You are here: Home Contents V8 N2 V8N2_Harris.html
Personal tools

Managing Corporate Computer Crime and the Insider Threat: The Role of Cognitive Distortion Theory



Full text

Journal of Information Systems Security
Volume 8, Number 2 (2012)
Pages 1941
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Mark A. Harris — University of South Carolina, USA
Information Institute Publishing, Washington DC, USA




Dhillon and Backhouse (2000) state that the integrity of employees should be ascertained before giving them access to sensitive information. This paper investigates the integrity of individuals through the perspective of Cognitive Distortion Theory as a part of maximizing information security. Cognitive distortions are conceptualized as thoughts used to minimize, justify, or rationalize inappropriate behaviors, such as lying and stealing. Cognitive distortions are linked to criminal behavior and can be measured using the How I Think (HIT) questionnaire, a validated and widely used instrument. Two groups of information technology students completed the questionnaire. The control group received no treatment prior to the questionnaire, while the treatment group received cognitive distortion awareness training prior to completing the questionnaire. Results indicate that cognitive distortion awareness training had no significant effect on HIT scores. However, significant overall group effects were found between those that reported stealing from their employers and several key HIT subscales, such as minimizing the harm done to others. Males scored significantly worse than did females on the overall HIT score and the physical aggression subscale. Underclassmen scored significantly worse than did upperclassmen on the overall HIT score and several subscales, including lying. Implications for organizations are discussed.




Information; Security; Cyber; Crime; Computer; Crime; Awareness; Training; Cognitive; Distortion Theory; Insider; Threat; Occupational Fraud




AFCE (2010), Association of Certified Fraud Examiners: Report to the Nation on Occupational Fraud and Abuse Last visited: 3-2-2011.

Bandura, A. (1991). Social Cognitive Theory of Moral Thought and Action. In W. M. Kurtines & J. L. Gewirtz (Eds.), Handbook of Moral Behavior and Development, 1, 45-103; Hillsdale, NJ: Erlbaum.

Bandura, A. (1995). Multifaceted Scale of Mechanisms of Moral Disengagement. Unpublished manuscript, Stanford University, Stanford, CA. as cited by Barragi, et al. 2001.

Barriga, A., Gibbs, J. (1996) Measuring Cognitive Distortion in Antisocial Youth: Development and Preliminary Validation of the “How I Think” Questionnaire. Aggressive Behavior, 22, 333-343.

Barriga, A., Landau, J., Stinson II, B., Liau, A., and Gibbs, J. (2000) Cognitive Distortion and Problem Behaviors in Adolescents. Criminal Justice and Behavior, 22:1, 36-56.

Barriga, A., Morrison, E., Liau, A., and Gibbs, J. (2001) Moral Cognition: Explaining the Gender Difference in Antisocial Behavior. Merrill_Palmer Quarterly, 47:4, 532-562.

Beck, A. T. (1963). Thinking and Depression: Idiosyncratic Content and Cognitive Distortions. Archives of General Psychiatry, 9, 324-333.

Benson & Moore (1992) Are White-Collar and Common Offenders the Same? An Empirical and Theoretical Critique of a Recently Proposed General Theory of Crime. Journal of Research in Crime and Delinquency, Vol. 29, No. 3, 251-272.

Bostrom, R., & Heinen, J. (1977) MIS problems and failures: a socio-technical perspective (Part I: the causes). MIS Quarterly, September, 17. 

Carpenter, Tina and Reimers, Jane (2005). Unethical and fraudulent financial reporting: applying the theory of planned behavior. Journal of Business Ethics; 60, pp. 115.129.

CSWC, (2010) Cyber Security Watch Survey, Last visited 3-2-2011. 

D’Arcy, J., & Greene, G. (2009) The multifaceted nature of security culture and its influence on end user behavior. IFIP TC 8 International Workshop on Information Systems Security Research, 145-157.

Dhillon, G., & Backhouse, J. (2000) Information systems security management in the new millennium. Communications of the ACM, 43(7), 125-128.

Dhillon, G., & Backhouse, J. (2001) Current directions in IS research: towards socio-organizational perspectives. Information Systems Journal, 11, 127-153.

Dodge, K. (1993). Social-cognitive Mechanisms in the Development of Conduct Disorder and Depression. Annual Review of Psychology, 44, 559-84.

