RAND Research Topic: Information Security 2012-05-24T14:56:49Z Copyright (c) 2012, The RAND Corporation RAND Corporation http://www.rand.org/topics/information-security.html Exploring How the EU Should Establish a Cybercrime Centre http://www.rand.org/pubs/technical_reports/TR1218.html Mar 28, 2012 Mar 28, 2012 After visiting EU high tech crime units, conducting interviews with stakeholders, and holding a scenario-based workshop, RAND Europe researchers determined that a European Cybercrime Centre hosted by Europol would bring together input from several different entities and drive a common approach to tackling cybercrime. Cybersecurity: Examining Challenges for the Future http://www.rand.org/randeurope/research/cyber.html Feb 29, 2012 Feb 29, 2012 Cyberspace is increasingly important for economic growth, openness, and democracy, but poor cybersecurity can make governments, businesses, and individuals open to cyber attack and cyber crime. RAND Europe conducts a range of research on the topic to advise policymakers. The Characteristics of Cyberspace Pose Challenges to Those Who Seek to Defend It http://www.rand.org/pubs/occasional_papers/OP342.html Dec 22, 2011 Dec 22, 2011 It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues. Evaluation of DG SANCO data management practices: Final report http://www.rand.org/pubs/technical_reports/TR822.html Sep 8, 2011 Sep 8, 2011 The EC Health and Consumer Protection Directorate-General commissioned RAND Europe to provide support in developing a comprehensive data strategy for DG SANCO that meets the needs of increasingly evidence-based policymaking in the future. Understanding the Security, Privacy, and Trust Aspects of Cloud Computing http://www.rand.org/pubs/technical_reports/TR933.html Apr 6, 2011 Apr 6, 2011 Cloud computing is a model for enabling on-demand network access to a shared pool of computing resources&mdash;such as storage and applications&mdash;that can be rapidly provisioned with minimal management effort or service provider interaction. RAND Europe explored the security, privacy, and trust challenges that cloud computing poses. Encryption and the Loss of Patient Data http://www.rand.org/pubs/external_publications/EP201100104.html Dec 31, 2010 Dec 31, 2010 Encryption is seen as a way to prevent malicious use of patient data, but there is no empirical evidence that it does. Chaos or Control? http://www.rand.org/pubs/corporate_pubs/CP602z2.html Mar 11, 2010 Mar 11, 2010 <p>What is the role of government in a borderless internet world? RAND Europe assesses the implications for policy makers.</p> Security, at What Cost? http://www.rand.org/pubs/external_publications/EP201000120.html Dec 31, 2009 Dec 31, 2009 <p>Much of the current debate concerning civil liberties and security is adversarial, and little robust research data informs these arguments.This paper outlines the results of a study that attempts to objectively understand the real privacy, liberty and security trade-offs made by individuals, so that policymakers can be better informed about the preferences of individuals with regard to these important issues.</p> U.S. Must Focus on Protecting Critical Computer Networks from Cyber Attack http://www.rand.org/news/press/2009/10/08.html Oct 8, 2009 Oct 8, 2009 Because it will be difficult to prevent cyber attacks on critical civilian and military computer networks by threatening to punish attackers, the United States must focus its efforts on defending these networks from cyber attack. The Cracks in Data Privacy http://www.rand.org/commentary/2009/05/19/EV.html May 19, 2009 May 19, 2009 In the future, the EU will inevitably have to adjust its system of rules to cope with the evolving uses of personal data, globalization and international data flows, write Neil Robinson and Lorenzo Valeri. Review of the European Data Protection Directive http://www.rand.org/pubs/technical_reports/TR710.html May 7, 2009 May 7, 2009 <p>This report reviews the strengths and weaknesses of the EU Data Protection Directive and proposes avenues for improvement. The ideas presented here provide some ideas on how to improve the data protection regime for European citizens.</p> Cybersecurity Economic Issues: Corporate Approaches and Challenges to Decisionmaking http://www.rand.org/pubs/research_briefs/RB9365-1.html Nov 18, 2008 Nov 18, 2008 <p>This research brief addresses key cybersecurity concerns, such as protecting critical products and services and ensuring that software will work. It identifies how organizations perceive the importance of cybersecurity in making investment decisions.</p> Countering Terrorists' Use of Network Technologies http://www.rand.org/pubs/technical_reports/TR454.html Oct 15, 2007 Oct 15, 2007 <p>Precluding terrorists from getting the technology they want is impractical, and developing direct counters is unlikely to yield high payoffs. Instead, counterterrorism programs should exploit the technologies and the information such technologies use to enable more direct security force operations.</p> Computer-Based Crime to Be Focus of Silicon Valley Forum http://www.rand.org/news/press/2007/09/13.html Sep 25, 2007 Sep 25, 2007 <p>Security experts from the technology industry, law enforcement and academia will outline what is needed to better measure and understand the effect of computer-based crime in the United States during a public forum Sept. 25 in Silicon Valley.</p> RFID Security in the Workplace: Perk or Privacy? http://www.rand.org/commentary/2007/06/01/SWI.html Jun 1, 2007 Jun 1, 2007 RFID Security in the Workplace: Perk or Privacy?, in the Security World International. Conquest in Cyberspace: National Security and Information Warfare http://www.rand.org/pubs/commercial_books/CB407.html May 12, 2007 May 12, 2007 <p>Explores the potential for and limitations to information warfare, including its use in weapons systems and in command-and-control operations as well as in the generation of &ldquo;noise&rdquo; and how far &ldquo;friendly conquest&rdquo; in cyberspace extends.</p> RAND Launches National Computer Security Survey for Departments of Justice and Homeland Security http://www.rand.org/news/press/2006/05/02/index2.html May 2, 2006 May 2, 2006 On behalf of the U.S. Departments of Justice and Homeland Security, the RAND Corporation is fielding the first national survey to measure the impact of cybercrime on American businesses. Handbook Facilitates Classification of Cyber-Crime http://www.rand.org/pubs/technical_reports/TR337.html Apr 10, 2006 Apr 10, 2006 <p>The Computer Security Incident Response Team (CSIRT) Legal Handbook provides a comprehensive collection of information on European and national rules, regulations, and laws concerning computer misuse, as well as guidelines for when and how law enforcement must be informed of incidents.</p> President Obscured the Case for Spying http://www.rand.org/commentary/2006/02/05/SFC.html Feb 5, 2006 Feb 5, 2006 Published commentary by RAND staff: President Obscured the Case for Spying, in the San Francisco Chronicle. Dissuading Terror: Strategic Influence and the Struggle Against Terrorism http://www.rand.org/pubs/monographs/MG184.html Jan 21, 2005 Jan 21, 2005 <p>U.S. government decisionmakers face a number of challenges as they attempt to form policies that aim to dissuade terrorists from attacking the United States, divert youths from joining terrorist groups, and persuade the leaders of states and nongovernmental institutions to withhold support for terrorists. The successes or failures of such policies and campaigns have long-lasting effects. The findings of this research help U.S. decisionmakers more closely refine how and in what circumstances strategic influence campaigns can best be applied.</p>