Some of the material in is restricted to members of the community. By logging in, you may be able to gain additional access to certain collections or items. If you have questions about access or logging in, please use the form on the Contact Page.
Shaikh, A. S. (2020). Examining Shadow-It Employees' Likelihood to Commit Insider Fraud Insights from
Guardianship and Target Attractiveness. Retrieved from https://purl.lib.fsu.edu/diginole/2020_Summer_Fall_Shaikh_fsu_0071E_16249
The rising trend of end-users to bypass the central IT system at the workplace using technologies often unsanctioned by the organizational network policy has challenged the authority to control IT use. This study examines the risks associated with an unauthorized IT Use by employees, integrating opportunity-based constructs of routine activity theory. It attempts to explain why and whether risky activities such as an unauthorized IT (i.e., cloud services, self-made solutions, self -installed devices, and self-acquired personal devices) most commonly referred to as Shadow-IT usage by employees at workplace may actually increase the occurrence of detrimental security behaviors. It primarily assumes that, in current IT-enabled domain, when an employee bypasses IT norms and injunctions in IT usage and possesses IT tools outside the management control, they are more likely to threaten an organization with malicious activity such as insider fraud in the presence of certain situational stimuli. A multi-model analysis in this study suggests that the usage of informal-IT tools heightens the risk of insider fraud, especially when a shadow employee has privileged access to a valued target in the absence of a capable guardian. An internet survey design is adopted to collect empirical data. Quantitative statistical analysis has generated key insights in examining relationships between a shadow employees’ motivation and various situational factors that may allow them an opportunity to commit insider fraud. The statistical findings suggest that latent variable “Value” is not the strong predictor of dependent variable (likelihood of committing insider fraud) while other variables/factors are held constant. The high Value of personal information assets (such as PII) may contribute to target suitability but is NOT associated with the likelihood of Shadow-IT employee to commit Insider Fraud. Shadow-IT employees may not be likely to commit insider fraud when the value of the personally identifiable information “alone” is high. However, he may likely to do so when other variables/factors combine such as access and absence of guardianship. Situational factors such as access and absence of both offline and online guardianship (supervising) may motivate Shadow-IT employees to commit insider fraud. In supplement to the statistical findings, qualitative interpretation of open-ended survey items supported the survey findings. Also, the thematic analysis revealed that personal traits also play a role in motivating an employee to bypass the IT management policy in using IT tools, later contributing in the end motivation to commit insider fraud when and if given access to the information assets.
Informal/personal-IT, Information security, Insider fraud, Insider Threat, PII, Shadow-IT
Date of Defense
November 13, 2020.
Submitted Note
A Dissertation submitted to the School of Information in partial fulfillment of the requirements for the degree of Doctor of Philosophy.
Bibliography Note
Includes bibliographical references.
Advisory Committee
Michelle M. Kazmer, Professor Directing Dissertation; Stephen McDowell, University Representative; Mia. L. A. Lustria, Committee Member; Diogo Oliveira, Committee Member.
Publisher
Florida State University
Identifier
2020_Summer_Fall_Shaikh_fsu_0071E_16249
Shaikh, A. S. (2020). Examining Shadow-It Employees' Likelihood to Commit Insider Fraud Insights from
Guardianship and Target Attractiveness. Retrieved from https://purl.lib.fsu.edu/diginole/2020_Summer_Fall_Shaikh_fsu_0071E_16249