Abstract
The current evolution of the cyber-threat ecosystem shows that no organization can be considered invulnerable against security breach. It is therefore important to highlight exogenous factors other than those related to an organization’s security posture to predict security breach incidents.
We present “Beyond Locks and Keys”, a framework that analyzes the projection of crime theories applied in science of victimology, to study the risk of victimization to security breach in cyber space. Factors that could be associated to information security breach in organizations are studied through hypotheses extracted from crime theories. Victimization risk analysis is built by creating a comprehensive profile for each organization, capturing its characteristics, and grouping them in constructs used to measure the likelihood of data breach. We use structural equation modeling and statistical hypothesis testing approach to build our framework. We evaluate the validity of our model on a dataset of 4868 organizations based in the United states (US) collected between the years 2018 and 2020.
“Beyond Locks and Keys” highlights the importance of exogenous factors, besides the technical security ones, that contribute to the understanding of victimization risk to security breach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mansfield-Devine, S.: IBM: cost of a data breach (2022)
Data Breach Report, Tech. rep., Ponemon Institute, IBM (2019)
Thales Data Threat Report, Tech. rep., Thales (2022)
Straub, J.: Evaluating the use of technology readiness levels (TRLS) for cybersecurity systems. In: 2021 IEEE International Systems Conference (SysCon), pp. 1–6. IEEE (2021)
Da Veiga, A., Astakhova, L.V., Botha, A., Herselman, M.: Defining organisational information security culture—perspectives from academia and industry. Comput. Secur. 92, 101713 (2020)
Gupta, R., Tanwar, S., Tyagi, S., Kumar, N.: Machine learning models for secure data analytics: a taxonomy and threat model. Comput. Commun. 153, 406–440 (2020)
Harris, D., Khan, L., Paul, R., Thuraisingham, B.: Standards for secure data sharing across organizations. Comput. Stand. Interfaces 29(1), 86–96 (2007)
Hammouchi, H., Nejjari, N., Mezzour, G., Ghogho, M., Benbrahim, H.: Strisk: a socio-technical approach to assess hacking breaches risk. IEEE Trans. Depend. Secure Comput. 20(2), 1074–1087 (2022)
Hu, J., Vasilakos, A.V.: Energy big data analytics and security: challenges and opportunities. IEEE Trans. Smart Grid 7(5), 2423–2436 (2016)
Wieringa, J., Kannan, P., Ma, X., Reutterer, T., Risselada, H., Skiera, B.: Data analytics in a privacy-concerned world. J. Bus. Res. 122, 915–925 (2019)
Nejjari, N., Lahlou, S., Fadi, O., Zkik, K., Oudani, M., Benbrahim, H.: Conflict spectrum: an empirical study of geopolitical cyber threats from a social network perspective. In: 2021 Eighth International Conference on Social Network Analysis, Management and Security (SNAMS), pp. 01–07. IEEE (2021)
Natarajan, M.: Crime opportunity theories: routine activity, rational choice and their variants. Routledge (2017)
Felson, M., Clarke, R.V.: Opportunity makes the thief, police research series, paper 98 (1–36) (1998) 10
Miethe, T.D., Meier, R.F.: Crime and its social context: toward an integrated theory of offenders, victims, and situations. Suny Press (1994)
Hindelang, M.J., Gottfredson, M.R., Garofalo, J.: Victims of personal crime: an empirical foundation for a theory of personal victimization. Ballinger Cambridge, MA (1978)
Cohen, L.E., Felson, M.: Social change and crime rate trends: a routine activity approach, American sociological review 588–608 (1979)
Alshalan, A.: Cyber-crime fear and victimization: an analysis of a national survey
Yang, Y., Green, S.B.: Coefficient alpha: a reliability coefficient for the 21st century? J. Psycho Educ. Assess. 29(4), 377–392 (2011)
Canatay, A., Emegwa, T., Lybolt, L.M., Loch, K.D.: Reliability assessment in SEM models with composites and factors: a modern perspective. Data Anal. Perspect. J. 3(1), 1–6 (2022)
Babin, B.J., Svensson, G.: Structural equation modeling in social science research: issues of validity and reliability in the research process. Eur. Bus. Rev. 24(4), 320–330 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Nejjari, N., Zkik, K., Benbrahim, H., Ghogho, M. (2023). Beyond Locks and Keys: Structural Equation Modeling Based Framework to Explore Security Breaches Through the Lens of Crime Theories. In: Mohaisen, D., Wies, T. (eds) Networked Systems. NETYS 2023. Lecture Notes in Computer Science, vol 14067. Springer, Cham. https://doi.org/10.1007/978-3-031-37765-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-37765-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-37764-8
Online ISBN: 978-3-031-37765-5
eBook Packages: Computer ScienceComputer Science (R0)