Despite continuous effort to reduce ICT abuse, ICT security problems still persist such that ICT security experts and practitioners are kept struggling to find ways to combat the problems which are closely related to deviant human behaviour. Previous studies have investigated the causal relationships between security efforts and ICT abuse but studies on ICT abuse in the Malaysian public sector are still rare. This research aims at identifying significant factors that influence ICT abuse as an input to develop and validate an ICT abuse model within the Malaysian public sector setting. The proposed model contributes to the theoretical body of knowledge on ICT abuse by adopting multidisciplinary solutions whereby ethical factors from the discipline of psychology, organisational bond factors from the discipline of socio-criminology and general deterrence factors from the discipline of ICT security are examined and synthesised.

Keywords: Ethical factors, ICT abuse, ICT security problems, multi-disciplinary solutions, socio-criminology

ABSTRAK

Walaupun pelbagai usaha untuk mengurangkan perilaku salah guna ICT telah diambil, namun masalah keselamatan ICT ini masih terus berlaku. Oleh itu, kebanyakan pakar dan pengamal keselamatan ICT sedaya upaya mencari jalan untuk mengurangkan masalah yang berkait rapat dengan perilaku tidak lazim manusia. Kajian lampau telah menyelidiki perhubungan sebab di antara usaha-usaha keselamatan dengan perilaku tidak lazim ICT; bagaimanapun, kajian- kajian dalam ruang lingkup sektor awam Malaysia adalah terhad. Oleh itu, kajian ini bertujuan untuk mengenal pasti faktor-faktor signifikan yang mempengaruhi perilaku tidak lazim sebagai input kepada pembentukan dan pengesahan suatu model perilaku tidak lazim ICT dalam ruang lingkup tersebut. Model cadangan ini menyumbang kepada badan ilmu secara teoritikal dengan pemakaian penyelesaian dari pelbagai disiplin seperti faktor etika dari psikologi, faktor keakraban organisasi dari disiplin sosio-kriminologi dan faktor pencegahan umum dari disiplin keselamatan ICT.

Kata kunci: Faktor etika, masalah keselamatan ICT, penyelesaian pelbagai disiplin, salah laku ICT, sosiokriminologi

Agnew, R. 1995. Testing the leading crime theories: an alternative strategy focusing on motivational processes. Journal of Research in Crime and Delinquency 30(4): 363-398.

Ajzen, I. 1985. From intentions to actions: a theory of planned behaviour. In Action control: from cognition to behaviour, edited by Kuhl J., Beckman, J. New York: Springer-Verlag.

Ajzen, I. 1991. The theory of planned behaviour. Organisational Behaviour and Human Decision Processes 50(2): 179-211.

Akers, R.L. 1985. Deviant Behaviour: A Social Learning Approach. Belmont: Wadsworth

Akers, R.L. 1997. Criminological Theories: Introduction and Evaluation. 2nd edition. Los Angeles: Roxbury Publishing.

Anderson, J.P. 1980. Computer Security Threat Monitoring and Surveillance. Fort Washington, PA: James P. Anderson Co.

Beccaria, C. 1963. On crime and punishments. Journal of Information & Management 41: 707-718. Breidenbach, S. 2000. How secure are you? Information Week 8: 71-78.

Computer Security Institute. 2001. Issues and trends: 2001 CSI/FBI Computer abuse and security survey, CSI, San Francisco, CA.

Conger, S., Loch, K.D. & Helft, B.L. 1995. Ethics and information technology use: a factor analysis of attitudes to computer use. Information Systems Journal 5: 161-84.

Dhillon, G. & Moores, S. 2001. Computer crimes: theorizing about the enemy within. Computer & Security 20(8): 715-723.

Floridi, L. 1999. Information ethics: On the philosophical foundation of computer ethics. Ethics and Information Technology 1(1): 37-56.

Gattiker, U.E. & Kelly, H. 1999. Morality and computers: attitudes and differences in moral judgments. Information Systems Research 10(3): 233-54.

Hirschi, T.A. 1969. Causes of Delinquency. Berkeley: University of California Press.

Kowalski, S. 1990. Computer ethics and computer abuse: a longitudinal study of Swedish University students. IFIP TCII 6th International Conference on Information Systems Security.

Lee, J. & Lee, Y. 2002. A holistic model of computer abuse within organisations. Information Management & Computer Security 10(2): 57-63.

Lee, S., Yoo, S. & Nah, F. 2004. An integrated model based on social control and general deterrence theories. Journal of Information & Management 41: 707-718.

Lister, J.J. 1995. Intrusion detection systems: an introduction to the detection and prevention of computer abuse. Thesis, University of Wollongong.

Malaysian Public Sector Management of ICT Security Handbook (MyMIS). 2002. Kuala Lumpur: Government Printers.

Meyer, J. 1995. From the editor. Computer & Security 14(1): 2-3.

Stephen, H. 1998. Recent security surveys. Computer & Security 17(3): 207-10.

Straub, D.W. Jr. & Welke, R.J. 1998. Coping with systems risk: security planning models for management decision making. MIS Quarterly 22(4): 441-65.

Thompson, D. 1998. 1997 computer abuse and security survey. Information Management & Computer Security 6(2): 78-101.

Trompeter, C.M. & Eloff, J.H.P. 2002. A framework for the implementation of socio-ethical controls in information security. Computer & Security 20: 384-391.

Zalud, B. 1984. IBM Chief urges DP education, social responsibility. Data Management 22(9): 30-74.