A Conceptual Interdisciplinary Plug-and-Play Cyber Security Framework

Malicious cyber activities are no longer a matter of if but of when, and in our increasingly interconnected world, threats to our national sovereignty can come from unexpected sources and directions—a 360°globalised challenge. Cyber threats are increasingly important and strategically relevant in both developed and developing countries. Cyber security is one of the highest priority items on the global policy and national security agendas, and an increasingly challenging policy area for governments. Our thesis is that cyber security is no longer the preserve of any single country, entity, (industry) sector or disciplinary field because of the nature and extent of an increasingly connected and sophisticated technological and user bases. There is, therefore, a need to bring together perspectives and approaches from different disciplines and countries, and investigate what we can do singularly and collaboratively to secure our cyberspace and future. This essay proposes a conceptual framework that allows theories from different disciplines and different strategies, techniques and best practices to be “plugged-and-played” when studying/understanding and responding to malicious cyber activities. Three potential research topics are also identified to seek to provide more evidence to support the proposed framework.

[1]  G. Geis,et al.  Criminology: Explaining Crime and Its Context , 1991 .

[2]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[3]  George A. Akerlof The Market for “Lemons”: Quality Uncertainty and the Market Mechanism , 1970 .

[4]  W. Powell,et al.  The iron cage revisited institutional isomorphism and collective rationality in organizational fields , 1983 .

[5]  D. Sanger Obama Order Sped Up Wave of Cyberattacks Against Iran , 2012 .

[6]  T. Holt Examining the Forces Shaping Cybercrime Markets Online , 2013 .

[7]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[8]  A. Kellerman,et al.  The Constitution of Society : Outline of the Theory of Structuration , 2015 .

[9]  Kim-Kwang Raymond Choo,et al.  Criminal Exploitation of Online Systems by Organised Crime Groups , 2008 .

[10]  Petter Bae Brandtzæg,et al.  Social Networking Sites: Their Users and Social Implications - A Longitudinal Study , 2012, J. Comput. Mediat. Commun..

[11]  Virginia Chanley,et al.  DOD Supply Chain: Suspect Counterfeit Electronic Parts Can Be Found on Internet Purchasing Platforms , 2012 .

[12]  Richard Baskerville,et al.  Power and Practice in Information Systems Security Research , 2008, ICIS.

[13]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[14]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic Analysis of Cloud Storage Data Remnants , 2013 .

[15]  Jean Hitchings,et al.  Deficiencies of the traditional approach to information security and the requirements for a new methodology , 1995, Comput. Secur..

[16]  I. Ajzen The theory of planned behavior , 1991 .

[17]  Barack Obama,et al.  Executive Order 13636: Improving Critical Infrastructure Cybersecurity , 2013 .

[18]  Robert J. Bursik,et al.  Economic deprivation and neighborhood crime rates, 1960-1980 , 1993 .

[19]  Ronald L. Akers,et al.  Social learning and social structure : a general theory of crime and deviance , 1999 .

[20]  Kim-Kwang Raymond Choo Organised crime groups in cyberspace: a typology , 2008 .

[21]  Michael R. Gottfredson,et al.  A general theory of crime. , 1992 .

[22]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[23]  Ronald V. Clarke,et al.  Become a Problem-Solving Crime Analyst , 2003 .

[24]  Ron Weber,et al.  Theory Building in the Information Systems Discipline: Some critical reflections , 2012 .

[25]  Kim-Kwang Raymond Choo,et al.  The cyber threat landscape: Challenges and future research directions , 2011, Comput. Secur..

[26]  Fawn T. Ngo,et al.  Cybercrime Victimization: An Examination of Individual and Situational Level Factors , 2011 .

[27]  W. Scott Institutions and Organizations: Ideas and Interests , 2007 .

[28]  Ronald L. Akers,et al.  Deviant behavior;: A social learning approach , 1973 .

[29]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[30]  Mark Stephen Anderson,et al.  Towards Countering the Rise of the Silicon Trojan , 2008 .

[31]  T. Szasz Fatal Freedom: The Ethics and Politics of Suicide , 1998 .

[32]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[33]  Lawrence E. Cohen,et al.  Social Change and Crime Rate Trends: A Routine Activity Approach , 1979 .

[34]  W. F. Skinner,et al.  A Social Learning Theory Analysis of Computer Crime among College Students , 1997 .

[35]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[36]  Kim-Kwang Raymond Choo,et al.  iOS Anti-forensics: How Can We Securely Conceal, Delete and Insert Data? , 2014, 2014 47th Hawaii International Conference on System Sciences.

[37]  D. Sanger Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power , 2012 .

[38]  Kim-Kwang Raymond Choo,et al.  Cybercrime and Online Safety in Cyberspace , 2009 .

[39]  Kim-Kwang Raymond Choo,et al.  Cloud computing and its implications for cybercrime investigations in Australia , 2013, Comput. Law Secur. Rev..

[40]  Kym Bergmann Strong and secure: A strategy for Australia's national security , 2013 .

[41]  R. Merton Social Structure and Anomie , 1938 .

[42]  Adam Sutton,et al.  Crime Prevention: Principles, Perspectives and Practices , 2008 .

[43]  Travis C. Pratt,et al.  Assessing Macro-Level Predictors and Theories of Crime: A Meta-Analysis , 2005, Crime and Justice.

[44]  R. Clarke Situational Crime Prevention: Successful Case Studies , 1992 .

[45]  Sebastiaan H. von Solms,et al.  Information Security - A Multidimensional Discipline , 2001, Comput. Secur..

[46]  M. Felson Crime and nature , 2006 .

[47]  Kim-Kwang Raymond Choo,et al.  A Study of Ten Popular Android Mobile VoIP Applications: Are the Communications Encrypted? , 2014, 2014 47th Hawaii International Conference on System Sciences.

[48]  Scott D. Applegate Cybermilitias and Political Hackers: Use of Irregular Forces in Cyberwarfare , 2011, IEEE Security & Privacy.

[49]  R. W. Rogers,et al.  Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change , 1983 .

[50]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[51]  R. Agnew Foundation for a General Strain Theory of Crime and Delinquency , 1992, Crime, Inequality and the State.

[52]  M. Felson,et al.  Crime and Everyday Life , 1998 .

[53]  Rossouw von Solms,et al.  Information security obedience: a definition , 2005, Comput. Secur..

[54]  Christian Aghroum,et al.  Foreign spies stealing US economic secrets in cyberspace. Report to Congress on foreign economic collection and industrial espionage. 2009-2011 , 2012 .

[55]  Robert C. Davis,et al.  The prevention of crime : social and situational strategies , 1998 .

[56]  M. Williams,et al.  Perceptions of the eCrime controllers: Modelling the influence of cooperation and data source factors , 2015 .

[57]  Shirley Gregor,et al.  Information Systems Foundations: Theory Building in Information Systems , 2012 .

[58]  M. Findlay,et al.  Taking crime out of crime business , 2012 .

[59]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[60]  Darren Shou,et al.  Ethical Considerations of Sharing Data for Cybersecurity Research , 2011, Financial Cryptography Workshops.