Abstract
This chapter examines a broad range of techniques known as situational crime prevention (SCP). This form of intervention takes cues from a host of theoretical perspectives and involves the design and manipulation of the environment to make offenders’ decisions to become involved in crime less attractive. The use of SCP is widespread in traditional contexts and is by far the most commonly deployed form of intervention in the prevention of cybercrime. Though extensive criminological research has found that SCP techniques can be successfully applied in traditional settings, it is still unclear whether SCP interventions can effectively prevent cybercrime. This chapter scrutinises available empirical evidence regarding the potential effect of SCP approaches (e.g. target hardening, surveillance, posting instructions) in deterring offenders from engaging in and escalating cybercrimes. It concludes by revealing the limitations of SCP in preventing cybercrime, as well as by elucidating the most promising configurations of SCP interventions in digital contexts moving forward.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
It is important to note that evidence reviewed did not include findings which reported results of scans performed under lab conditions (of either collected or synthesised samples of attacks). Although valuable for providing insights regarding specific features of these tools and policies, these examinations are not representative of real-life situations since they do not account for human, organisational, environmental, and other external factors that may influence the performance and execution of these tools in the field.
References
Algaith, A., Gashi, I., Sobesto, B., Cukier, M., Haxhijaha, S., & Bajrami, G. (2016, June 28–July 1). Comparing detection capabilities of antivirus products: An empirical study with different versions of products from the same vendors. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W) (pp. 48–53). IEEE. https://doi.org/10.1109/DSN-W.2016.45.
Atzeni, A., & Lioy, A. (2006). Why to adopt a security metric? A brief survey. In D. Gollmann, F. Massacci, & A. Yautsiukhin (Eds.), Quality of protection: Advances in information security (Vol. 23, pp. 1–12). Boston, MA: Springer. https://doi.org/10.1007/978-0-387-36584-8_1.
AV Comparatives. (2011). On demand detection of malicious software. Available at https://www.av-comparatives.org/images/stories/test/ondret/avc_od_feb2011.pdf. Accessed 15 June 2019.
Bace, R., & Mell, P. (2001). NIST special publication on intrusion detection systems. Retrieved from the Defense Technical Information Center (ADA393326).
Bell, J., & Burke, B. (1992). Cruising Cooper Street situational crime prevention: Successful case studies (2nd ed.). Guilderland, NY: Harrow and Heston.
Bennett, T., Holloway, K., & Farrington, D. P. (2009). A review of the effectiveness of neighbourhood watch. Security Journal, 22(2), 143–155. https://doi.org/10.1057/palgrave.sj.8350076.
Berlin, K., Slater, D., & Saxe, J. (2015). Malicious behavior detection using windows audit logs. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security (pp. 35–44). New York, NY: ACM. https://doi.org/10.1145/2808769.2808773.
Bishop, P., Bloomfield, R., Gashi, I., & Stankovic, V. (2011, November 29–December 2). Diversity for security: A study with off-the-shelf antivirus engines. In 2011 IEEE 22nd International Symposium on Software Reliability Engineering (pp. 11–19). IEEE. https://doi.org/10.1109/ISSRE.2011.15.
Blais, E., & Bacher, J.-L. (2007). Situational deterrence and claim padding: Results from a randomized field experiment. Journal of Experimental Criminology, 3(4), 337–352. https://doi.org/10.1007/s11292-007-9043-z.
Blakley, B. (2002, May 16–17). The measure of information security is dollars. In Proceedings (online) of the First Annual Workshop on Economics and Information Security (WEIS ’02) (pp. 1–4). Berkeley, CA.
Bonneau, J. (2012, May 20–23). The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In 2012 IEEE Symposium on Security and Privacy (pp. 538–552). IEEE. https://doi.org/10.1109/SP.2012.49.
Cazier, J. A., & Medlin, B. D. (2006). Password security: An empirical investigation into e-commerce passwords and their crack times. Information Systems Security, 15(6), 45–55. https://doi.org/10.1080/10658980601051318.
Ciocchetti, C. A. (2011). The eavesdropping employer: A twenty-first century framework for employee monitoring. American Business Law Journal, 48(2), 285–369. https://doi.org/10.1111/j.1744-1714.2011.01116.x.
