Download Distributed and Embedded Systems (DIES)

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
Document related concepts

Information security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Mobile security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Cyberattack wikipedia , lookup

Computer security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Crime Science +
Information Security =
Cyber Crime Science
Pieter Hartel
Marianne Junger
Roel Wieringa
25-5-2017
1
What is the synergy?
Two complementary questions
 How can Crime Science (CS) help
Information Security?
 How can Information Security be
used to prevent Cyber Crime?
25/05/2017
2
METHOD
 Systematic review of information
technology literature
 Crime Science theories
 Not quantified
25/05/2017
3
MAIN POINTS
1. What has crime science to offer?
25/05/2017
4
1.1 Conceptual framework
 Routine activities approach
 Crime pattern theory
 Rational choice model of crime
25/05/2017
5
1.2 Situational prevention
 Situational crime prevention tools
 ‘25 techniques of crime preventions
 Checklists, e.g.: “CRAVED” & others
25/05/2017
6
CS: Routine activities approach (1)
Clarke & Eck
25/05/2017
7
CS: Routine activities approach
When RAA is translated to fit cyber-crime
1.
RA = daily flow of online actions
2.
Offenders: insiders / outsiders / specialized
access
3.
Who are the guardians?
25/05/2017
8
CS: Routine activities approach
Who are the guardians?
http://www.auctionbytes.com/cab/abu/y205/m02/abu0136/s02
25/05/2017
9
CS: Routine activities approach
Place
1.
IP address? Easy to change/Difficult to trace
2.
Mobile base station of mobile phone, or
address of ISP, wireless access point
3.
Cliques: social networks
4.
Online harassment: via social networks =
‘virtual meeting place’
25/05/2017
10
CS: Routine activities approach
Time

Physical world: crime as serial

Cyber world: at the same time: thousands of
‘crimes’ - phishing mails, etc.
25/05/2017
11
CS: Routine activities approach
In a cyber-physical world:

What distinguishes insiders from outsiders (or specialized
access from regular access)

Some people are both insiders and outsiders (e.g. consultants,
free lancers, outsourcing providers)

Can we observe the routine activities of potential offenders?

What deterrence techniques are available for these categories
and how effective are these techniques?

Can we manipulate the value of stolen digital goods?

What is proximity in a cyber-physical world?
25/05/2017
12
CS: Crime Pattern theory (2)
 Offenders find opportunities for crime
during the daily journey between home,
work, and leisure.
 Crime usually occurs in specific patterns
and it is usually concentrated at particular
places, and at particular times, i.e. hot
spots.
25/05/2017
13
CS: Crime Pattern theory
 Prevention focuses on hotspot/hot times
 What are hotspots/hot times in cyberspace?
 Cyber criminals:
 Move physically
 Digitally ‘surf the net’
25/05/2017
14
CS: Crime Pattern theory
 Can we monitor them, and how?
 Anonymity is easy in cyber-space and hard
to lift
 We have to adapt law?
25/05/2017
15
CS: Rational choice model of crime (3)
 Criminal actors make a quick
cost/benefit analysis of expected
consequences of a crime
 Is this similar in cyber space?
25/05/2017
16
25 techniques of crime prevention
 In physical world
25/05/2017
17
25/05/2017
18
25 techniques of crime prevention
 In cyber space ?
25/05/2017
19
25 techniques of information security
25/05/2017
20
25 techniques of information security
(1) A password or pin code used to authenticate a user;
(2) Encryption of data to ensure that once encrypted, data can be
read only when the correct decryption key is known;
(3) A Firewall that is used to stop potentially malicious connections
to a computer or network;
(4) A De-Militarized Zone (DMZ) used to isolate the public web
server of an organization from the internal network;
(5) An Intrusion Detection System (IDS) used to stop potentially
malicious information being sent to a computer or network;
(6) A Virus scanner used to detect malicious code in the information
being sent to a computer or network
25/05/2017
21
25 techniques of information security
(7) Prompt software patching to remove vulnerabilities as soon as a
correction has been published;
(8) An RFID tag used to provide information about the product to which it
is attached;
(9) The Caller-ID feature of the Phone system used to inform the
recipient of a telephone call who is calling;
(10) An Audit log used to collect relevant operational data that can be
analyzed when there is an incident;
(11) An ISP used to assist its clients in using the information super
highway responsibly; (12) User education, which is included in the list
to show that we interpret Information Security in a broad sense
25/05/2017
22
CONCLUSION
More ‘truly’ multi-disciplinary work
 We (criminologists) can learn for
information security
 Information security can learn from
us: theory/research methods
25/05/2017
23
Related documents
Chapter 5 Biological Explanations
Chapter 5 Biological Explanations
Instructor Rubric for Presentations
Instructor Rubric for Presentations
PUBLIC ORDER CRIMES 13
PUBLIC ORDER CRIMES 13
Sociology-subject-presentation-2014
Sociology-subject-presentation-2014
International Organized Crime
International Organized Crime
WWW Lab1
WWW Lab1
Sustainable Consumption & Production
Sustainable Consumption & Production
Document
Document
Tapeworm Diseases - AAP Red Book
Tapeworm Diseases - AAP Red Book
Document
Document
Back to School 2006
Back to School 2006
Math 130
Math 130
Slide 1
Slide 1
Marketing Essentials: Intro to Marketing
Marketing Essentials: Intro to Marketing