Computer Security, Information Assurance and Survivability, and Critical Infrastructure Protection

RAND has a long history in unveiling the issues surrounding security and protection of information systems. In 1999, we published a report on the concept of a "minimum essential information infrastructure" for U.S. defense information systems, developing a top-down methodology that examines the fundamental foundations of information system vulnerabilities and identifies the range of fundamental security approaches that can be taken to address these vulnerabilities. More recently, we are applying the checklists of sources of potential vulnerabilities, and of relevant security techniques, to real-world command and control systems to validate the methodology outlined in that report. We are also exploring new ways to use deception in information systems, both to defend and protect valuable assets, and to gain intelligence about the intruder/attacker. In the UK, RAND Europe supports the Information Assurance Advisory Council (IAAC), an independent organization that brings together public and private sectors to find solutions to the challenges of information and network security.

Selected reports on these topics include:

9 to 5: Do You Know if Your Boss Knows Where You Are? Case Studies of Radio Frequency Identification Usage in the Workplace - 2005

Edward Balkovich, Tora K. Bikson and Gordon Bitko, RAND TR-197-RC

Full Document

Critical Infrastructures Will Remain Vulnerable: Neighbourhoods Must Fend for Themselves - 2004

Edward E. Balkovich, Robert H. Anderson
International Journal of Critical Infrastructures, 2004 - Vol. 1, No.1  pp. 8 - 19

Read the Article at inderscience.com

Understanding the Insider Threat Proceedings of a March 2004 Workshop - 2004

Robert Anderson and Richard Brackney, RAND CF-196-ARDA

Full Document

Benchmarking Security and Trust in Europe and the US - 2003

Leon Cremonini and Lorenzo Valeri, RAND MR-1736-EC

Full Document

Finding and Fixing Vulnerabilities in Information Systems:
The Vulnerability Assessment and Mitigation Methodology - 2003

Philip S. Antón, Robert H. Anderson, Richard Mesic, Michael Scheiern, RAND MR-1601-DARPA

Full Document

Managing New Issues: Cyber Security in an Era of Technological Change - 2003

Marten van Heuven, Maarten Botterman, Stephan de Spiegeleire, RAND MR-1535-RE

Full Document

TEN Telecom Guidelines Status Review - 2003

Jonathan Cave, Maarten Botterman, Renske Ellens, Paivi Luoma, Gert Jan de Vries, Roel Westerhof, RAND MR-1485-EC

Full Document

Building Partnerships to Protect Europe's Information Infrastructure - 2002

Andrew Rathmell, RAND P-8063

Abstract/Order Document

Concepts for Enhancing Critical Infrastructure Protection: Relating Y2K to CIP Research and Development - 2002

B. David Mussington, RAND MR-1259-OSTP

Full Document

Army Biometric Applications: Identifying and Addressing Sociocultural Concerns - 2001

John D. Woodward, Jr., Katharine W. Webb, Elaine M. Newton, Melissa Bradley, David Rubenson, RAND MR-1237-A

Full Document

Biometrics: Facing Up to Terrorism - 2001

John D. Woodward, RAND IP-218

Full Document

Creating a Dependable Information Infrastructure in Europe - 2001

Maarten Botterman, Andrew Rathmell, Lorenzo Valeri, RAND P-8061

Abstract/Order Document

Advanced Network Defense Research: Proceedings of a Workshop - 2000

Robert H. Anderson, Richard Brackney, Thomas Bozek, RAND CF-159-NSA

Full Document

Research on Mitigating the Insider Threat to Information Systems - #2 - 2000

Robert H. Anderson, Thomas Bozek, Tom Longstaff, Wayne Meitzler, Michael Skroch, Ken Van Wyk, RAND CF-163-DARPA

Full Document

The Economic Costs and Implications of High-Technology Hardware Theft - 1999

James N. Dertouzos, Eric V. Larson, Patricia A. Ebener, RAND MR-1070-AEA

Full Document

Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems - 1999

Robert H. Anderson, RAND CF-151-OSD

Full Document

Securing the U.S. Defense Information Infrastructure: A Proposed Approach - 1999

R.H. Anderson et al., RAND MR-993-OSD/NSA/DARPA

Full Document

The Cyber-Posture of the National Information Infrastructure - 1998

W.H. Ware, RAND MR-976-OSTP

HTML SummaryFull Document

Emerging Challenge: Security and Safety in Cyberspace - 1996

Richard O. Hundley, Robert H. Anderson, RAND RP-484

Abstract/Order Document

An Exploration of Cyberspace Security R&D Investment Strategies for DARPA: "The Day After … in Cyberspace II" - 1996

Robert H. Anderson and Anthony C. Hearn, RAND MR-797-DARPA

Full Document

A Qualitative Methodology for the Assessment of Cyberspace-Related Risks - 1996

R.O. Hundley, R.H. Anderson, RAND P-7988

Abstract/Order Document

Risks to the U.S. Infrastructure from Cyberspace - 1996

Robert H. Anderson, RAND CT-138

Abstract/Order Document

Security in Cyberspace, Challenges for Society: Proceedings of an International Conference - 1996

Richard O. Hundley, Robert H. Anderson, John Arquilla, Roger C. Molander, RAND CF-128-RC

Abstract/Order Document

Security in Cyberspace: An Emerging Challenge for Society - 1994

Richard O. Hundley and Robert H. Anderson, RAND P-7893

Abstract/Order Document

The New Faces of Privacy - 1993

Willis H. Ware, RAND P-7831

Abstract/Order Document

Back to Top 

ISG Home | Staff & Contact Info | Research Topics | Related RAND Research

RAND Home | About RAND | Privacy Policy | Research Areas | Books & Publications | Opportunities | Search

RAND® is a registered trademark. Copyright © 1994-2006 RAND Corporation. Last modified: December 13, 2007