Clarke, R. V. (1995). Situational crime prevention. Crime and Justice, 19, 91–150. https://doi.org/10.1086/449230.
Cornish, D. B., & Clarke, R. V. (2003). Opportunities, precipitators and criminal decisions: A reply to Wortley’s critique of situational crime prevention. Crime Prevention Studies, 16, 41–96.
Cozens, P. M., Saville, G., & Hillier, D. (2005). Crime prevention through environmental design (CPTED): A review and modern bibliography. Property Management, 23(5), 328–356. https://doi.org/10.1108/02637470510631483.
Crawford, A., & Evans, K. (2017). Crime prevention and community safety. In A. Leibling, S. Maruna, & L. McAra (Eds.), The Oxford handbook of criminology (6th ed., pp. 797–824). Oxford, UK: Oxford University Press. https://doi.org/10.1093/he/9780198719441.001.0001.
Crow, W. J., & Bull, J. L. (1975) Robbery deterrence: An applied behavioral science demonstration—Final report. La Jolla, CA: Western Behavioral Sciences Institute.
Dacey, R. F. (2003). Information security: Effective patch management is critical to mitigating software vulnerabilities. Washington, DC: General Accounting Office.
D’Arcy, J., & Herath, T. (2011). A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. European Journal of Information Systems, 20(6), 643–658. https://doi.org/10.1057/ejis.2011.23.
Décary-Hétu, D., & Giommoni, L. (2017). Do police crackdowns disrupt drug cryptomarkets? A longitudinal analysis of the effects of Operation Onymous. Crime, Law and Social Change, 67(1), 55–75. https://doi.org/10.1007/s10611-016-9644-4.
Eivazi, K. (2011). Computer use monitoring and privacy at work. Computer Law and Security Review, 27(5), 516–523. https://doi.org/10.1016/j.clsr.2011.07.003.
Eurostat. (2011). Nearly one third of internet users in the EU27 caught a computer virus. Available at https://ec.europa.eu/eurostat/documents/2995521/5028026/4-07022011-AP-EN.PDF/22c742a6-9a3d-456d-bedc-f91deb15481b. Accessed 15 June 2019.
Farrington, D. P. (1993). Understanding and preventing bullying. In M. Tonry (Ed.), Crime and justice: A review of research (Vol. 17, pp. 381–458). Chicago, IL: University of Chicago.
Faysel, M. A., & Haque, S. S. (2010). Towards cyber defense: Research in intrusion detection and intrusion prevention systems. IJCSNS International Journal of Computer Science and Network Security, 10(7), 316–325.
Florêncio, D., Herley, C., & van Oorschot, P. C. (2016). Pushing on string: The ‘don’t care’ region of password strength. Communications of the ACM, 59(11), 66–74. https://doi.org/10.1145/2934663.
Garg, A., Vidyaraman, S., Upadhyaya, S., & Kwiat, K. (2006, April 2–6). USim: A user behavior simulation framework for training and testing IDSes in GUI based systems. In Proceedings of the 39th Annual Symposium on Simulation (ANSS ’06) (pp. 196–203). Washington, DC: IEEE Computer Society. https://doi.org/10.1109-ANSS.2006.45.
Gerace, T., & Cavusoglu, H. (2009). The critical elements of the patch management process. Communications of the ACM, 52(8), 117–121. https://doi.org/10.1145/1536616.1536646.
Guerette, R. T., & Bowers, K. J. (2009). Assessing the extent of crime displacement and diffusion of benefits: A review of situational crime prevention evaluations. Criminology, 47(4), 1331–1368. https://doi.org/10.1111/j.1745-9125.2009.00177.x.
Guttman, B., & Roback, E. A. (1995). An introduction to computer security: The NIST handbook. Gaithersburg, MD: U.S. Department of Commerce.
Hassan, H. M., Reza, D. M., & Farkhad, M. A.-A. (2015). An experimental study of influential elements on cyberloafing from general deterrence theory perspective case study: Tehran subway organization. International Business Research, 8(3), 91. https://doi.org/10.5539/ibr.v8n3p91.
