Securing IS assets through hacker deterrence: A case study

Computer crime is a topic prevalent in both the research literature and in industry, due to a number of recent high-profile cyber attacks on e-commerce organizations. While technical means for defending against internal and external hackers have been discussed at great length, researchers have shown a distinct preference towards understanding deterrence of the internal threat and have paid little attention to external deterrence. This paper uses the criminological thesis known as Broken Windows Theory to understand how external computer criminals might be deterred from attacking a particular organization. The theory's focus upon disorder as a precursor to crime is discussed, and the notion of decreasing public IS disorder to create the illusion of strong information systems security is examined. A case study of a victim e-commerce organization is reviewed in light of the theory and implications for research and practice are discussed.

[1]  Gurpreet Dhillon,et al.  Computer crimes: theorizing about the enemy within , 2001, Comput. Secur..

[2]  Keith Buzzard,et al.  Computer security - What should you spend your money on? , 1999, Comput. Secur..

[3]  J. Wilson,et al.  BROKEN WINDOWS: THE POLICE AND NEIGHBOURHOOD SAFETY , 1982 .

[4]  Lixuan Zhang,et al.  Hacking into the Minds of Hackers , 2007, Inf. Syst. Manag..

[5]  Mark J. Martinko,et al.  Impression Management in Organizations , 1988 .

[6]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[7]  C. Bryan Foltz,et al.  Cyberterrorism, computer crime, and reality , 2004, Inf. Manag. Comput. Secur..

[8]  Marios Damianides Sarbanes–Oxley and it Governance: New Guidance on it Control and Compliance , 2005, Inf. Syst. Manag..

[9]  Wesley G. Skogan,et al.  Fixing Broken Windows: Restoring Order and Reducing Crime in Our Communities by George L. Kelling and Catherine M. Coles:Life in the Gang: Family, Friends, and Violence , 1997 .

[10]  Hal Berghel Wireless infidelity I: war driving , 2004, CACM.

[11]  James Backhouse,et al.  Opportunities for computer crime: considering systems risk from a criminological perspective , 2006, Eur. J. Inf. Syst..

[12]  William Morris The American Heritage dictionary of the English language , 1969 .

[13]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[14]  Carol Stoak Saunders,et al.  Electronic window dressing: impression management with Websites , 2003, Eur. J. Inf. Syst..

[15]  Ronald V. Clarke,et al.  “Situational” Crime Prevention: Theory and Practice , 1980 .

[16]  R. Willison Understanding and Addressing Criminal Opportunity: The Application of Situational Crime Prevention to IS Security , 2000 .

[17]  Robert Boncella Wireless Security: An Overview , 2002, Commun. Assoc. Inf. Syst..

[18]  Linda Steg,et al.  The Spreading of Disorder , 2008, Science.

[19]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[20]  Robert Willison,et al.  Understanding the offender/environment dynamic for computer crimes , 2005, Inf. Technol. People.

[21]  Lixuan Zhang,et al.  Inhibitors of Two Illegal Behaviors: Hacking and Shoplifting , 2007, J. Organ. End User Comput..

[22]  Detmar W. Straub,et al.  Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[23]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[24]  Hai Nguyen,et al.  Security Breach: The Case of TJX Companies, Inc , 2008, Commun. Assoc. Inf. Syst..

[25]  Gurvirender P. Tejay,et al.  Developing insider attack detection model: A grounded approach , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[26]  Peter Hoath,et al.  Hacking: Motivation and deterrence, part II , 1998 .

[27]  J. Wildgen,et al.  "Broken windows" and the risk of gonorrhea. , 2000, American journal of public health.

[28]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[29]  Tom Butler,et al.  Towards a hermeneutic method for interpretive research in information systems , 1998, J. Inf. Technol..

[30]  Allen S. Lee Electronic Mail as a Medium for Rich Communication: An Empirical Investigation Using Hermeneutic Interpretation , 1994, MIS Q..

[31]  Keven G. Ruby,et al.  The Insider Threat to Information Systems , 2022 .