In order to increase and enhance user-generated content contributions, it is important to understand the factors that lead people to freely share their time and knowledge with others.
Information security has become increasingly important for organizations, given their dependence on ICT. Not surprisingly, therefore, the external threats posed by hackers and viruses have received extensive coverage in the mass media. Yet numerous security surveys also point to the 'insider' threat of employee computer crime. In 2006, for example, the Global Security Survey by Deloitte reports that 28% of respondent organizations encountered considerable internal computer fraud. This figure may not appear high, but the impact of crime perpetrated by insiders can be profound. Donn Parker argues that 'cyber-criminals' should be considered in terms of their criminal attributes, which include skills, knowledge, resources, access and motives (SKRAM). It is as a consequence of such attributes, acquired within the organization, that employers can pose a major threat. Hence, employees use skills gained through their legitimate work duties for illegitimate gain. A knowledge of security vulnerabilities can be exploited, utilising resources and access are provided by companies. It may even be the case that the motive is created by the organization in the form of employee disgruntlement. These criminal attributes aid offenders in the pursuit of their criminal acts, which in the extreme can bring down an organization.
In the main, companies have addressed the insider threat through a workforce, which is made aware of its information security responsibilities and acts accordingly. Thus, security policies and complementary education and awareness programmes are now commonplace for organizations. That said, little progress has been made in understanding the insider threat from an offender's perspective. As organizations attempt to grapple with the behavior of dishonest employees, criminology potentially offers a body of knowledge for addressing this problem. It is suggested that Situational Crime Prevention (SCP), a relative newcomer to criminology, can help enhance initiatives aimed at addressing the insider threat.
In this article, we discuss how recent criminological developments that focus on the criminal act, represent a departure from traditional criminology, which examines the causes of criminality. As part of these recent developments we discuss SCP. After defining this approach, we illustrate how it can inform and enhance information security practices.
In recent years, a number of criminologists have criticised their discipline for assuming that the task of explaining the causes of criminality is the same as explaining the criminal act. Simply to explain how people develop a criminal disposition is only half the equation. What is also required is an explanation of how crimes are perpetrated. Criminological approaches, which focus on the criminal act, would appear to offer more to information security practitioners than their dispositional counterparts. Accordingly, the SCP approach can offer additional tools for practitioners in their fight against insider computer crime.
As the wonders of global connectivity unfold, the world is changing its perception toward the use of computers. Computers are no longer viewed as mere number-crunching devices nor is the use of computers limited to the scientific and engineering communities. The advent of high-speed networking technologies has made information sharing through the Internet a prevailing practice for every conceivable segment of society from governments to business and industry to private citizens.
"Denial-of-service" cyberattacks require us to up our technical game in Internet security and safety. They also expose the need to frame and enforce social and ethical behavior, privacy, and appropriate use in Internet environments.
It was only a matter of time. We’ve come to expect almost anything imaginable to be sold on late-night TV infomercials—from feel-good "health" bracelets to "get rich quick" real-estate schemes. So I shouldn’t have been too surprised to stumble across a 3 a.m. full-hour ad for a firm offering biometric "appliances" (for legal applications only—the […]
The debate engendered by the Aadhaar project has propelled India from being a predominantly pre-privacy society to one in which privacy protection in digital databases has emerged as a major national concern.
Within the modern, hyper-connected business landscape, organizations are constantly under attack. According to the 2005 Computer Crime and Security Survey, conducted jointly by the Computer Security Institute (CSI) and the San Francisco Office of the Federal Bureau of Investigation (FBI), 56% of respondents reported unauthorized computer system use during the past year.2 These unauthorized uses […]
Communications of the ACM (CACM) is now a fully Open Access publication.
By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.
