Information Security

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Fotolia_55457025_Subscription_Monthly_XL

    Report

    Companies Are Prioritizing Cybersecurity, but Hackers Still May Be Gaining

    Jun 10, 2015

    While spending on cybersecurity is $70 billion a year and growing, many chief information security officers believe that hackers may gain the upper hand in two to five years, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

  • 140902-F-II211-904

    Commentary

    Put a Cybercop on the Beat

    Jan 22, 2015

    What remains vitally needed is legislation that would grant at least one capable government organization the authority to track cyber-intruders and -criminals with the same freedom and speed of maneuver that these adversaries enjoy, while protecting the civil liberties and freedoms that allowed the establishment of the Internet.

Explore Information Security

  • Paramedics helping a patient

    Commentary

    Privacy Preferences for Healthcare Records and Information Across Europe

    The general public has a more nuanced preference for the privacy of electronic health records than previously thought. Survey respondents said that they would not be averse to individuals involved in the health and rescue professions having access to their basic health information.

    May 11, 2016

  • congressional-podcast-teaser-highres

    Multimedia

    Getting to Yes with China in Cyberspace: Is it Possible?

    In this May 2016 congressional briefing, RAND experts Scott W. Harold and Martin Libicki discuss the differing perspectives and interests of the United States and China in cyberspace.

    May 2, 2016

  • Journal Article

    Good Practice Guide on Vulnerability Disclosure: From Challenges to Recommendations

    Vulnerabilities are 'flaws' or 'mistakes' in computer-based systems that may be exploited to compromise the network and information security of affected systems.

    Apr 27, 2016

  • News Release

    One-Fourth of American Adults Notified of Data Breach in Past Year; Few Consumers Penalize Hacked Companies

    About a quarter of American adults reported that they were notified about their personal information being part of a data breach in the previous year, but only 11 percent of those who have ever been notified say they stopped doing business with the hacked company afterwards.

    Apr 13, 2016

  • Woman typing into a laptop

    Report

    Few Consumers Penalize Hacked Companies for Data Breaches

    About a quarter of American adults surveyed reported that they received a data breach notification in the past year, but 77 percent of them were highly satisfied with the company's post-breach response. Only 11 percent of respondents stopped dealing with the company afterwards.

    Apr 13, 2016

  • Infographic

    Data Theft Victims, and Their Response to Breach Notifications

    This infographic highlights the results of a study of consumer attitudes toward data breaches, notifications of those breaches, and company responses to such events.

    Apr 13, 2016

  • View to an operating room through an office window

    Commentary

    Ransomware Hackers Are Coming for Your Health Records

    Cyber criminals may be preying on hospitals because cyber protection measures likely have not kept pace with electronic data collection and because hospitals typically do not have backup systems and databases in place, even though such attacks can strain health care systems and potentially put patients' lives at risk.

    Apr 11, 2016

  • Journal Article

    Trade-off Across Privacy, Security and Surveillance in the Case of Metro Travel in Europe

    Focusing on train/metro travel we investigate whether Europeans perceive similar security and privacy issues as have been raised in recent discussions about surveillance.

    Apr 6, 2016

  • U.S. President Barack Obama shakes hands with Chinese President Xi Jinping at the start of the climate summit in Paris, November 30, 2015

    Report

    Getting to Yes with China in Cyberspace

    The tensions that divide the United States and China apply just as much to cyberspace as to relations in the physical world. Can the two countries achieve meaningful outcomes through formal negotiations over cyber norms and rules?

    Mar 22, 2016

  • An NYPD officer stands across the street from the Apple Store on 5th Ave. in New York, March 11, 2016

    Commentary

    The False Choice at the Core of the Apple-FBI Standoff

    The Apple-FBI case should spark a broader debate among technology companies concerning their role in maintaining the privacy and security balance. A starting point should be to recognize that the majority of cyberattacks are related to phishing—and a user's action—not to whether a device can be secured.

    Mar 21, 2016

  • Two teens using laptops

    Commentary

    The Military Should Increase Efforts to Find and Enlist Young Hackers

    Some notorious cyberattacks have been carried out by computer-savvy teens. They don't all have criminal intentions, they just have a particular aptitude for writing code and operating in cyberspace. The U.S. military should consider embracing and cultivating this pool of talent.

    Mar 10, 2016

  • Information safety graphic design

    Project

    Exploring Investment in Cybersecurity

    The digital dependence in developed countries has led to a situation where security vulnerabilities and security incidents potentially come accompanied by serious consequences. With this in mind, RAND Europe investigated why, where and how organisations in critical infrastructure sectors invest in cybersecurity.

    Feb 29, 2016

  • Service members and civilians conduct simulated cyberattack scenarios during Cyber Guard 2015

    Commentary

    In Greater Alignment: Public and Policymakers on Cyber

    For the first time, Gallup included cyberterrorism in its annual survey of Americans' concerns about threats to U.S. interests, and 73 percent of respondents said they felt it was a critical threat. The survey results come amid a flurry of activity on the issue on Capitol Hill and at the White House.

    Feb 29, 2016

  • Pieces of an iPhone are seen on a repair store counter in New York City, February 17, 2016

    Commentary

    The Cost of Security in the iPhone Era

    As the security on the iPhone better protects users from criminals, it also excels at keeping law enforcement from accessing the data. The dispute between the FBI and Apple over unlocking the iPhone of one of the San Bernardino attackers continues but the real debate is about whether society wants legislation that weakens iPhone security for law enforcement.

    Feb 26, 2016

  • Testimony

    Perspective on 2015 DoD Cyber Strategy: Addendum

    Document submitted on February 23, 2016 as an addendum to testimony presented before the House Armed Services Committee on September 29, 2015.

    Feb 26, 2016

  • Cybersecurity "leak"

    Multimedia

    Emerging Cyber Threats and Implications

    Cyberspace is expanding, becoming more vulnerable, and hosting increasingly vast amounts of data. Compounding this challenge is the growing number of bad actors seeking to exploit cyberspace. What steps can be taken to help mitigate emerging threats and improve U.S. cybersecurity?

    Feb 25, 2016

  • Group of friends holding their smart phones

    Commentary

    How You Can Be Cybersecurity's Strongest Asset

    Technology is thoroughly embedded within the average person's life but security is not emphasized to the general user. Teaching the importance of security early on and continually bringing awareness to the public could help temper technology-based attacks.

    Feb 18, 2016

  • Man using a laptop and drinking tea

    Commentary

    How Willing Are People to Allow Access to Their Internet Browsing History If It Helps National Security?

    A survey of over 26,000 citizens across the EU found that even in the event of a national emergency or limiting access of individuals' Internet usage to law enforcement agencies, there was still a strong aversion to information being stored or accessed.

    Feb 15, 2016

  • Journal Article

    Investing in Cybersecurity

    This research examines why, how and how much organisations in critical infrastructure sectors invest in cybersecurity.

    Feb 11, 2016

  • U.S. Defense Secretary Ash Carter meets with Chinese Gen. Fan Changlong, vice chairman of China's Central Military Commission, at the Pentagon, June 11, 2015

    Commentary

    OPM Hack Poses Overlooked Counterintelligence Risk for Economic Espionage

    Since discovering the theft of personal data from an OPM database last spring, government officials have been preoccupied with assessing the risks to national security. But they must also address its potential to enable an adversary to steal valuable economic and commercial information.

    Feb 1, 2016