Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.
Research conducted by:
RAND Justice, Infrastructure, and Environment;
RAND National Security Research Division;
RAND Labor and Population;
RAND Arroyo Center;
RAND Project AIR FORCE
Featured at RAND
Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers.
Journal Articles (17)
A review some of the provisions of the European Commission's 2013 proposals for a Network and Information Security Directive highlights specific concerns, including the relationship of incident notification achieving the outcomes of the directive, potential for overlapping regulation and definitions of covered entities.
The sharing and exchange of information between Computer Emergency Response Teams (CERTs) and the law enforcement community in Europe face several legal and operational barriers. This report offers recommendations for CERTs, law enforcement, and policymakers in Brussels.
This rapid evidence assessment of the innovation and competitiveness impacts of the EU's proposed General Data Protection Regulation considers a variety of perspectives and identifies several impacts and areas for improvement.
ENISA conducted a study identifying possible causes inhibiting the cyber-insurance market in Europe and investigating incentives to kick-start its development.
When it comes to cyber security, the world today is not the future that U.S. policy promised when cyber security first appeared on the national agenda well over a decade ago.
This study focuses on the legal and regulatory aspects of information sharing and cross-border collaboration of national/governmental CERTs in Europe.
This article defines and explores the concept of cyber security culture within the context of the U.S. Army.
Encryption is seen as a way to prevent malicious use of patient data, but there is no empirical evidence that it does.
This report sets out findings from a research project into the barriers to and incentives for information sharing in the field of network and information security, in the context of peer-to-peer groups such as Information Exchanges (IE) and Information Sharing Analysis Centres (ISACs).
Much of the current debate concerning civil liberties and security is adversarial, and little robust research data informs these arguments.This paper outlines the results of a study that attempts to objectively understand the real privacy, liberty and security trade-offs made by individuals, so that policymakers can be better informed about the preferences of individuals with regard to these important issues.
Are recent laws in conflict with the technological trend toward wireless transfer of physician and patient-specific health information, and will they present overwhelming barriers to the widespread use of e-prescribing?
The threat of crossborder cyberattacks into the USA is focusing attention on the electronic security of its northern neighbour.
There is an increasing awareness that TTOs and other asymmetric enemies seek to exploit Western vulnerabilities to cyberbased information operations.
The Chinese Communist Party is simultaneously fostering the growth of the Internet and weaving a web of regulations to limit network content and use.
Health-related Web sites are among the most visited sites on the Internet, and their use may change the patient-provider relationship.
There is increasing concern over the issue of privacy of patient records. This article discusses the government's role and basic safeguarding principles.
National security in the information age