jump to navigation

Understanding Deterrence & Crime Prevention June 25, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
3 comments

punishmentThis following an excerpt from the 2012 research brief titled “Failed State of Security; A Rational Analysis of Deterrence Theory and Cybercrime.”  I was recently provided a blog post by an ‘expert’ in which the author was again blaming the victim of a data breach while chiding companies for believing that they should not expect law enforcement to be there when you need them.  The author misses a major purpose of the criminal justice system; Deterrence of criminal behavior.  I late 2013 a US Senator stood in front of a Target store and blamed Target for their data breach.  Interestingly, this senator did not state that the US should redouble efforts to deter cybercrime through more effective laws or more aggressive law enforcement actions.   Until the laws and criminal justice system can begin to deter such behavior, cybercrime will continue to plague data industries.  So what is deterrence?

An Overview of Deterrence Theory

Deterrence theory has applications in a variety of fields including military, and maritime security settings, foreign affairs, and in criminology, to name a few. While seemingly unrelated, when looked at closely, the similarities are apparent.  Each these fields involve human decisions and humans that have the ability to behave and act in a manner contrary to the wishes of the other party. It is the ‘human element’ that is being modified by deterrent strategies.

History of Deterrence Theory

The concept of deterrence is relatively easy to understand and likely extends to the earliest human activities in which one early human dissuaded another from stealing food by employing the threat of violence against the interloper.  Written examples of deterrence can be attributed as far back as the Peloponnesian War, when Thucydides wrote that there were many conflicts in which one army maneuvered in a manner that convinced the opponent that beginning or escalating a war would not be worth the risk.[1]  In the 4th Century BC, Sun Tzu wrote: “When opponents are unwilling to fight with you, it is because they think it is contrary to their interests, or because you have misled them in to thinking so.”[2]  While most people seem to instinctively understand the concept at the individual level, contemporary deterrence theory was brought to the forefront of political and military affairs during the Second World War with the deployment of nuclear weapons against Nagasaki and Hiroshima.[3]   (more…)

“Failed State of Security” Part II; Cybercrime Victim Blaming May 18, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , , , , , ,
add a comment

PartIIfailedStaetI am proud to release another research brief that is Part II of my “Failed State of Security” series in which I discuss and analyze victim blaming in the context of data security.  In 2012 I published a research brief titled “A Failed State of Security: A Rational Analysis of Deterrence Theory and The Effect on CyberCrime.” in which I discussed the failing of law enforcement, and cybersecurity to deter cyber events and discussed the theory of deterrence and the need for deterrence within cybersecurity.  You can download the article on IDGA’s website or on my own website here.  This paper is part II of the “Failed State of Security” series.  Started after the Target data breach, this topic is one that has always been close to me.  In April 2009 I wrote an article titled “Lessons from the Heartland Breach” which was published as the cover story by TransactionWorld magazine.

Victim blaming is common in sexual assault, as well as other types of crimes.  A quick Internet search will demonstrate scores of instances in which the victim of a violent is blamed for being victimized.   When we include a large, corporate entity it becomes easier to point the accusatory finger at the organization.  Whether due to Schadenfreude or some other reason, people want to blame companies that are victimized by hackers.  Did the company “cause” the breach?  Were they somehow complicit in the attack?  What do we mean when we say “cause”?  What is a causal fallacy?  These, and many more topics, are discussed in Part II of the “Failed State of Security” series.  I invite you to download “Failed State of Security Part II”; Victim Blaming in Cybercrime.  As always, I welcome any comments or debate on the topic…

%d bloggers like this: