Skip to section navigation
Skip to page content

RAND > Topics >

Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

Report

The Life and Times of Zero-Day Software Vulnerabilities

Mar 9, 2017

Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.
Commentary

Does the Court System Know as Much About ESI as Your Teenager? It Should.

Feb 21, 2017

Electronically stored information (ESI) from smart appliances, fitness trackers, and other devices is making its way into the U.S. court system. Judges and lawyers need to better understand this evidence so they can challenge it or rule on its admissibility in court.

Explore Information Security

Content

Peter Norton: Entrepreneur, Art Collector, and RAND Advisory Board Member

When the Saudi kingdom hired RAND in the 1980s to advise its information technology industry on the best bets for future investment, RAND researchers consulted expert Peter Norton to back up their findings. Norton has supported RAND ever since.

Jul 3, 2017
Report

Report

Cyber Power Potential of the Army's Reserve Component

Describes the availability of personnel with cyber skills in the private sector and the number of Army reserve component soldiers available to support the Army's cyber mission needs.

Jun 15, 2017
Report

Social Media Analysis Could Support Information Operations

Social media analysis could provide a window into the perspectives and communications of adversaries and other key audiences. If DoD seeks to expand its capability in this area, it must navigate U.S. law, cultural norms, and other issues.

Jun 14, 2017
Report

Could Stateless Attribution Promote International Cyber Accountability?

The public may respond to government claims about who is behind a cyberattack with suspicion and confusion. Could an independent, global organization for cyber attribution help?

Jun 2, 2017
Commentary

WannaCry Virus: A Lesson in Global Unpreparedness

The WannaCry ransomware attack provides important lessons about how to secure cyber networks. History indicates that other attacks will follow. Preparedness is crucial.

May 22, 2017
Commentary

Russia in Action, Short of War

The West needs to work more quickly and coordinate better to offset Russia's capabilities, aggressiveness, and success. Responding to Russia's hostile influence involves predicting Russia's targets, identifying the tools it's likely to use, and playing the long game rather than focusing on near-term events.

May 9, 2017
Testimony

The Need for Cognitive Security

The United States needs a strategy to counter information operations conducted by Russia and other adversaries. The rapid evolution of technology complicates this challenge.

Apr 27, 2017
Report

Report

Tactical Cyber: Building a Strategy for Cyber Support to Corps and Below

This report proposes a strategy for tactical Army cyber operations, enumerating overarching goals, objectives, and associated activities. Instructive case studies are provided that support implementation of the strategy.

Mar 28, 2017
News Release

News Release

RAND Study Examines 200 Real-World 'Zero-Day' Software Vulnerabilities

Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

Mar 9, 2017
Testimony

Effective Cyberdeterrence Takes More Than Offensive Capability

A successful cyberdeterrence posture has many prerequisites. These include attributing attacks to the correct party, thresholds for what merits retaliation, credibility, and offensive capability. For the United States, capability is the least in doubt.

Mar 1, 2017
Commentary

What Is the Adversary Likely to Do with the Clearance Records for 20 Million Americans?

The state actor that hacked the Office of Personnel Management could use the stolen information to further its domestic control against dissidents, enhance its foreign intelligence, and improve its position in the global military and economic order.

Jan 20, 2017
Brochure

A focus on cybersecurity

Cybersecurity has risen to become a prominent issue of national and global security for governments and international organisations worldwide. A focus on cybersecurity looks at the issues and details RAND Europe's expertise and work in the area.

Dec 19, 2016
Report

Report

Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

The authors evaluated current Controlled Unclassified Information labeling procedures, practices, and security policies for U.S. Department of Defense acquisition data and recommend improvements.

Dec 19, 2016
Report

Report

A Framework for Exploring Cybersecurity Policy Options

RAND conducted two discovery games to explore possible solutions for improving cybersecurity, assess their implications, and develop an initial framework to support debate and inform decisions regarding cybersecurity policies and practices.

Nov 23, 2016
Commentary

Where Next for the Digital Society?

Digital technologies are omnipresent, both in terms of where we are and what we do. A digital society can bring about economic and societal gain, but there are many challenges that need to be addressed beyond the actual technologies.

Oct 14, 2016
Report

Report

Thought Leadership programme 2016: Key Findings

Key findings from the 2016 Thought Leadership Programme, convened by Corsham Institute in conjunction with RAND Europe and St George's House exploring opportunities and challenges created by digital technologies in society.

Oct 13, 2016
Commentary

Digital Theft: The New Normal

Absolute data breach prevention is not possible, so knowing what people want when it happens is important. Consumers and corporations alike should accept this risk as a “when,” not an “if,” and prepare for it.

Oct 10, 2016
Journal Article

Cost of Cyber Incidents to American Companies Is Less Than Expected

Why don't American companies invest more in computer security? One possible explanation: Relative to the other risks they face, cyber risks often aren't as significant as expected. Most breaches cost companies less than 0.4 percent of their annual revenues.

Oct 10, 2016

1
2
3
4
5
6
7
8
9
10
Next

RAND Topic:
Information Security

Topic Synonyms:
INFOSEC

Research conducted by