| Abstract: | Previous studies of computer criminals have attempted to differentiate between offenders, but have not used data from the actual attacks. Drawing on theories from investigative psychology as well as information security, the current study differentiates 2755 computer security incidents using information about Method of Operation (MO), Impact, and Source Sector from reported attacks. Multivariate statistical analyses were applied on the data‐matrix of 22 variables and showed the co‐occurrences of various aspects of computer security incidents. A radex structure emerged where the high frequency variables were positioned in the centre of the data‐plot. Based on a previously developed taxonomy of cyber intrusions, the results of the analysis showed that it was possible to draw inferences about the less informative category of Objective, from information about Attacker, Tools, Access, and Results. By applying the division‐lines indicating the Objectives of Challenge/Status, Destruction, Political Gain and Financial Gain on the SSA‐plot, it was shown how the taxonomies could be further developed by taking into account the relationships between the categories. Copyright © 2005 John Wiley & Sons, Ltd. |
