Start Date
16-8-2018 12:00 AM
Description
Abstract \ Shadow IT is taken as a key example of unauthorized use of IT resources/tools and is defined as collaborative systems for communication and sharing content among employees of an organization. Currently, organizations are struggling to understand the threats to their sensitive information assets and the necessary means to combat them. Shadow-IT systems are taken as a form of a workaround that represents deviations from existing work systems (Alters, 2014). This ability of end-users to bypass the central Information technology (IT) system at the workplace by using technologies that are often unsanctioned by the organizational network policy has challenged the authority to control IT use. The unauthorized use of information systems may expose organizations to various types of threats that can causes damage that might lead to significant financial losses. Information security damages and effects of those threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. \ Opportunity is the vulnerability within the organization that allows malicious insiders to commit an act (Györy et al., 2012) offering a criminal opportunity for the offender. It can be assumed that an organizational context can influence shadow user's’ behavior and can help explain the relationship between fraud risk and the use of a Shadow-IT system. Insiders may see in a Shadow-It system and opportunity to violate organizational norms, this may provide a rationalization to justify their fraudulent actions. Willison & Warkentin (2013) argue the IS research on security focus must include not only the act and its immediate antecedents of intention (to commit computer abuse) and deterrence (of the crime) but also phenomena which temporally precede these areas. Noting their influence in combination with situational factors would appear a logical extension for the IS security discipline. The situational perspective of crime opportunity provides a potential theoretical basis for understanding and addressing the issue of computer abuse within organizations. This study, therefore, seeks to understand specific threats posed by insiders in an organizational context that facilitate such unauthorized use of information technology and creating opportunities for fraud that compromise data integrity. \ Existing research acknowledges that a Shadow IT system can create opportunities for fraud and compromise the data integrity of authorized systems such as a disclosure of PII can seriously affect individuals and an organization by reducing public trust in the organization (White, et al., 2011). The focus of this research is therefore specifically Identity (ID) theft as a key fraud opportunity. \
Recommended Citation
Shaikh, Asif, "Shadow-IT system and Insider Threat: Opportunity as a Situational Perspective" (2018). AMCIS 2018 Proceedings. 88.
https://aisel.aisnet.org/amcis2018/TREOsPDS/Presentations/88
Shadow-IT system and Insider Threat: Opportunity as a Situational Perspective
Abstract \ Shadow IT is taken as a key example of unauthorized use of IT resources/tools and is defined as collaborative systems for communication and sharing content among employees of an organization. Currently, organizations are struggling to understand the threats to their sensitive information assets and the necessary means to combat them. Shadow-IT systems are taken as a form of a workaround that represents deviations from existing work systems (Alters, 2014). This ability of end-users to bypass the central Information technology (IT) system at the workplace by using technologies that are often unsanctioned by the organizational network policy has challenged the authority to control IT use. The unauthorized use of information systems may expose organizations to various types of threats that can causes damage that might lead to significant financial losses. Information security damages and effects of those threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. \ Opportunity is the vulnerability within the organization that allows malicious insiders to commit an act (Györy et al., 2012) offering a criminal opportunity for the offender. It can be assumed that an organizational context can influence shadow user's’ behavior and can help explain the relationship between fraud risk and the use of a Shadow-IT system. Insiders may see in a Shadow-It system and opportunity to violate organizational norms, this may provide a rationalization to justify their fraudulent actions. Willison & Warkentin (2013) argue the IS research on security focus must include not only the act and its immediate antecedents of intention (to commit computer abuse) and deterrence (of the crime) but also phenomena which temporally precede these areas. Noting their influence in combination with situational factors would appear a logical extension for the IS security discipline. The situational perspective of crime opportunity provides a potential theoretical basis for understanding and addressing the issue of computer abuse within organizations. This study, therefore, seeks to understand specific threats posed by insiders in an organizational context that facilitate such unauthorized use of information technology and creating opportunities for fraud that compromise data integrity. \ Existing research acknowledges that a Shadow IT system can create opportunities for fraud and compromise the data integrity of authorized systems such as a disclosure of PII can seriously affect individuals and an organization by reducing public trust in the organization (White, et al., 2011). The focus of this research is therefore specifically Identity (ID) theft as a key fraud opportunity. \