The Deviant Security Practices of Cyber Crime

Erik H.A. van de Sandt, Ph.D. (2019), University of Bristol, is research fellow in cyber security at that university, practitioner-in-residence at the UK’s National REPHRAIN Centre and police officer in the National High Tech Crime Unit of the Dutch national police.

Foreword

List of Figures and Tables

Nomenclature



1 Introduction

 1.1 Research Direction & Objectives

 1.2 Who Should Read This Book & Why?

 1.3 Methodological Approach

 1.4 Novel Contributions

 1.5 Outline of the Book



PART 1

Current Perspectives on Security



2 ‘Good Guy’ Perspectives on Security

 2.1 Security as an Ongoing Process

 2.2 Current Perspective on Technical Computer Security

 2.3 Current Perspectives on Cyber Security & Cyber Crimes

  2.3.1 Why Cyber Crime is (not) Cyber Security

  2.3.2 Border-Centric View on Cyber Security & Cyber Crimes

  2.3.3 Borderless View on Cyber Security & Cyber Crimes

 2.4 Interim Conclusion and Discussion



3 Touching upon Security Controls of Cyber Criminals

 3.1 Computer Science & Engineering Literature

  3.1.1 Anti-Forensics

  3.1.2 Botnet Protection

  3.1.3 Authorship Analysis

  3.1.4 Attacker Economics

  3.1.5 Interim Conclusion & Discussion

 3.2 Social Science Literature

 3.3 Legal Studies

 3.4 Interim Conclusion and Discussion



PART 2

Researching Cyber Crime and Deviant Security



4 A Multidisciplinary Approach for Deviant Security

 4.1 Descriptive: Grounded Theory for Deviant Security Practices

  4.1.1 Cyber Criminal and Cyber Security Participants

  4.1.2 Secondary Data Sources

  4.1.3 Data Collection, Analysis and Writing

 4.2 Explanatory: Information Age & Microeconomic Theory

  4.2.1 Deviant Security in the Information Age

  4.2.2 The Microeconomics of Deviant Security

 4.3 Limitations

 4.4 Ethical Issues



PART 3

A Theory on Deviant Security



5 What? – Basic Qualities of Deviant Security

 5.1 Definition: What Makes Security Deviant?

 5.2 Meaning: Subjective Condition

 5.3 Provision: Club, Common, Private and Public Good

 5.4 Function: An Asset To Protect Assets

 5.5 Form: Intangible and Tangible Products & Services

 5.6 Interim Conclusion and Discussion



6 Who? – Interactive Qualities of Deviant Security

 6.1 Autarkic & Autonomous Referent Objects

 6.2 DevSec Providers & Services

 6.3 Threat Agents & Attacks

 6.4 Information Asymmetries in Intertwined Networks

 6.5 Deception as Deviant Security Control

 6.6 Trust and Distrust as Deviant Security Controls

 6.7 Interim Conclusion and Discussion



7 When & Where? – Temporal-Spatial Qualities of Deviant Security

 7.1 Countermeasures Against Data Volatility & Retention

 7.2 Intercultural Communication as a Countermeasure

 7.3 Distribution as a Countermeasure

 7.4 Physical Deviant Security

 7.5 Interim Conclusion and Discussion



8 Investigative Responses Against Deviant Security

 8.1 Security-Driven Investigations That Provide Human Security

 8.2 Investigations as a Public Service With Multiple Outcomes

 8.3 Technical Harmonization for a Global Investigation System

 8.4 Reactive & Proactive Investigations on Commission & Protection

 8.5 Data Scientific Investigations that Serve the Public Interest

 8.6 Interim Conclusion & Discussion



PART 4

Conclusions



9 The Outlook of Deviant Security

 9.1 Research Objectives Reiterated

 9.2 A Filled-In Deviant Security Process Cycle

 9.3 Summary of Findings

 9.4 Moving Forward From Findings

 9.5 Concluding Remarks



Bibliography

Index