When discussing the concepts of crime and cybercrime, their victims are important key players to understand why these criminal acts takes place. More importantly, with these players taken into...Show moreWhen discussing the concepts of crime and cybercrime, their victims are important key players to understand why these criminal acts takes place. More importantly, with these players taken into account, it is not only possible to understand this concept but also to predict and prevent the crimes that take place. In this thesis, the research focuses on individual victims of cybercrime in the Netherlands and their behavioural characteristics. The aim of this research is to study which behavioural risk factors have a predictive value for victimization, both in the offline as the online world. To answer this question, I designed a digital survey to compare two types of crime; one in the offline world and one in the online world. These two criminal acts have in common that they are comparable with each other, with the only difference that they take place in different worlds. The chosen criminal acts are doorstep scams in the offline world, and phishing in the online world. A scientific literature review, the data collected from the digital questionnaire and the subsequent analysis will answer the sub-questions of this research. It seemed that certain risk factors like socio-economic status, online activities, optimism bias, loneliness, capable guardianship and offline victimization had a significant correlation with victimization. For the factors optimism bias, capable guardianship and loneliness, these results had even a predictive value. Although there is quite an amount of scientific research available on risk factors and victimization, this research shows that there is still not enough knowledge about the behaviour of victims. This is because the studied risk factors have little to do with the actual behaviour of potential victims. Researchers must take a step back to study which existing theories should be better investigated for the existence of other, potential risk factors. With a descent description and formulation of the new risk factors, it would be easier in the future to reduce online and offline victimization based on these risk factors.Show less
Vulnerabilities in information systems have always been the Achilles heel of digital security. Ransomware-campaigns such as WannaCry and (Not)Petya highlighted the global and multidimensional...Show moreVulnerabilities in information systems have always been the Achilles heel of digital security. Ransomware-campaigns such as WannaCry and (Not)Petya highlighted the global and multidimensional nature of vulnerabilities and showed how substantial the impact of these could be for many aspects of the daily life. Vulnerability disclosure is a valuable instrument to report and solve these vulnerabilities to increase the security of information systems and prevent such events from happening. However, EU’s legal landscape for vulnerability disclosure is fragmented, and vulnerability researchers have to deal with legal uncertainty. Therefore, this thesis focuses on how the EU can increase the resilience of its cyber ecosystem through stimulating vulnerability disclosure. The purpose of this study will be to describe the different policy instruments the EU may use to stimulate coordinated vulnerability disclosure and prescribe which ones would be most valuable for increasing the EU’s cyber resilience. Coordinated vulnerability disclosure refers to the approach of disclosing vulnerabilities in the security of information systems in a controlled and responsible manner. This thesis will combine an analysis of primary and secondary sources – using technical and non-technical perspectives to bring these two worlds closer together to develop effective cybersecurity policies. To provide a deeper understanding of how the EU could construct a resilient cyber ecosystem: insight on cybersecurity, the resilience of ecosystems and security governance will be combined. Concluding, it is recommended that the EU uses a mix of regulatory instruments making optimal use of the expertise of the private sector to stimulate coordinated vulnerability disclosure. The outcomes are timely because in September 2017 a new EU Cyberstrategy will be presented.Show less
