Shadow IT – A view from behind the curtain

“…Unfortunately, most employees claim that these software are beneficial to their own and organizational productivity and as well as [19]. They also argued that they are not doing anything wrong and believe that the company will not sanction them for these 'small sins'.…”

“…It refers to any software or hardware installed by employees without approval from IT department. Nevertheless, employees argue that these applications could increase job performance and the capability of fulfilling business needs [19]. It is an insiderthreat, where a non-malicious insider (employee) installs disapproved software that strongly indicates a non-compliant behaviour towards an organization's information security policies [27].…”

“…It is an insiderthreat, where a non-malicious insider (employee) installs disapproved software that strongly indicates a non-compliant behaviour towards an organization's information security policies [27]. Generally, the shadow IT defines the same autonomous developed systems, processes and organizational units developed by software and hardware without the awareness, acceptance, knowledge and support from the IT department [19]. The employee's act is considered as activities that they try to void of any malicious intentions [19].…”

“…Generally, the shadow IT defines the same autonomous developed systems, processes and organizational units developed by software and hardware without the awareness, acceptance, knowledge and support from the IT department [19]. The employee's act is considered as activities that they try to void of any malicious intentions [19]. Examples of shadow IT software are installed productivity software (e.g.…”

“…Meanwhile, the capacity factor represents the level of skill possessed by internal individuals who need to access and monitor the IT system. Furthermore, unintentional insider threats could be classified into three types, namely human error [16], omissive security behaviour [17], [18] and shadow IT [19], [20]. Human error refers to carelessness or negligence such as accidental disclosure of information, loss of data storage, disposal of data that is not in accordance with procedures, use and maintenance.…”

Mitigation Strategies for Unintentional Insider Threats on Information Leaks

“…Unfortunately, most employees claim that these software are beneficial to their own and organizational productivity and as well as [19]. They also argued that they are not doing anything wrong and believe that the company will not sanction them for these 'small sins'.…”

“…It refers to any software or hardware installed by employees without approval from IT department. Nevertheless, employees argue that these applications could increase job performance and the capability of fulfilling business needs [19]. It is an insiderthreat, where a non-malicious insider (employee) installs disapproved software that strongly indicates a non-compliant behaviour towards an organization's information security policies [27].…”

“…It is an insiderthreat, where a non-malicious insider (employee) installs disapproved software that strongly indicates a non-compliant behaviour towards an organization's information security policies [27]. Generally, the shadow IT defines the same autonomous developed systems, processes and organizational units developed by software and hardware without the awareness, acceptance, knowledge and support from the IT department [19]. The employee's act is considered as activities that they try to void of any malicious intentions [19].…”

“…Generally, the shadow IT defines the same autonomous developed systems, processes and organizational units developed by software and hardware without the awareness, acceptance, knowledge and support from the IT department [19]. The employee's act is considered as activities that they try to void of any malicious intentions [19]. Examples of shadow IT software are installed productivity software (e.g.…”

“…Meanwhile, the capacity factor represents the level of skill possessed by internal individuals who need to access and monitor the IT system. Furthermore, unintentional insider threats could be classified into three types, namely human error [16], omissive security behaviour [17], [18] and shadow IT [19], [20]. Human error refers to carelessness or negligence such as accidental disclosure of information, loss of data storage, disposal of data that is not in accordance with procedures, use and maintenance.…”

Mitigation Strategies for Unintentional Insider Threats on Information Leaks

Bibliography

References