2012-05-24T14:24:16Z Copyright (c) 2012, The RAND Corporation RAND Corporation http://www.rand.org/topics/computer-crime.html http://www.rand.org/pubs/technical_reports/TR1218.html Mar 28, 2012 Mar 28, 2012

After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime.

http://www.rand.org/randeurope/research/cyber.html Feb 29, 2012 Feb 29, 2012

Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers.

http://www.rand.org/pubs/occasional_papers/OP342.html Dec 22, 2011 Dec 22, 2011

It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues.

http://www.rand.org/commentary/2011/05/06/GS.html May 6, 2011 May 6, 2011

A truly monumental attack that could cripple key U.S. computer systems — something akin to the Stuxnet worms attack on Iran's nuclear infrastructure, for example — would take many months of planning, significant expertise, and a great deal of money to pull off, writes Isaac Porche.

http://www.rand.org/pubs/technical_reports/TR937.html Apr 15, 2011 Apr 15, 2011

Passwords are proving less and less capable of protecting computer systems from abuse. Multifactor authentication (MFA) — which combines something you know (e.g., a PIN), something you have (e.g., a token), and/or something you are (e.g., a fingerprint) — is increasingly being required. This report investigates why organizations choose to adopt or not adopt MFA — and where they choose to use it.

http://www.rand.org/pubs/technical_reports/TR933.html Apr 6, 2011 Apr 6, 2011

Cloud computing is a model for enabling on-demand network access to a shared pool of computing resources—such as storage and applications—that can be rapidly provisioned with minimal management effort or service provider interaction. RAND Europe explored the security, privacy, and trust challenges that cloud computing poses.

http://www.rand.org/pubs/external_publications/EP201100104.html Dec 31, 2010 Dec 31, 2010

Encryption is seen as a way to prevent malicious use of patient data, but there is no empirical evidence that it does.

http://www.rand.org/commentary/2010/12/09/BAS.html Dec 9, 2010 Dec 9, 2010

The highly sophisticated Stuxnet computer worm suspected of sending Iran's nuclear centrifuges into self-destruction mode forces a difficult debate on whether longstanding firewalls in our country's democracy should be breached for the sake of national security, writes Isaac Porche.

http://www.rand.org/pubs/corporate_pubs/CP602z2.html Mar 11, 2010 Mar 11, 2010

<p>What is the role of government in a borderless internet world? RAND Europe assesses the implications for policy makers.</p>

http://www.rand.org/news/press/2009/10/08.html Oct 8, 2009 Oct 8, 2009

Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

http://www.rand.org/pubs/monographs/MG877.html Oct 7, 2009 Oct 7, 2009

Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack.

http://www.rand.org/commentary/2009/05/19/EV.html May 19, 2009 May 19, 2009

In the future, the EU will inevitably have to adjust its system of rules to cope with the evolving uses of personal data, globalization and international data flows, write Neil Robinson and Lorenzo Valeri.

http://www.rand.org/pubs/research_briefs/RB9365-1.html Nov 18, 2008 Nov 18, 2008

<p>This research brief addresses key cybersecurity concerns, such as protecting critical products and services and ensuring that software will work. It identifies how organizations perceive the importance of cybersecurity in making investment decisions.</p>

http://www.rand.org/news/press/2007/09/13.html Sep 25, 2007 Sep 25, 2007

<p>Security experts from the technology industry, law enforcement and academia will outline what is needed to better measure and understand the effect of computer-based crime in the United States during a public forum Sept. 25 in Silicon Valley.</p>

http://www.rand.org/pubs/commercial_books/CB407.html May 12, 2007 May 12, 2007

<p>Explores the potential for and limitations to information warfare, including its use in weapons systems and in command-and-control operations as well as in the generation of &ldquo;noise&rdquo; and how far &ldquo;friendly conquest&rdquo; in cyberspace extends.</p>

http://www.rand.org/news/press/2006/05/02/index2.html May 2, 2006 May 2, 2006

On behalf of the U.S. Departments of Justice and Homeland Security, the RAND Corporation is fielding the first national survey to measure the impact of cybercrime on American businesses.

http://www.rand.org/pubs/technical_reports/TR337.html Apr 10, 2006 Apr 10, 2006

<p>The Computer Security Incident Response Team (CSIRT) Legal Handbook provides a comprehensive collection of information on European and national rules, regulations, and laws concerning computer misuse, as well as guidelines for when and how law enforcement must be informed of incidents.</p>

http://www.rand.org/pubs/monograph_reports/MR1601.html Jan 1, 2004 Jan 1, 2004

<p>Understanding an organization&rsquo;s reliance on information systems and how to mitigate the vulnerabilities of these systems can be an intimidating challenge &mdash; especially when considering less well-known weaknesses or even unknown vulnerabilities that have not yet been exploited. The authors introduce the Vulnerability Assessment and Mitigation methodology, a six-step process that uses a top-down approach to protect against future threats and system failures while mitigating current and past threats and weaknesses.</p>

http://www.rand.org/pubs/conf_proceedings/CF196.html Dec 31, 2003 Dec 31, 2003

<p>Reports the results of a workshop on the problems of ensuring the security of information against malevolent actions by insiders in the intelligence community (IC) with access to sensitive information and information systems. Attendees discussed community system models, vulnerabilities and exploits, attacker models, and event characterization, and discussed databases that would aid them in their work.</p>

http://www.rand.org/pubs/monograph_reports/MR1535.html Jan 1, 2003 Jan 1, 2003

<p>This report reflects the findings of a conference on cyber security and cyber crime in 2002 in The Hague, The Netherlands. It looks into the urgency for a better common understanding and better cooperation on these issues, in the light of the growth of the Internet, both in terms of number of users and in terms of social, cultural and economic impact. Focus was at three themes regarding the role of the public and the private sector in dealing with cyber security and cyber crime: What are the threats and what is the matrix of possible responses? How should Europe and the United States cooperate? How should the public and the private sector work together?</p>