Using Accountability to Reduce Access Policy Violations in Information Systems

Access policy violations by organizational insiders are a major security concern for organizations because these violations commonly result in fraud, unauthorized disclosure, theft of intellectual property, and other abuses. Given the operational demands of dynamic organizations, current approaches to curbing access policy violations are insufficient. This study presents a new approach for reducing access policy violations, introducing both the theory of accountability and the factorial survey to the information systems field. We identify four system mechanisms that heighten an individual's perception of accountability: identifiability, awareness of logging, awareness of audit, and electronic presence. These accountability mechanisms substantially reduce intentions to commit access policy violations. These results not only point to several avenues for future research on access policy violations but also suggest highly practical design-artifact solutions that can be easily implemented with minimal impact on organizational insiders.