Organizational Data Breaches 2005-2010: Applying SCP to the Healthcare and Education Sectors

By Collins, Jason D.; Sainato, Vincenzo A. et al. | International Journal of Cyber Criminology, January-July 2011 | Go to article overview

Organizational Data Breaches 2005-2010: Applying SCP to the Healthcare and Education Sectors


Collins, Jason D., Sainato, Vincenzo A., Khey, David N., International Journal of Cyber Criminology


(ProQuest: ... denotes formula omitted.)

Introduction

Situational crime prevention (SCP) is a practical application of routine activity theory (RAT) that reduces the frequency of likely criminal opportunities (Felson & Clarke, 1998). Cohen and Felson (1979) originally proposed RAT when attempting to analyze the increase in crime rates following World War II. Specifically, these researchers developed a criminal theory that focused on the environmental 'opportunities for crime' to occur characterizing the temporal and spatial attributes of a criminal transgression. Their model stated that a criminal act possessed three fundamental variables: (1) a suitable target, (2) a motivated offender, and (3) the absence of a capable guardian. Essentially, when a potential criminal opportunity arises the act will occur at a juncture in time and space between a motivated offender and a suitable target for victimization. This crime will ultimately take place in a location that lacks a capable guardian to protect the 'suitable target,' which is considered to be either a vulnerable person or one's unguarded property. Thus, the absence of any one of these three situational factors should theoretically make the commission of a crime impossible (Davis, 2002). As a result, routine activity theory is considered to be a macro-level theory applicable to numerous types of crime as it seeks to explain the criminal victimization process and not a criminal's specific motivations (Akers & Sellers, 2009).

Information Security (IS) officers can use SCP to reduce the possible motives for an offender to engage in crime by: increasing the effort and risks of a crime; reducing the potential rewards and provocations; and removing the excuses for committing a crime (Willison & Siponen, 2009). SCP achieves these goals through a preventative technique called "target hardening" that identifies the specific situational exploits that allow criminals to commit an offense in a particular area (Felson & Clarke, 1998, p.27). Applications of target hardening include: installing entry-phones to apartment buildings to regulate access; visible security cameras and guards to deter crime; rapid clean up of graffiti to deny the visual benefit to an offender; and requiring registration at the front desk of a hotel to discourage people from leaving without paying.

Willison and Siponen (2009) applied SCP methodology to the information technology (IT) divisions of corporations in an effort to deter employees from stealing valuable information from the company. An effective way of applying SCP techniques is through the creation of 'crime scripts'4 that outline the various steps potential offenders would need to execute in order to circumvent security measures and gain access to the restricted areas of an organization. Consequently, these scripts allow security officers to devise countermeasures for each step preventing these would-be offenders from taking advantage of ambiguities in an organization's security procedures. For example, if an offender knew where a coworker wrote down their passwords they could potentially access the employee's account without their knowledge. To deter this scenario from unfolding, a crime script would recommend that the company respond by reducing the number of passwords employees have to remember, incorporate biometric technology into login procedures, or mandate that the staff attend refresher classes on basic security protocols. Thus, incorporating SCP practices into corporate security procedures can be advantageous in reducing the number of deliberate and accidental security breaches.

Highlighting the current procedures for security threats within corporations, Willison (2008) found that roughly fifty percent of the security breaches reported in the 2004 CSI/FBI Computer Crime Security Survey and the 2006 Global Security Survey occurred within the victimized organization. Furthermore, it was discovered that much of the literature on IS does not employ a concrete analytical theory in their research. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Organizational Data Breaches 2005-2010: Applying SCP to the Healthcare and Education Sectors
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.