The Association of Digital Forensics, Security and Law (ADFSL)
In the paper the author proposes that effectively and efficiently addressing cyber crime requires a shift in paradigm. For businesses and government departments alike the focus should be on prevention, rather than the prosecution of cyber criminals. The Defence in Depth strategy poses a practical solution for achieving Information Assurance in today’s highly networked environments. In a world where “absolute security” is an unachievable goal, the concept of Information Assurance poses significant benefits to securing one of an organization’s most valuable assets: Information. It will be argued that the approach of achieving Information Assurance within an organisation, coupled with the implementation of a Defence in Depth strategy can ensure that information is kept secure and readily available and provides a competitive advantage to those willing to invest and maintain such a strategy.
1. Campana, J. (2006), Identity Theft: More than Account Fraud. What everyone should know (April 2006), http://www.jcampana.com, accessed on 16/02/2009
2. Foreman, M. (2009), Combating terrorist financing and other financial crimes through private sector partnerships, http://www.emeraldinsight.com/1368-5201.htm, accessed on 03/03/2009
3. Lüders, S (2006), A ‘defence-in-depth’ strategy to protect CERN’s control systems (09/02/2009), http://cerncourier.com/cws/article/cnl/24162, accessed on 01/07/2009
4. Murali, D and Ramesh, C. (2007), Pseudo-intellectualisms continues to be attached to computer crimes, The Hindu, 04/07/2007, http://www.thehindubusinessline.com/2007/07/05/99hdline.htm, accessed on 15/06/2009
5. National Security Agency of the United States of America (NSA), Defence in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments, (date published unknown), http://www.nsa.gov/ia/_files/support/defenceindepth.pdf, accessed on 10/06/2009
6. Tippett, Peter (2004), Easy does it, (24/02/2004), http://www.computertimes.asiaone.com.sg/people/story/0,5104,2021,00. html, accessed on 01/07/2009
7. Trusted Information Sharing Network for Critical Infrastructure Protection (TISN) (2009), Defence in Depth: Summary Report for CIO’s and CSO’s, (June 2008), http://www.tisn.gov.au, accessed on 10/06/2009
8. Tung, L. (2009), Microsoft: Defence in Depth is not enough, (19/05/2008) http://www.zdnet.com.au, accessed on 12/06/2009
9. Wikipedia, (2009), Information Assurance, http://en.wikipedia.org/wiki/Information_assurance, accessed on 18/06/2009
10. Wikipedia, (2009), Defence in Depth, http://en.wikipedia.org/wiki/defence_in_depth, accessed on 18/06/2009
11. Williams, P. (2009), Organised Crime and Cyber-crime: Implications for Business, http://www.cert.org/archive/pdf/cybercrime-business.pdf, accessed on 13/02/2009
"Prevention is Better than Prosecution: Deepening the Defence against Cyber Crime,"
Journal of Digital Forensics, Security and Law: Vol. 4
, Article 3.
Available at: http://commons.erau.edu/jdfsl/vol4/iss4/3