the IS security concerns for organisations, the problems posed by employee computer crime should not be underestimated. Indeed, a number of IS security researchers have turned their attention to the ‘insider’ threat. Of this group, several focus on the offender, either in terms of a series of attributes required for perpetration, or with reference to forms of safeguards aimed at negating such behaviour. These studies are complemented by those texts which examine the organisational context in which rogue employees commit computer crime. Currently, however, there has been a lack of insight into the relationship between the offender and the context, during the commission process. To address this deficiency, two criminological theories are advanced. This paper illustrates how the theories, entitled the Rational Choice Perspective and Situational Crime Prevention, can be applied to the IS domain, thereby offering a theoretical basis by which to analyse the offender/context relationship during perpetration. By so doing, practitioners may use these insights to inform and enhance the selection of safeguards in a bid to improve prevention programmes. Furthermore, the importation of the Rational Choice Perspective and Situational Crime Prevention into the IS field opens up potentially new areas for future research.
Robert Willison is an Assistant Professor in the Department of Informatics at Copenhagen Business School. He has a MSc. in Sociology and PhD. in Information Systems, both from the London School of Economics and Political Science. His research focuses on IS security, with a specific interest in understanding and addressing employee computer crime.