1 / 18

National Computer Security Survey

National Computer Security Survey. Ramona R. Rantala U.S. Department of Justice Bureau of Justice Statistics May 2006. GSC-11 Chicago 2006.

pules
Télécharger la présentation

National Computer Security Survey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National Computer Security Survey Ramona R. Rantala U.S. Department of Justice Bureau of Justice Statistics May 2006 GSC-11 Chicago 2006

  2. "Everyone knows that cybercrime and other computer incidents are a growing problem. But no one really knows how large, how fast it's growing, or where the problems are concentrated. And you can’t manage what you can't measure. The more we know about the extent of cybercrime, the better we'll all be able to combat it." Paul Kurtz Executive Director Computer Security Industry Alliance

  3. Nature of computer security incidents Prevalence by industry and type of incident Reporting to official organizations Types of offenders Monetary losses Downtime Reliable Cybercrime Data Needed

  4. Reveals vulnerabilities Identifies best security practices Technology Policy Other security measures Informs resource allocation Federal Economic sector Company Reliable Cybercrime Data

  5. FTC identity theft data National Crime Victimization Survey National Prosecutors Survey Federal Justice Statistics Program National Incident-Based Reporting System CSI/FBI Computer Crime and Security Survey Current Cybercrime Data

  6. Conducted as a feasibility test Are data reportable? Will companies participate? Employed extensive cognitive testing Analyzed non-response Computer Security Survey Pilot Test

  7. Most common barriers Voluntary survey Don’t have time Less common barriers Legal/confidentiality concerns Data not available CSS Pilot Test Non-Response

  8. Of the 500 sampled companies, 42% responded 95% of respondents used computers Nearly 75% of companies with computers were victimized by cybercrime Reporting incidents to official organizations varied by type of incident Losses for 100 companies totaled $61 million and varied by type of incident CSS Pilot Test Results

  9. National Computer Security Survey • Is being conducted in partnership between • U.S. Department of Justice • U.S. Department of Homeland Security • Is being fielded on our behalf by the RAND Corporation, a private, non-profit research organization • Collects comprehensive data on computer infrastructure, security, and incidents • Is designed to be representative at national and industry levels

  10. Maximizing NCSS Response Rates • Endorsements • Attorney General & Secretary of Homeland Security • Computer security organizations • Industry leaders • Trade associations • Project website • General information • Endorsers and quotes • Frequently Asked Questions • Contact information for DOJ, DHS, and RAND

  11. Maximizing Response Rates (cont’d) • Extensive follow-up • All companies in sample receive, by regular post • Initial packet • Reminder letter • Two additional packets • Largest companies also receive • Phone calls • Fourth packet by FedEx • Industry reports

  12. Maximizing Response Rates (cont’d) • Publicity • Press releases • Newspaper and journal articles • Conference sessions • Announcements • Confidentiality • P.L. 107-347, Title V [E-Government Act of 2002, CIPSEA (Confidential Information Protection)] • 44 U.S.C. § 3501 note (codifies the E-Gov Act)

  13. NCSS Survey Methodology • Rigorous cognitive testing of questionnaire • Scientific sample of 36,000 companies • Stratified by industry and company size • 5,000 certainty companies • 50 largest companies in each industry • All Fortune 1000 companies • All companies employing more than 5,000 people • 31,000 non-certainty companies • Paper and Web-based survey instruments

  14. Preliminary Results • Roughly 3,500 mailed in February • Remaining 32,500 mailed late April • Response is steady and increasing • Companies are reporting all types of incidents • Results are not dissimilar to Pilot Test results, but not enough data has been collected to form even preliminary conclusions

  15. E-Commerce E-commerce is defined as any transaction completed over a computer-mediated network that involves the transfer of ownership or rights to use goods or services. Examples: • Taking orders for merchandise or services • Transferring information or rights • Paying accounts

  16. E-Commerce Data Collected in NCSS • Which of the following does this company have or use? • Website with e-commerce • Virtual Private Network • Electronic Data Interchange • Internet • Intranet • Extranet • Which of the above were used, accessed, or affected in the incidents?

  17. E-Commerce Data in NCSS (cont’d) • Percentage of business transacted over Internet, Intranet, Extranet, Electronic Data Interchange, etc. • Total operating revenue, sales, or receipts • Percentage of this total derived from e-commerce

  18. Contact • Ramona Rantala • Statistician • DOJ/DHS NCSS Program Manager • U.S. Department of Justice • Bureau of Justice Statistics • (202) 307-6170 • Ramona.Rantala@usdoj.gov

More Related