Investigating the Effectiveness of IS Security Countermeasures towards Cyber Attacker Deterrence

The efficacy of information system security countermeasures upon the deterrence of external cyber attackers has not yet been examined. As a result, organizations spend large sums of budgetary dollars upon countermeasures without knowledge of their effects upon the hackers who are waging the attacks. These countermeasures can be divided into two categories, both of which can be located inside or outside of the organization: active countermeasures, which directly inhibit or prevent an attack, and passive countermeasures, which obtain information about the attackers themselves. Using these categories, a framework of information system security countermeasures available to organizations was developed. The framework was evaluated in light of data collected from hacker bulletin boards to determine the effects of information system security countermeasures upon the intentions of these attackers to engage in their attacks.

[1]  I. Ehrlich Participation in Illegitimate Activities: A Theoretical and Empirical Investigation , 1973, Journal of Political Economy.

[2]  Anthony Ruocco,et al.  Discussion: strike back: offensive actions in information warfare , 1999, NSPW '99.

[3]  A. Hovav,et al.  Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures , 2009 .

[4]  Ellen S. Podgor International Computer Fraud: A Paradigm for Limiting National Jurisdiction , 2002 .

[5]  Christopher J. Coyne,et al.  THE ECONOMICS OF COMPUTER HACKING , 2005 .

[6]  Craig V. D. Thornton,et al.  Crime, Deterrence, and Rational Choice , 1986 .

[7]  C. Bryan Foltz,et al.  Cyberterrorism, computer crime, and reality , 2004, Inf. Manag. Comput. Secur..

[8]  Lei Zhou,et al.  The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[9]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[10]  Kevin M. Carlsmith,et al.  Why do we punish? Deterrence and just deserts as motives for punishment. , 2002, Journal of personality and social psychology.

[11]  R. Berk,et al.  The specific deterrent effects of arrest for domestic assault. , 1984, American sociological review.

[12]  T. Holt subcultural evolution? examining the influence of on- and off-line experiences on deviant subcultures , 2007 .

[13]  R. E. Bell The Prosecution of Computer Crime , 2002 .

[14]  G. Antunes,et al.  Impact of Certainty and Severity of Punishment on Levels of Crime in American States: An Extended Analysis, The , 1973 .

[15]  Peter Hoath,et al.  Hacking: Motivation and deterrence, part II , 1998 .

[16]  Richard Barber Hackers Profiled — Who Are They and What Are Their Motivations? , 2001 .

[17]  Ronald V. Clarke,et al.  “Situational” Crime Prevention: Theory and Practice , 1980 .

[18]  Sam Ransbotham,et al.  Choice and Chance: A Conceptual Model of Paths to Information Security Compromise , 2009, Inf. Syst. Res..

[19]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[20]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[21]  Hai Nguyen,et al.  Security Breach: The Case of TJX Companies, Inc , 2008, Commun. Assoc. Inf. Syst..

[22]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[23]  Kim-Kwang Raymond Choo Organised crime groups in cyberspace: a typology , 2008 .

[24]  R. Paternoster,et al.  Absolute and Restrictive Deterrence in a Panel of Youth: Explaining the Onset, Persistence/Desistance, and Frequency of Delinquent Offending , 1989 .

[25]  Steven Philippsohn Trends In Cybercrime An Overview Of Current Financial Crimes On The Internet , 2001, Comput. Secur..

[26]  R. Paternoster,et al.  The deterrent effect of the perceived certainty and severity of punishment: A review of the evidence and issues , 1987 .

[27]  R. Willison Understanding and Addressing Criminal Opportunity: The Application of Situational Crime Prevention to IS Security , 2000 .

[28]  Lixuan Zhang,et al.  Hacking into the Minds of Hackers , 2007, Inf. Syst. Manag..