Gannon, T., Ward, T., and Collie, R. (2007). Cognitive Distortions in Child Molesters: Theoretical and Research Developments Over the Last Two Decades. Aggression and Violent Behavior. 12, 402-416.

Gendreau, P., Grant, B., Leipciger, M., and Collins, C. (1979). Norms and recidivism rates for the MMPI and selected experiemental scales on a Canadian delinquent sample. Canadian Journal of Behavioural Science, 11, 21-31.

GECS, (2009) Global Economic Crime Survey, Last visited 3-2-2011.

Gundersen, K. and Svartdal, F. (2006) Aggression Replacement Training in Norway: Outcome evaluation of 11 Norwegian Student Projects. Scandinavian Journal of Educational Research, 50:1, 63-81.

Hawkins, M., Alexander, C., Travis, F., et al, (2003) Consciousness-based Rehabilitation of Inmates in the Netherland Antilles: Psychosocial and Cognitive Changes. Transcendental Meditation in Criminal Rehabilitation and Crime Prevention, 205-228.

Langton, Lynn & Piquero, Nicole. ( 2007) Can general strain theory explain white-collar crime? A preliminary investigation of the relationship between strain and select white-collar offenses. Journal of Criminal Justice; 35, pp. 1-15. 

Liau, A., Barriga, A., and Gibbs, J. (1998) Relations between Self-serving Cognitive Distortions and Overt vs. Covert Antisocial Behavior in Adolescents. Aggressive Behavior, 24, 335-346.

Maruna, S., and Mann, R (2006). A Fundamental Attribution Error? Rethinking Cognitive Distortions. Legal and Criminological Psychology, 11, 155-177.

Mills, J., and Kroner, D. (1997). The Criminal Sentiments Scale: Predictive validity in a sample of violent and sex offenders. Journal of Clinical Psychology, 53, 399-404.

Najavits, L., Gotthardt, S., Weiss, R., and Epstein, M. (2004). Cognitive Distortions in the Dual Diagnosis of PTSD and Substance Use Disorder. Cognitive Therapy and Research, 28:2, 159-172.

Parker, D. (1998) “Fighting Computer Crime: A New Framework For Protecting Information” New York, NY: John Wiley and Sons.

Ruighaver, A., Maynard, S., & Chang, S. (2007) Organizational security culture: extending the end-user perspective. Computers & Security, 26, 56-62. 

Schoepfer, Andrea, & Piquero, Nicole (2006). Exploring white-collar crime and the American dream: A partial test of institutional anomie theory. Journal of Criminal Justice, 34, pp 227-235.

Simpson, Sally and Piquero, Nicole (2002). Low self-control, organizational theory, and corporate crime. Law & Society Review; 36:3, pp. 509-548

Siponen, M. (2001) An analysis of the recent IS security development approaches: descriptive and prescriptive implications. In: Information Security Management: Global Challenges in the New Millennium, Dhillon, G. (ed.) (pp. 101–124), Hershey, PA: Idea Group Publishing. 

Straub, D. and Welke, R. (1998). “Coping with systems risk: security planning models for management decision making.” MIS Quarterly 22(4): 441-465.

Sykes, G., and Matza, D., (1957). Techniques of Neutralization: A Theory of Delinquency. American Sociological Review, 22:6, 664-670.

Trompeter, C., & Eloff, J. (2001) A framework for implementation of socio-ethical controls in information security. Computers and Security, 20, 384–391. 

Vandor, Emma (2008), Associate Press Writer, Last visited: 3-3-2008.

Von Solms, R., & Von Solms, B. (2004) From policies to culture. Computers & Security. 23, 275-279.

Vroom, C., & Von Solms, R. (2004) Towards information security behavioural compliance. Computers & Security, 23, 191-198. 

Walters, G. (1995a). The psychological inventory of criminal thinking styles, Part 1: Reliability and preliminary validity. Criminal Justice and Behavior, 22, 437-325.

Walters, G. (1995b). The psychological inventory of criminal thinking styles, Part 2: Identifying simulated response sets. Criminal Justice and Behavior, 22, 437-445.

Walters, G., Elliot, W., and Miscoll, D. (1998) Use of the psychological inventory of criminal thinking styles in a group of female offenders. Criminal Justice and Behavior, 25, 125-134.

Willison, R., and Backhouse, J. (2006) Opportunities for Computer Crime: Considering Systems Risk from a Criminological Perspective. European Journal of Information Systems, 15, 403-414.