Homel, R., & Clarke, R. (1997). A revised classification of situational crime prevention techniques. In S. P. Lab (Ed.), Crime prevention at a crossroads (pp. 17–27). Cincinnati, OH: Anderson.
Howell, C. J., Cochran, J. K., Powers, R. A., Maimon, D., & Jones, H. M. (2017). System trespasser behavior after exposure to warning messages at a Chinese computer network: An examination. International Journal of Cyber Criminology, 11(1). https://doi.org/10.5281/zenodo.495772.
Hsiao, D. K., Kerr, D. S., & Madnick, S. E. (1979). Computer security. New York, NY: Academic Press.
Hutchings, A., Clayton, R., & Anderson, R. (2016, June 1–3). Taking down websites to prevent crime. In 2016 APWG Symposium on Electronic Crime Research (eCrime) (pp. 1–10). https://doi.org/10.1109/ECRIME.2016.7487947.
Hutchings, A., Pastrana, S., & Clayton, R. (2019). Displacing big data: How criminals cheat the system. In E. R. Leukfeldt & T. J. Holt (Eds.), Cybercrime: The human factor. Oxon, UK: Routledge.
Jeffrey, C. R., Hunter, R. D., & Griswold, J. (1987). Crime prevention and computer analysis of convenience store robberies in Tallahassee. Florida Police Journal, 34, 65–69.
Jones, H., Maimon, D., & Ren, W. (2016). Sanction threat and friendly persuasion effects on system trespassers’ behaviors during a system trespassing event. In T. Holt (Ed.), Cybercrime through an interdisciplinary lens (pp. 150–166). London, UK: Routledge. https://doi.org/10.4324/9781315618456.
Kambow, N., & Passi, L. K. (2014). Honeypots: The need of network security. International Journal of Computer Science and Information Technologies, 5(5), 6098–6101.
Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A., & Lagerström, R. (2017). Analyzing the effectiveness of attack countermeasures in a SCADA system. In Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids (pp. 73–78). New York, NY: ACM. https://doi.org/10.1145/3055386.3055393.
Lévesque, F. L., & Fernandez, J. M. (2014, August). Computer security clinical trials: Lessons learned from a 4-month pilot study. Paper presented at CSET ’14 7th Workshop on Cyber Security Exoerueetation and Test, San Diego, CA.
Lévesque, F. L., Fernandez, J. M., & Batchelder, D., & Young, G. (2016). Are they real? Real-life comparative tests of antivirus products. In Virus Bulletin Conference (pp. 1–11).
Lévesque, F., Nsiempba, J., Fernandez, J. M., Chiasson, S., & Somayaji, A. (2013). A clinical study of risk factors related to malware infections. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 97–108). New York, NY: ACM. https://doi.org/10.1145/2508859.2516747.
Lyu, M. R., & Lau, L. K. (2000). Firewall security: Policies, testing and performance evaluation. In Proceedings 24th Annual International Computer Software and Applications Conference (COMPSAC 2000) (pp. 116–121). IEEE.
Maimon, D., Alper, M., Sobesto, B., & Cukier, M. (2014). Restrictive deterrent effect of a warning banner in an attacked computer system. Criminology, 52, 33–59. https://doi.org/10.1111/1745-9125.12028.
Moore, A. D. (2000). Employee monitoring and computer technology: Evaluative surveillance v. privacy. Business Ethics Quarterly, 10(3), 697–709. https://doi.org/10.2307/3857899.
Nayak, K., Marino, D., Efstathopoulos, P., & Dumitraş, T. (2014). Some vulnerabilities are different than others. In A. Stavrou, H. Bos, & C. Portokalidis (Eds.), Research in Attacks, Intrusions and Defences (RAID 2014) (LNCS, Vol. 8688, pp. 426–446). Springer. https://doi.org/10.1007/978-3-319-11379-1_21.
PC Security Labs. (2013). Security solution review on Windows 8 platform. Technical report. PC Security Labs.
Rama, P., & Kulmala, R. (2000). Effects of variable message signs for slippery road conditions on driving speed and headways. Transportation Research, 3, 85–94. https://doi.org/10.1016/S1369-8478(00)00018-8.
