Rule 5: The Fear of Getting Caught is the Beginning of Wisdom

Don't underestimate the value of deterrence. Many potential attacks can be prevented by instilling fear in the potential attackers.¹ Deterrence can be particularly effective against the amateur white-collar criminal or insider. The goal is to prevent the attacker's intent from reaching the critical point of action. There are many kinds of safeguards that can deter an attack, ranging from login banner warnings such as "WARNING! Use of this system constitutes consent to security monitoring and testing. All activity is logged with your host name and IP address."² to written reminders of computer-related laws, background checks, security briefings, and audits. Of course, these safeguards may not phase the hardened computer criminal, but even a pro will think twice after surveying a newly-cracked system and finding that a monitoring tool like Tripwire has been configured to write daily filesystem integrity reports to read-only media.