Attacker-centric thinking in security: perspectives from financial services practitioners

Abstract

In response to diverging perspectives on the usefulness of attacker-centric approaches in security, this paper examines the current role of such thinking in security, incorporating 12 in-depth interviews with senior financial services practitioners working in the areas of security, fraud and risk. The presentation of results is supported by a condensed systematic literature review on the topic and followed by the provision of a list of suggested guidelines on practical implementation strategies, enabling further theoretical reframing and extension.