Beyond Deterrence:  An Expanded View of Employee Computer Abuse

Willison, Robert; Warkentin, Merrill

doi:10.25300/misq/2013/37.1.01

Cited by 351 publications

(292 citation statements)

References 114 publications

(170 reference statements)

Supporting

Mentioning

281

Contrasting

Unclassified

Order By: Relevance

“…Secondly, our paper provides an empirical justification and solid grounded basis for further theorizing around the phenomenon of Shadow IT. Thirdly, Shadow users can be seen as employees who are usually considered as threats to Information Systems (IS) and as such they are seen as benign non-malicious insiders that violate IS security policies with benevolent intentions [15]. However, our study suggests that if organizations leverage there IS policies by incorporating mechanisms that would enable, encourage and promote Shadow IT and Shadow users to be compliant, benefits for organizational innovation could be manifold.…”

Section: What Is the Influence Of Shadow It On Innovation In Organizamentioning

confidence: 81%

“…By triangulating the findings from these three methods we can see that Shadow IT can be an important source of innovation for firms. While, these Shadow users are considered to be benign non-malicious insiders threatening Information Systems (IS) and violating IS security policies with benevolent intentions [15], they can also be important and new source of innovation. Indeed, so far, organizations were typically mostly relying on their innovation departments or labs to produce innovations.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Influence of Shadow IT on Innovation in Organizations

Silic

Oblakovic

2016

CSIMQ

View full text Add to dashboard Cite

Abstract. Shadow IT is relatively new and emerging phenomenon which is bringing number of concerns and risks to the organizational security. Past literature has mostly explored the "negative" effects of the Shadow IT phenomenon, including, for example, the security aspect where Shadow systems are said to undermine the official systems and endanger organizational data flows. However, the question of how Shadow IT can contribute to leverage user's innovation has not been adequately addressed. We used three methods to understand if Shadow IT can be an important source of innovation for firms: 1) Single case study with international firm that adopted Shadow IT; 2) Interviews with 15 IT executives and 3) Focus group using twitter as enabling tool to interact with 65 IT professionals. We offer a new perspective on how Shadow IT practices can leverage user's innovation. The study offers novel insights on the role of Shadow users in the organizational innovation process and how they contribute to new innovations by using Shadow IT. Not only this user led innovation through Shadow IT brings positive outcomes for the employee, but it also reveals the path to follow for organizations to increase their innovation capabilities.

show abstract

Section: What Is the Influence Of Shadow It On Innovation In Organizamentioning

confidence: 81%

Section: Discussionmentioning

confidence: 99%

Influence of Shadow IT on Innovation in Organizations

Silic

Oblakovic

2016

CSIMQ

View full text Add to dashboard Cite

show abstract

“…To keep the game simple, it is assumed that all attacks are considered external attacks, in that they originate outside of the victim organization's network, and are not categorized by type, such as a phishing attack or a network-traveling worm. While we acknowledge that the risk of an insider attack is significant in reality [79,80], the simplifications we apply do not impact the relevance of our results, since most successful cyber-attacks result in data loss or operational disruptions regardless of their nature. The only difference between the two graphs in b is the occurrence of cyber-attacks, and in neither simulation is any investment made in cybersecurity capability development, so any difference in profits is directly related to the cyber-attacks shown in (a).…”

Section: Cyber-incident Patternsmentioning

confidence: 99%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

Abstract:We developed a simulation game to study how well decision makers understand two fundamental aspects of complexity in cybersecurity: potential delays in building capabilities, and uncertainties in predicting cyber-incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals to an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects. Both groups also exhibited similar errors when dealing with the uncertainty of cyber-incidents. Our findings highlight the importance of training for decision-makers, and lay the groundwork for future research in uncovering mental biases about the complexities of cybersecurity.

show abstract

“…Prior research focuses largely on compliant behaviors versus security policies for employees [3,67,75,76,81]. In essence, those studies attempted to examine factors which can maximize the deterrence effect and reduce employees' noncompliance behaviors.…”

Section: Introductionmentioning

confidence: 99%

“…For example, intellectual property theft which is caused by current and former employees costs US companies $250 billion per year [65]. The insider threat is regarded as one of the largest threats to organizations [75,81]. To reduce the insider threat, organizations have taken efforts to develop and implement stringent monitoring and control activities, information security policies (ISPs), and sanctions to deter security threat behaviors.…”

Section: Introductionmentioning

confidence: 99%