Protective security
Academic Publications
The development of structured guidelines for assessing risk in extremist offenders
This paper describes a methodology developed by the National Offender Management Service (NOMS) to assess risk and needs in convicted extremist offenders in England and Wales, and for the assessment of those offenders for whom there are credible concerns about their potential to commit such offences. A methodology was needed to provide an empirically-based systematic and transparent approach to the assessment of risk to inform proportionate risk management; increase understanding and confidence amongst front-line staff and decision-makers, and facilitate effective and targeted intervention. It outlines how the methodology was developed, the nature of the assessment, its theoretical underpinnings, the challenges faced and how these have been addressed. Learning from casework with offenders, from government commissioned research and the wider literature is presented in the form of 22 general factors (with an opportunity to capture additional idiosyncratic factors, i.e., 22+) that contribute to an individual formulation of risk and needs that bears on three dimensions of engagement, intent and capability. The relationship of this methodology, the Extremism Risk Guidelines (ERG 22+) with comparable guidelines, the Violent Extremism Risk Assessment 2 (VERA version 2) and the Multi-Level Guidelines (MLG), is also discussed. This paper also considers the ERG’s utility, validity and limitations.
(From the journal abstract)
Lloyd, M., & Dean, C. (2015). The development of structured guidelines for assessing risk in extremist offenders. Journal of Threat Assessment and Management, 2(1), 40–52.
The Psychology of Criminal Investigation: From Theory to Practice
The contribution of psychological research to the prevention of miscarriages of justice and the development of effective investigative techniques is now established to a point where law enforcement agencies in numerous countries either employ psychologists as part of their staff, or work in cooperation with academic institutions. The application of psychology to investigation is particularly effective when academics and practitioners work together. This book brings together leading experts to discuss the application of psychology to criminal investigation.
This book offers an overview of models of investigation from a psychological and practical view point, covering topics such as investigative decision making, the presentation of evidence, witness testimony, the detection of deception, interviewing suspects and evidence-based police training. It is essential reading for students, researchers and practitioners engaged with police practice, investigation and forensic psychology.
(From the journal abstract)
Griffiths, A., & Milne, R. (Eds.). (2018). The Psychology of Criminal Investigation: From Theory to Practice (1st ed.). Routledge.
Detecting smugglers: Identifying strategies and behaviours in individuals in possession of illicit objects
Behaviour detection officers' task is to spot potential criminals in public spaces, but scientific research concerning what to look for is scarce. In two experiments, 52 (Experiment 1A) and 60 (Experiment 2A) participants carried out a mission involving a ferry crossing. Half were asked to smuggle an object; the other half were non‐smugglers. In Experiment 2A, two confederates appeared to approach as if looking for someone on the ferry.
Smugglers, more than non‐smugglers, reported afterwards to have felt nervous, self‐conscious, and conspicuous and to attempt behavioural control during the ferry crossing. The secretly videotaped ferry crossings were shown to 104 (Experiment 1B) and 120 (Experiment 2B) observers, tasked to identify the smugglers. Although they reported paying attention mostly to signs of nervousness, lie detection accuracy rate was poor (48% in Experiment 1 and 39.2% in Experiment 2) because their perceptions of nervousness did not match the experiences of nervousness reported by the (non)smugglers.
(From the journal abstract)
Samantha Mann, Haneen Deeb, Aldert Vrij, Lorraine Hope & Lavinia Pontigia, 2019. Detecting Smugglers: Identifying strategies and behaviours in individuals in possession of illicit objects. Applied Cognitive Psychology. https://doi.org/10.1002/acp.3622
In Their Own Words: Employee Attitudes towards Information Security
The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research.
Design/methodology/approach
The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey.
Findings
The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks.
Research limitations/implications
The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation.
Originality/value
The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.
(From the journal abstract)
Debi Ashenden. 2018. ‘In Their Own Words: Employee Attitudes towards Information Security’. Information and Computer Security, 26 (3): 327–37. https://doi.org/10.1108/ICS-04-2018-0042.
