INFOSEC

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Woman typing into a laptop, photo by pathdoc/Fotolia

    Report

    Few Consumers Penalize Hacked Companies for Data Breaches

    Apr 13, 2016

    About a quarter of American adults surveyed reported that they received a data breach notification in the past year, but 77 percent of them were highly satisfied with the company's post-breach response. Only 11 percent of respondents stopped dealing with the company afterwards.

  • View to an operating room through an office window, photo by Alexei Cruglicov/iStock

    Commentary

    Ransomware Hackers Are Coming for Your Health Records

    Apr 11, 2016

    Cyber criminals may be preying on hospitals because cyber protection measures likely have not kept pace with electronic data collection and because hospitals typically do not have backup systems and databases in place, even though such attacks can strain health care systems and potentially put patients' lives at risk.

Explore Information Security

  • Report

    A Framework for Exploring Cybersecurity Policy Options

    RAND conducted two discovery games to explore possible solutions for improving cybersecurity, assess their implications, and develop an initial framework to support debate and inform decisions regarding cybersecurity policies and practices.

    Nov 23, 2016

  • Illustration of a digital world

    Commentary

    Where Next for the Digital Society?

    Digital technologies are omnipresent, both in terms of where we are and what we do. A digital society can bring about economic and societal gain, but there are many challenges that need to be addressed beyond the actual technologies.

    Oct 14, 2016

  • Report

    Thought Leadership programme 2016: Key Findings

    Key findings from the 2016 Thought Leadership Programme, convened by Corsham Institute in conjunction with RAND Europe and St George's House exploring opportunities and challenges created by digital technologies in society.

    Oct 13, 2016

  • Concept of leaky software, data pouring out of pipe

    Commentary

    Digital Theft: The New Normal

    Absolute data breach prevention is not possible, so knowing what people want when it happens is important. Consumers and corporations alike should accept this risk as a “when,” not an “if,” and prepare for it.

    Oct 10, 2016

  • Woman paying a cashier with a credit card

    Journal Article

    Cost of Cyber Incidents to American Companies Is Less Than Expected

    Why don't American companies invest more in computer security? One possible explanation: Relative to the other risks they face, cyber risks often aren't as significant as expected. Most breaches cost companies less than 0.4 percent of their annual revenues.

    Oct 10, 2016

  • News Release

    Ukraine's Security Sector Needs Substantial Reform

    An assessment of Ukraine's security sector determines what different institutions need to do and where gaps exist. Roles and responsibilities need to be clarified, and coordination is needed among individual ministries and agencies.

    Oct 5, 2016

  • Ukrainian servicemen take part in a rehearsal for the Independence Day military parade in central Kiev, Ukraine, August 22, 2016

    Report

    Security Sector Reform in Ukraine

    The 2014 Maidan revolution created an opportunity for change in a system that had resisted it for 25 years. The Ukrainian security establishment has progressed since then, but its efforts have been insufficient to address the threats now facing the nation.

    Oct 5, 2016

  • News Release

    Cost of Cyber Incidents Not Large Compared with Other Business Losses; May Influence Responses by Businesses

    Data breaches have made headlines in recent years, exposing poor practices that put the personal information of millions of consumers at risk. But the cost of a typical cyber breach is much less than generally estimated, providing one possible explanation for why American companies do not invest more to improve computer security.

    Sep 20, 2016

  • Global internet security illustration

    Project

    Developing a Toolbox for the Global Cyber Security Capacity Centre Maturity Model

    The Cyber Security Capability Maturity Model allows organisations to map and assess maturity to achieve a healthy and resilient national cyber ecosystem. A new toolbox will aim to help policymakers identify priority areas for intervention to strengthen cyber capabilities.

    Aug 16, 2016

  • Guo Shengkun, China's Minister of Public Security, speaks during the Second U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues in Beijing, China, June 14, 2016

    Commentary

    The U.S.-China Cyber Agreement: A Good First Step

    The 2015 U.S.-China cyber agreement is a potentially important first step toward addressing the problem of Chinese espionage. But it is by no means a final step.

    Aug 1, 2016

  • Massive unclassified paper shred and uniform drop-off bins help prevent OPSEC violations

    Commentary

    Keeping Up with the Policymakers: The Unclassified Tearline

    Unclassified tearlines could convey the bottom line and potential implications of a classified story in unclassified terms, while obscuring sensitive sources and methods. There are good reasons to build them into the business process and culture of intelligence agencies.

    Jul 28, 2016

  • Periodical

    RAND Review: July-August 2016

    This issue highlights the stress of military deployments and resilience of military families; RAND research on cybercrime, network defense, and data breaches; the 40th anniversary of RAND's landmark Health Insurance Experiment; and more.

    Jun 27, 2016

  • Eyeball on a laptop computer screen

    Essay

    The Digital Underworld: What You Need to Know

    A growing threat is emanating from a digital underworld where hackers sell their services like mercenaries and credit-card numbers can be had for pennies on the dollar.

    Jun 24, 2016

  • Hands on a keyboard in a dark room

    Commentary

    Cyberterrorism and the Role of Silicon Valley

    As national security and war are being redefined for the digital age, Silicon Valley will need to be on the front line of counterterrorism. Its inventors and entrepreneurs are driving the information revolution, and they must figure out how to protect vital systems against malevolent intrusions.

    Jun 13, 2016

  • Illustration of data encryption

    Blog

    RAND's Lillian Ablon Presents 'Lessons from a Hacker'

    Lillian Ablon, a cybersecurity and emerging technologies researcher, spoke at a RAND Policy Circle Conversation on the world's expanding cyber vulnerability, those who are out there to take advantage of those vulnerabilities, as well as consumer attitudes toward breaches.

    Jun 1, 2016

  • Paramedics helping a patient

    Commentary

    Privacy Preferences for Healthcare Records and Information Across Europe

    The general public has a more nuanced preference for the privacy of electronic health records than previously thought. Survey respondents said that they would not be averse to individuals involved in the health and rescue professions having access to their basic health information.

    May 11, 2016

  • Congressional Briefing Podcast

    Multimedia

    Getting to Yes with China in Cyberspace: Is It Possible?

    In this May 2016 congressional briefing, RAND experts Scott W. Harold and Martin Libicki discuss the differing perspectives and interests of the United States and China in cyberspace.

    May 2, 2016

  • Journal Article

    Good Practice Guide on Vulnerability Disclosure: From Challenges to Recommendations

    Vulnerabilities are 'flaws' or 'mistakes' in computer-based systems that may be exploited to compromise the network and information security of affected systems.

    Apr 27, 2016

  • News Release

    One-Fourth of American Adults Notified of Data Breach in Past Year; Few Consumers Penalize Hacked Companies

    About a quarter of American adults reported that they were notified about their personal information being part of a data breach in the previous year, but only 11 percent of those who have ever been notified say they stopped doing business with the hacked company afterwards.

    Apr 13, 2016

  • Infographic

    Data Theft Victims, and Their Response to Breach Notifications

    This infographic highlights the results of a study of consumer attitudes toward data breaches, notifications of those breaches, and company responses to such events.

    Apr 13, 2016