NCJ Number
223733
Date Published
2008
Length
24 pages
Annotation
This chapter examines how situational crime prevention (SCP) can improve the security practitioner’s understanding of the offender/context relationship and improve information systems (IS) security practices.
Abstract
SCP focuses on preventing crime by increasing the effort the offender must exert in committing the crime, increase the risk of getting caught and punished, reduce the rewards that the crime will yield even if completed, reduce provocations that provide increased incentives to commit a crime, and remove excuses for committing crime. This chapter argues that these principles suit the security needs of organizations interested in making their information systems secure. Under the principles and tactics of SCP, IS security practitioners are given a systematic basis from which to view the range of opportunity-reducing options for addressing potential threats to the security of the organization’s information. Practitioners, however, are still faced with the problem of identifying appropriate controls for addressing specific crimes. In response to this problem, this chapter proposes the use of crime scripts that describe possible scenarios for abuse, theft, or criminal use of the organization’s information. The scripts encourage insight into the offender/context interaction that draws the security practitioner into the mindset and possible criminal methods of an offender. This, in turn, suggests to the practitioner how SCP principles can be injected into the script so as to deter the crime envisioned. For each crime script, the security practitioner applies SCP principles that address the crime elements within the context of the organization’s operations. 54 references