A Longitudinal Study of Unauthorized Access Attempts on Information Systems: The Role of Opportunity Contexts1
Authors: Wang, Jingguo; Shan, Zhe; Gupta, Manish; Rao, H. Raghav
Journal: MIS Quarterly (2019)
<jats:p>This study investigates employee behavior of unauthorized access attempts on information systems (IS) applications in a financial institution and examines how opportunity contexts facilitate such behavior. By contextualizing multilevel criminal opportunity theory, we develop a model that considers both employee- and department-level opportunity contexts. At the employee level, we hypothesize that the scope and data value of the applications that an employee has legitimately accessed, together with the time when and location where the employee initiates access, affect the likelihood of the employee making unauthorized access attempts. At the department level, we hypothesize that department size moderates the impact of employee-level contextual variables on the likelihood of an employee making unauthorized attempts. To test these hypotheses, we collected six months of access log data from an enterprise single sign-on system of a financial institution. We find the hypothesized main effects of all employee-level contextual variables and department size are supported. In addition, department size reinforces the effects of data value, off-hour access, off-site access, and their…