Ramsbrock, D., Berthier, R., & Cukier, M. (2007, June 25–28). Profiling attacker behavior following SSH compromises. In 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’07) (pp. 119–124). IEEE. https://doi.org/10.1109/DSN.2007.76.
Scott, L., Crow, W. J., & Erickson, R. (1985). Robbery as robbers see it. Dallas, TX: Southland Corporation.
Seeberg, V. E., & Petrovic, S. (2007). A new classification scheme for anonymization of real data used in IDS benchmarking. In The Second International Conference on Availability, Reliability and Security (ARES 2007) (pp. 385–390). IEEE. https://doi.org/10.1109/ARES.2007.9.
Siponen, M., & Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5), 267–270. https://doi.org/10.1016/j.im.2008.12.007.
Sloan-Howitt, M., & Kelling, G. (1990). Subway graffiti in New York City: ‘Getting up’ vs. ‘meaning’ it and ‘cleaning’ it. Security Journal, 1(3), 131–136.
Stockman, M., Heile, R., & Rein, A. (2015). An open-source honeynet system to study system banner message effects on hackers. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology (pp. 19–22). New York, NY: ACM. https://doi.org/10.1145/2808062.2808069.
Sukwong, O., Kim, H. S., & Hoe, J. C. (2011). Commercial antivirus software effectiveness: An empirical study. Computer, 44(3), 63–70. https://doi.org/10.1109/MC.2010.187.
Surisetty, S., & Kumar, S. (2010). Is McAfee securitycenter/firewall software providing complete security for your computer? In 2010 Fourth International Conference on Digital Society (pp. 178–181). IEEE.
Testa, A., Maimon, D., Sobesto, B., & Cukier, M. (2017). Illegal roaming and file manipulation on target computers: Assessing the effect of sanction threats on system trespassers’ online behaviors. Criminology and Public Policy, 16(3), 689–726. https://doi.org/10.1111/1745-9133.12312.
Torres, J. M., Sarriegi, J. M., Santos, J., & Serrano, N. (2006). Managing information systems security: Critical success factors and indicators to measure effectiveness. In S. K. Katsikas, J. López, M. Backes, & S. Gritzalis (Eds.), Information security: ISC 2006 (Lecture Notes in Computer Science, Vol. 4176, pp. 530–545). Berlin, Germany: Springer. https://doi.org/10.1007/11836810_38.
Welsh, B. C., & Farrington, D. P. (2008a). Effects of closed circuit television surveillance on crime. Campbell Systematic Reviews, 17, 2–73. https://doi.org/10.4073/csr.2008.17.
Welsh, B. C., & Farrington, D. P. (2008b). Effects of improved street lighting on crime. Campbell Systematic Reviews, 13, 1–51. https://doi.org/10.4073/csr.2008.13.
Welsh, B. C., & Farrington, D. P. (2009). Making public places safer: Surveillance and crime prevention. New York, NY: Oxford University Press. https://doi.org/10.1093/acprof:oso/9780195326215.001.0001.
Wilson, T., Maimon, D., Sobesto, B., & Cukier, M. (2015). The effect of a surveillance banner in an attacked computer system: Additional evidence for the relevance of restrictive deterrence in cyberspace. Journal of Research in Crime and Delinquency, 52(6), 829–855. https://doi.org/10.1177/0022427815587761.
Wogalter, M. (2006). Purposes and scope of warnings. In M. Wogalter (Ed.), Handbook of warnings (pp. 3–10). Boca Raton: CRC Press.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 The Author(s)
About this chapter
Cite this chapter
Brewer, R., de Vel-Palumbo, M., Hutchings, A., Holt, T., Goldsmith, A., Maimon, D. (2019). Situational Crime Prevention. In: Cybercrime Prevention. Crime Prevention and Security Management. Palgrave Pivot, Cham. https://doi.org/10.1007/978-3-030-31069-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-31069-1_2
Published:
Publisher Name: Palgrave Pivot, Cham
Print ISBN: 978-3-030-31068-4
Online ISBN: 978-3-030-31069-1
eBook Packages: Law and CriminologyLaw and Criminology (R0)