您好,欢迎访问东北财经大学管理科学与工程学院!(请使用IE8及以上浏览器访问,360浏览器请开启极速模式) English| 中文| 加入收藏

电子商务系列研讨会(17):A Longitudinal Study of Unauthorized Access Attempts on Information Systems: the Role of Opportunity

    为进一步深入学术交流,增进学术氛围,应电子商务系邀请,美国德州大学阿灵顿分校汪静国教授将于2017年7月2日来我院进行学术交流并作学术报告。汪教授将结合其最新研究做题为“A Longitudinal Study of Unauthorized Access Attempts on Information Systems: the Role of Opportunity”的报告。欢迎感兴趣的教师及研究生参加。
 
    报 告 人:汪静国
    会议时间:2018年7月2日(周一)15:00-16:00
    会议地点:劝学楼425
 
【报告人简介】
    汪静国博士是美国德克萨斯大学阿灵顿商学院信息系统教授。曾于复旦大学获得计算机科学学士,在纽约州立大学布法罗获得运筹学硕士以及管理科学和系统博士。研究领域包括信息安全、网络犯罪和决策支持。其相关研究成果发表在MIS Quarterly, Information Systems Research, Journal of Management Information Systems, Journal of the Association for Information Systems, Decision Support Systems等国际重要期刊等。
 
Abstract
A Longitudinal Study of Unauthorized Access Attempts on Information Systems: the Role of Opportunity
Abstract
 
This study investigates employees’ behavior of making unauthorized access attempts on information systems (IS) applications in a financial institution and how opportunity contexts leads to such behavior. By contextualizing multilevel criminal opportunity theory, we develop a model that considers both employee- and department-level opportunity contexts. At the employee level, we hypothesize that the scope and data value of the applications that an employee has legitimately accessed, together with the time when, and the location where, the employee initiated the accesses, affect the likelihood of the employee’s making unauthorized access attempts. At the department level, we hypothesize that department size moderates the impact of employee-level contextual variables on the likelihood of the employee’s making unauthorized attempts. To test the hypotheses, we collected six months of access log data from an enterprise single sign-on system of a financial institution. We find the hypothesized main effects of all employee-level contextual variables and department size are supported. In addition, department size reinforces the effects of data value, off-hour access, off-site access, and their interaction term, expect that of scope. Robustness analyses indicate that the results do not align with employees who might not know the systems well enough and could be making mistakes. We also discuss the theoretical and practical implications of the study.
 
 
撰稿人: 宋晓龙                                审核:田甜