| Author | Message | ||
     Wade H. Baker (Wadehbaker) New member Username: Wadehbaker Post Number: 1 Registered: 3-2005 |
Because it is so closely related with non-technical crime, research in information security has drawn from social crime theories such as general deterrence theory. Not being familiar with that literature, I'm wondering if any of you could direct me to resources that I could read about other social or workplace crime deterrent/prevention theories. I'm specifically interested in theories providing models or frameworks for the use of control measures to prevent (rather than deter) crime. In other words, laws and regulations (like security policies) seek to deter criminal behavior but have no actual power to enforce. I'm trying to relate technical preventative measures (firewalls, access controls, etc) to social and workforce preventative measures (just a guess - jails, door locks, police). Any help would be much appreciated. | ||
| Matthew Roper, M.S. Guest |
Keep in mind that the theories for crime contradict each other. For example, classical theory ASSUMES that man is rational and THUS CHOOSES to commit crime. Confict criminology believes that man is pushed into crime by the powers that be, and thus had little choice in that behavior. "laws and regulations (like security policies) seek to deter criminal behavior but have no actual power to enforce."-You sound like you are looking for social bonding theories/social control theories. These are classical/neoclassical theories Routine Activities Theory by Cohen and Felson Rational Choice Theory by Clarke and Cornish Experiential Effect by Paternoster "workforce preventative measures" Defensible Space Theory by Oscar Newman "I'm specifically interested in theories providing models or frameworks for the use of control measures to prevent (rather than deter) crime." This sentence is confusing for me. I don't know if you are using the words "control measures" in the same context that I understand them. Second, if you deter crime, don't you prevent it? Or, are you implying that you want to stop the crime at the source? | ||
| Wade H. Baker (Wadehbaker) New member Username: Wadehbaker Post Number: 2 Registered: 3-2005 |
I am most likely misusing terminology that you are much more familiar with. Within infosec management, we classify tech controls according to the following descriptions: 1) Deterrents - passive controls that work to convince potential criminals not to instigate a crime (policies, training, warnings, etc). 2) Preventives - Active controls that reduce the probability of success once a criminal decides to attempt a crime. 3) Detective - When a crime happens, it is detected. 4) Recovery - controls that help an organization recover from a crime or to lower the cost/impact after a crime. General deterrence theory has been borrowed an applied in infosec literature, but I am not convinced that it is the best theory. It seems to weight control actions heavility to what I would call detrrent rather than the other 3. However, in my research, I have found a greater statistical relationship between the others (preventive, etc) and reduced crime than deterrent controls. I'm not sure if I am explaining it well. I'm hoping that there are some other theories that may incorporate crime controls similar to those described above. Maybe techno crime - because it can be highly anonymous - is not stopped by deterrent measures? I don't know. I really appreciate your help. I'll check out the things you mentioned in your post. | ||
| Matthew Roper, M.S. Guest |
In Criminology there is two kinds of deterrence. General deterrence is the population in question. Specific deterrence is the individual. For example, if someone is sent to jail, we hope that the individual decides not to do crime in the future--specific deterrence. We also hope that others like him (for example other theives) look to what has happened to him, and change their ways too. Deterrence theory in the real world appears to work better when applied to rich/educated people. However, it appears less predictive when applied to the lower class. Additionally, it appears more predictive when applied to property crimes rather than crimes of violence. For example, you probably wouldn't lose your self control when you are shoplifting a beer, but you may lose control if you got into a fight over your girlfriend. How does this apply to info tech? I will speculate here... Rational Choice Theory (a sister theory to deterrence theory) argues that people weigh the cost of getting caught with the potential reward. Perhaps hackers believe that the odds of getting caught are very minimal and the reward is so great that it is rational to commit the crime. Hope this helps. |