Considering the Offender: Addressing the Procedural Stages of Computer Crime in an Organisational Context

IS security represents a growing concern for organisations. Although hackers and viruses are often the basis of such concerns, the inside threat of employee computer crime should not be underestimated. From an academic perspective, there are a modest but growing number of texts which examine the `insider' problem. While attention has been given to the influence on offender actions through deterrent safeguards, there has been a lack of insight into the interactive relationship between offender choices made during the actual perpetration of computer crimes, and the context in which such crimes take place. Knowledge of this relationship would be of obvious interest to practitioners who would aim to manipulate the environment and influence offender choices accordingly. To address this oversight, this paper, therefore, advances two criminological theories which it is argued can be used to examine the stages an offender must go through in order for a crime to be committed i.e. the `procedural stages' of computer crime. Hence, this paper illustrates how the two theories, entitled the rational choice perspective and situational crime prevention, can be applied to the IS domain, thereby offering a theoretical basis on which to analyse offender choices/behaviour during perpetration. Through such an analysis greater insights may be offered into selecting appropriate safeguards to prevent computer crime.