TY - JOUR
T1 - Understanding and Addressing Criminal Opportunity
T2 - The Application of Situational Crime Prevention to IS Security
AU - Willison, R.
PY - 2000/1/1
Y1 - 2000/1/1
N2 - This paper examines the concept of criminal opportunity. More precisely, it focuses on the nature of such opportunities that are to be found within an IS context, and the threat posed by dishonest staff who may act on them. Although hackers and their activities may be given ample column space in the lay press, the potential threat posed by dishonest staff should not be underestimated. The 1998 NCC Business Information Survey reports that the greatest risk of security breaches arose from the activities of personnel within organisations, accounting for nearly 52 per cent of all (physical and logistical) security breaches detected. Similarly, the 1998 CSI/FBI Survey found that the largest single source of financial loss (almost 37 per cent) was attributable to unauthorised insider access. These facts are not lost on security practitioners who, as a rule of thumb, work on the principle that 25 per cent of people are dishonest whenever possible, 25 per cent are always honest and 50 per cent can be either, depending on the nature of security controls and personal motivation.
AB - This paper examines the concept of criminal opportunity. More precisely, it focuses on the nature of such opportunities that are to be found within an IS context, and the threat posed by dishonest staff who may act on them. Although hackers and their activities may be given ample column space in the lay press, the potential threat posed by dishonest staff should not be underestimated. The 1998 NCC Business Information Survey reports that the greatest risk of security breaches arose from the activities of personnel within organisations, accounting for nearly 52 per cent of all (physical and logistical) security breaches detected. Similarly, the 1998 CSI/FBI Survey found that the largest single source of financial loss (almost 37 per cent) was attributable to unauthorised insider access. These facts are not lost on security practitioners who, as a rule of thumb, work on the principle that 25 per cent of people are dishonest whenever possible, 25 per cent are always honest and 50 per cent can be either, depending on the nature of security controls and personal motivation.
UR - http://www.scopus.com/inward/record.url?scp=84993077822&partnerID=8YFLogxK
U2 - 10.1108/eb025940
DO - 10.1108/eb025940
M3 - Review article
AN - SCOPUS:84993077822
SN - 1359-0790
VL - 7
SP - 201
EP - 210
JO - Journal of Financial Crime
JF - Journal of Financial Crime
IS - 3
ER -