Technology and IT principles play an undeniable role in cybersecurity defense, but criminological security principles should not be overlooked.
As cybersecurity professionals overwhelmed with compliance requirements, regulations, and a multitude of tradecraft frameworks, we sometimes lose focus on what we really are at our roots. We are cybercrime fighters. We move through our day as cybersecurity leaders defending our organization’s employee data, customer data, and trade secrets from cybercriminals. As such, we must focus on our adversaries just as much as we focus on the people, processes, and technology used to defeat them. This is an all-too-often overlooked element of effective cybersecurity and when used correctly, this – along with aligning sound cybersecurity principles with the business goals of our organizations in a risk-based approach – can help an organization achieve cybersecurity efficacy.
Aligning cybersecurity practices to criminological and criminal justice principles is frequently overlooked in the cybersecurity industry because we tend to focus on IT fundamentals. In actuality, when technology is being used to facilitate a crime or the technology itself is the target of a crime – this is the very definition of cybercrime. Integrating criminological and criminal justice principles into a cybersecurity program helps to achieve effective cybercrime protection thereby protecting the assets of an organization as well as the personal and private data of its employees and consumers. Bottom line – when we are talking about cybersecurity, we’re often talking about fighting crime, and one proven technique used in criminology is the science of victimology…
Read Full Source: Dell Secureworks