General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an...
Transcript of General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an...
![Page 1: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/1.jpg)
General Deterrence Theory and the
Individual DISCOVER THE DSD DIFFERENCE
Charles Wade
![Page 2: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/2.jpg)
FoundaBon of Deterrence Theory '
§ An organization uses coercive diplomacy1 to enable the adoption of desired behavior – such as a policy
§ Policy describes what behavior is either desired or undesired
Labor
The The Individual Organization
1Schelling, 1966 Pay
2
![Page 3: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/3.jpg)
FoundaBon of Deterrence Theory '
§ An employee can either choose to follow the policy or not § To be effective, the policy must also define the associated
punishment for failure to comply with the policy
1Schelling, 1966
3
![Page 4: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/4.jpg)
What is General Deterrence Theory? § General deterrence theory (GDT) poses that an individual’s
behavior can be altered through the use of a perceived punishment2
Undesired Behavior
Labor
The The Individual Organization
2Schelling, 1966;
Gibbs, 1975 Pay
4
![Page 5: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/5.jpg)
What is Perceived Punishment? '
§ The organization’s perspective of “perceived punishment” is the defined actions the organization thinks is needed to alter the behavior – may or may not be accurate
Value of Threat Punishment Mission/ Agent
Data
5
![Page 6: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/6.jpg)
What is General Deterrence Theory? '
§ The individual’s perceptive of a “perceived punishment” is more subjective § May be justified in the mind of the accidental attacker § Can they catch me? § Can they actually harm me?
§ The punishment must cause a fear of: § Pain § Publicity
6
![Page 7: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/7.jpg)
What is General Deterrence Theory?
§ “….assertions about deterrence are virtually meaningless unless they refer to specific properties of punishment….”3
§ Policy must define the actual punishment that will be imposed
3(Gibbs, 1975)
7
![Page 8: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/8.jpg)
Fear of Pain
8
“Whoever knowingly executes, or attempts to execute, any scheme or artifice with the intent….be fined not more than $1,000,000, or imprisoned not more than 10 years, or both.”4
§ Financial § Loss of Liberty
4(18 U.S. Code § 1031 - Major fraud against the United States)
![Page 9: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/9.jpg)
Fear of Celebrity
9
§ The fear of public knowledge or ridicule
§ The loss of credibility, trust, stature, etc.
§ Can be more powerful than “actual” pain
§ The dreaded “perp walk”
Image Copyright: NoondayNews
![Page 10: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/10.jpg)
The Effect of Educa>on
10
§ Undesired behavior and cybersecurity education have an inverse relationship
Undesired Behavior
Cybersecurity Education
![Page 11: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/11.jpg)
Which Educa>on Tool to Use
11
§ Depends on many variables § Type and nature of the system/data § User access § Technical and physical controls § Cost/benefit § Risk/reward § Morale of the organization
Warning Banner
Cybersecurity Education
Signed RoB
Published Audit Logs
Cybersecurity Training
![Page 12: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/12.jpg)
The “Other” Effect of Educa>on
12
§ Some individuals have an elevated risk tolerance level
§ May or may not be nefarious
Cybersecurity Education
Undesired Behavior
![Page 13: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/13.jpg)
Controls
13
§ GDT and education may not stop the accidental attacker
§ May justify action as a “greater good”
§ May forget part of the education
§ May fall victim to a malicious attacker
Cybersecurity Education
Undesired Behavior
Technical or Physical controls
![Page 14: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/14.jpg)
Controls
14
§ GDT and education may not stop the intentional attacker § Has some level of motivation to cause harm or other
act
Cybersecurity Education
Undesired Behavior
Technical or Physical controls
![Page 15: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/15.jpg)
What Can Be Done?
15
§ Educate the workforce
§ Threat model to understand internal and external threats § Motivation § Skill § Internal vulnerabilities (threat vectors)
§ Align the punishment to the value of the data or mission
§ Target controls based on the TM
![Page 16: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/16.jpg)
So What?
16
§ At some point you literally have to kill someone* § The punishment has to match the crime
§ They have to think you can reasonably catch them
§ They have to think that the punishment is enforceable
§ They have to think you are serious
§ *Figuratively speaking
![Page 17: General Deterrence Theory and the Individual · § General deterrence theory (GDT) poses that an individual’s behavior can be altered through the use of a perceived punishment2](https://reader035.fdocuments.in/reader035/viewer/2022071021/5fd5327ef6589d204d090cc6/html5/thumbnails/17.jpg)
Ques>ons?
17