Full Description
In this book academic and police officer Erik van de Sandt researches the security practices of cyber criminals. While their protective practices are not necessarily deemed criminal by law, the countermeasures of cyber criminals frequently deviate from prescribed bona fide cyber security standards. This book is the first to present a full picture on these deviant security practices, based on unique access to confidential police sources related to some of the world's most serious and organized cyber criminals. The findings of this socio-technical-legal research prove that deviant security is an academic field of study on its own, and will help a non-technical audience to understand cyber security and the challenges of investigating cyber crime.
Contents
Foreword
List of Figures and Tables
Nomenclature
1 Introduction
1.1 Research Direction & Objectives
1.2 Who Should Read This Book & Why?
1.3 Methodological Approach
1.4 Novel Contributions
1.5 Outline of the Book
PART 1
Current Perspectives on Security
2 'Good Guy' Perspectives on Security
2.1 Security as an Ongoing Process
2.2 Current Perspective on Technical Computer Security
2.3 Current Perspectives on Cyber Security & Cyber Crimes
2.3.1 Why Cyber Crime is (not) Cyber Security
2.3.2 Border-Centric View on Cyber Security & Cyber Crimes
2.3.3 Borderless View on Cyber Security & Cyber Crimes
2.4 Interim Conclusion and Discussion
3 Touching upon Security Controls of Cyber Criminals
3.1 Computer Science & Engineering Literature
3.1.1 Anti-Forensics
3.1.2 Botnet Protection
3.1.3 Authorship Analysis
3.1.4 Attacker Economics
3.1.5 Interim Conclusion & Discussion
3.2 Social Science Literature
3.3 Legal Studies
3.4 Interim Conclusion and Discussion
PART 2
Researching Cyber Crime and Deviant Security
4 A Multidisciplinary Approach for Deviant Security
4.1 Descriptive: Grounded Theory for Deviant Security Practices
4.1.1 Cyber Criminal and Cyber Security Participants
4.1.2 Secondary Data Sources
4.1.3 Data Collection, Analysis and Writing
4.2 Explanatory: Information Age & Microeconomic Theory
4.2.1 Deviant Security in the Information Age
4.2.2 The Microeconomics of Deviant Security
4.3 Limitations
4.4 Ethical Issues
PART 3
A Theory on Deviant Security
5 What? - Basic Qualities of Deviant Security
5.1 Definition: What Makes Security Deviant?
5.2 Meaning: Subjective Condition
5.3 Provision: Club, Common, Private and Public Good
5.4 Function: An Asset To Protect Assets
5.5 Form: Intangible and Tangible Products & Services
5.6 Interim Conclusion and Discussion
6 Who? - Interactive Qualities of Deviant Security
6.1 Autarkic & Autonomous Referent Objects
6.2 DevSec Providers & Services
6.3 Threat Agents & Attacks
6.4 Information Asymmetries in Intertwined Networks
6.5 Deception as Deviant Security Control
6.6 Trust and Distrust as Deviant Security Controls
6.7 Interim Conclusion and Discussion
7 When & Where? - Temporal-Spatial Qualities of Deviant Security
7.1 Countermeasures Against Data Volatility & Retention
7.2 Intercultural Communication as a Countermeasure
7.3 Distribution as a Countermeasure
7.4 Physical Deviant Security
7.5 Interim Conclusion and Discussion
8 Investigative Responses Against Deviant Security
8.1 Security-Driven Investigations That Provide Human Security
8.2 Investigations as a Public Service With Multiple Outcomes
8.3 Technical Harmonization for a Global Investigation System
8.4 Reactive & Proactive Investigations on Commission & Protection
8.5 Data Scientific Investigations that Serve the Public Interest
8.6 Interim Conclusion & Discussion
PART 4
Conclusions
9 The Outlook of Deviant Security
9.1 Research Objectives Reiterated
9.2 A Filled-In Deviant Security Process Cycle
9.3 Summary of Findings
9.4 Moving Forward From Findings
9.5 Concluding Remarks
Bibliography
Index