Individual Differences in Susceptibility to Online Influence: A Theoretical Review
Scams and other malicious attempts to influence people are continuing to proliferate across the globe, aided by the availability of technology that makes it increasingly easy to create communications that appear to come from legitimate sources. The rise in integrated technologies and the connected nature of social communications means that online scams represent a growing issue across society, with scammers successfully persuading people to click on malicious links, make fraudulent payments, or download malicious attachments.
However, current understanding of what makes people particularly susceptible to scams in online contexts, and therefore how we can effectively reduce potential vulnerabilities, is relatively poor. So why are online scams so effective? And what makes people particularly susceptible to them? This paper presents a theoretical review of literature relating to individual differences and contextual factors that may impact susceptibility to such forms of malicious influence in online contexts.
A holistic approach is then proposed that provides a theoretical foundation for research in this area, focusing on the interaction between the individual, their current context, and the influence message itself, when considering likely response behaviour.
(From the journal abstract)
Williams, Emma J., Amy Beardmore, and Adam N. Joinson. 2017. ‘Individual Differences in Susceptibility to Online Influence: A Theoretical Review’. Computers in Human Behavior 72 (July): 412–21. https://doi.org/10.1016/j.chb.2017.03.002.
Press Accept to Update Now: Individual Differences in Susceptibility to Malevolent Interruptions
Increasingly, connected communication technologies have resulted in people being exposed to fraudulent communications by scammers and hackers attempting to gain access to computer systems for malicious purposes. Common influence techniques, such as mimicking authority figures or instilling a sense of urgency, are used to persuade people to respond to malevolent messages by, for example, accepting urgent updates. An ‘accept’ response to a malevolent influence message can result in severe negative consequences for the user and for others, including the organisations they work for.
This paper undertakes exploratory research to examine individual differences in susceptibility to fraudulent computer messages when they masquerade as interruptions during a demanding memory recall primary task compared to when they are presented in a post-task phase. A mixed-methods approach was adopted to examine when and why people choose to accept or decline three types of interrupting computer update message (genuine, mimicked, and low authority) and the relative impact of such interruptions on performance of a serial recall memory primary task.
Results suggest that fraudulent communications are more likely to be accepted by users when they interrupt a demanding memory-based primary task, that this relationship is impacted by the content of the fraudulent message, and that influence techniques used in fraudulent communications can over-ride authenticity cues when individuals decide to accept an update message. Implications for theories, such as the recently proposed Suspicion, Cognition and Automaticity Model and the Integrated Information Processing Model of Phishing Susceptibility, are discussed.
(From the journal abstract)
Williams, Emma J., Phillip L. Morgan, and Adam N. Joinson. 2017. ‘Press Accept to Update Now: Individual Differences in Susceptibility to Malevolent Interruptions’. Decision Support Systems 96 (April): 119–29. https://doi.org/10.1016/j.dss.2017.02.014.
Security Dialogues: Building Better Relationships between Security and Business
In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes.
By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.
(From the journal abstract)
Ashenden, Debi, and Darren Lawrence. 2016. ‘Security Dialogues: Building Better Relationships between Security and Business’. IEEE Security Privacy 14 (3): 82–87. https://www.computer.org/cms/Computer.org/ComputingNow/issues/2016/08/msp2016030082.pdf.
Employees: The Front Line in Cyber Security
What happens if you lose trust in the systems on which you rely? If the displays and dashboards tell you everything is operating normally but, with your own eyes, you can see that this is not the case? This is what apparently happened with the Stuxnet virus attack on the Iranian nuclear programme in 2010.
Dr Debi Ashenden, CREST lead on protective security and risk assessment, writes that with cyber attacks set to rise, it’s important that we empower employees to defend our front line.
(From the journal abstract)
Ashenden, Debi. 2017. ‘Employees: The Front Line in Cyber Security’. The Chemical Engineer, February 2017, 908 edition. https://crestresearch. ac.uk/comment/employees-front-line-cyber-security/.