Information Security and Privacy (SIG SEC)

Loading...

Media is loading
 

Paper Type

ERF

Paper Number

1304

Description

In 2020, business operations were changed around the world due to disruptions of COVID-19, forcing organizations to migrate their workforce to a new Work From Home (nWFH) model quickly, and with limited planning, design or testing. As a result, new data security threats have emerged. This study aims to examine an insider-related threat to organizational data due to a self-support model of computing facilitated and accelerated by the mainstream proliferation of convenient, affordable and easily accessible cloud-based applications. Shadow Information Technology is a “double edged sword”-on the one end it boasts benefits of improved job performance, productivity, and cost savings, while on the other end it poses security threats. Moreover, with COVID-19 and nWFH, risks abound as established formal structures of the traditional workplace which reinforces data security policies and procedures are diminished. This gives employees more leeway to leverage unapproved apps with unvetted risk profiles for work-related tasks with the risk of introducing vulnerabilities into the work environment. We examine this issue through the lens of Theory of Planned Behavior (TPB) and General Strain Theory (GST), looking at it from the volitional non-malicious Insider Threat perspective. Study context is nWFH model against the backdrop of COVID-related strains. Expected contribution is in the areas of Insider Threats, Data Security, Shadow IT and Cloud Security. From a theoretical standpoint, the study aims to incorporate GST with the TPB in an attempt to increase its explanatory power while attempting to remedy one of its stated limitations.

Share

COinS
Top 25 Percent Paper badge
 
Aug 9th, 12:00 AM

Volitional Non-Malicious Insider Threats: At The Intersection of COVID-19, WFH and Cloud-Facilitated Shadow-Apps

In 2020, business operations were changed around the world due to disruptions of COVID-19, forcing organizations to migrate their workforce to a new Work From Home (nWFH) model quickly, and with limited planning, design or testing. As a result, new data security threats have emerged. This study aims to examine an insider-related threat to organizational data due to a self-support model of computing facilitated and accelerated by the mainstream proliferation of convenient, affordable and easily accessible cloud-based applications. Shadow Information Technology is a “double edged sword”-on the one end it boasts benefits of improved job performance, productivity, and cost savings, while on the other end it poses security threats. Moreover, with COVID-19 and nWFH, risks abound as established formal structures of the traditional workplace which reinforces data security policies and procedures are diminished. This gives employees more leeway to leverage unapproved apps with unvetted risk profiles for work-related tasks with the risk of introducing vulnerabilities into the work environment. We examine this issue through the lens of Theory of Planned Behavior (TPB) and General Strain Theory (GST), looking at it from the volitional non-malicious Insider Threat perspective. Study context is nWFH model against the backdrop of COVID-related strains. Expected contribution is in the areas of Insider Threats, Data Security, Shadow IT and Cloud Security. From a theoretical standpoint, the study aims to incorporate GST with the TPB in an attempt to increase its explanatory power while attempting to remedy one of its stated limitations.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.