Deception

The concepts of deception, counter-deception, and deception detection as a means of cyber defense have been saddled with baggage resulting from legal and moral issues for security professionals. Hackers have become adroit in their use of deception as a means to achieve their intended goal to exploit vulnerabilities and improve stealth in the execution of cybercrime. Deception, like money, is not for obvious reasons a topic openly discussed in public but this too is changing. It consists of "dissimulation, hiding the real and through simulation showing the false". Dissimulation is accomplished through three techniques: masking, repackaging, and dazzling. Deception techniques work best within a framework of a strong internal controls environment. The design of a robust deception program depends in large part on the level of maturity of security internal controls inclusive of its people and processes. Deception detection training programs are growing rapidly as security professions seek alternative ways to enhance defensive strategies.