INFOSEC

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Woman paying a cashier with a credit card, photo by alvarez/Getty Images

    Journal Article

    Cost of Cyber Incidents to American Companies Is Less Than Expected

    Sep 20, 2016

    Why don't American companies invest more in computer security? One possible explanation: Relative to the other risks they face, cyber risks often aren't as significant as expected. Most breaches cost companies less than 0.4 percent of their annual revenues.

  • U.S. President Barack Obama shakes hands with Chinese President Xi Jinping at the start of the climate summit in Paris, November 30, 2015, photo by Kevin Lamarque/Reuters

    Report

    Getting to Yes with China in Cyberspace

    Mar 22, 2016

    The tensions that divide the United States and China apply just as much to cyberspace as to relations in the physical world. Can the two countries achieve meaningful outcomes through formal negotiations over cyber norms and rules?

Explore Information Security

  • News Release

    RAND Study Examines 200 Real-World 'Zero-Day' Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 9, 2017

  • Composite image of binary code on a sunset over water

    Report

    The Life and Times of Zero-Day Software Vulnerabilities

    Zero-day software vulnerabilities—security holes that developers haven't fixed or aren't aware of—can lurk undetected for years. They are useful in cyber operations and in defensive and academic settings. Whether to disclose or stockpile them is an ongoing debate.

    Mar 9, 2017

  • U.S. Army soldiers take part in a multi-service exercise on cyber capabilities at Ford Gordon in Augusta, Georgia, June 10, 2014

    Testimony

    Effective Cyberdeterrence Takes More Than Offensive Capability

    A successful cyberdeterrence posture has many prerequisites. These include attributing attacks to the correct party, thresholds for what merits retaliation, credibility, and offensive capability. For the United States, capability is the least in doubt.

    Mar 1, 2017

  • Cyber gavel illustration

    Commentary

    Does the Court System Know as Much About ESI as Your Teenager? It Should.

    Electronically stored information (ESI) from smart appliances, fitness trackers, and other devices is making its way into the U.S. court system. Judges and lawyers need to better understand this evidence so they can challenge it or rule on its admissibility in court.

    Feb 21, 2017

  • Binary code bursts from phones held by a crowd of people with an overlay of glowing electronic numbers

    Commentary

    What Is the Adversary Likely to Do with the Clearance Records for 20 Million Americans?

    The state actor that hacked the Office of Personnel Management could use the stolen information to further its domestic control against dissidents, enhance its foreign intelligence, and improve its position in the global military and economic order.

    Jan 20, 2017

  • Report

    Issues with Access to Acquisition Data and Information in the Department of Defense: A Closer Look at the Origins and Implementation of Controlled Unclassified Information Labels and Security Policy

    The authors evaluated current Controlled Unclassified Information labeling procedures, practices, and security policies for U.S. Department of Defense acquisition data and recommend improvements.

    Dec 19, 2016

  • Brochure

    A focus on cybersecurity

    Cybersecurity has risen to become a prominent issue of national and global security for governments and international organisations worldwide. A focus on cybersecurity looks at the issues and details RAND Europe's expertise and work in the area.

    Dec 19, 2016

  • Report

    A Framework for Exploring Cybersecurity Policy Options

    RAND conducted two discovery games to explore possible solutions for improving cybersecurity, assess their implications, and develop an initial framework to support debate and inform decisions regarding cybersecurity policies and practices.

    Nov 23, 2016

  • Illustration of a digital world

    Commentary

    Where Next for the Digital Society?

    Digital technologies are omnipresent, both in terms of where we are and what we do. A digital society can bring about economic and societal gain, but there are many challenges that need to be addressed beyond the actual technologies.

    Oct 14, 2016

  • Report

    Thought Leadership programme 2016: Key Findings

    Key findings from the 2016 Thought Leadership Programme, convened by Corsham Institute in conjunction with RAND Europe and St George's House exploring opportunities and challenges created by digital technologies in society.

    Oct 13, 2016

  • Concept of leaky software, data pouring out of pipe

    Commentary

    Digital Theft: The New Normal

    Absolute data breach prevention is not possible, so knowing what people want when it happens is important. Consumers and corporations alike should accept this risk as a “when,” not an “if,” and prepare for it.

    Oct 10, 2016

  • News Release

    Ukraine's Security Sector Needs Substantial Reform

    An assessment of Ukraine's security sector determines what different institutions need to do and where gaps exist. Roles and responsibilities need to be clarified, and coordination is needed among individual ministries and agencies.

    Oct 5, 2016

  • Ukrainian servicemen take part in a rehearsal for the Independence Day military parade in central Kiev, Ukraine, August 22, 2016

    Report

    Security Sector Reform in Ukraine

    The 2014 Maidan revolution created an opportunity for change in a system that had resisted it for 25 years. The Ukrainian security establishment has progressed since then, but its efforts have been insufficient to address the threats now facing the nation.

    Oct 5, 2016

  • News Release

    Cost of Cyber Incidents Not Large Compared with Other Business Losses; May Influence Responses by Businesses

    Data breaches have made headlines in recent years, exposing poor practices that put the personal information of millions of consumers at risk. But the cost of a typical cyber breach is much less than generally estimated, providing one possible explanation for why American companies do not invest more to improve computer security.

    Sep 20, 2016

  • Global internet security illustration

    Project

    Developing a Toolbox for the Global Cyber Security Capacity Centre Maturity Model

    The Cyber Security Capability Maturity Model allows organisations to map and assess maturity to achieve a healthy and resilient national cyber ecosystem. A new toolbox will aim to help policymakers identify priority areas for intervention to strengthen cyber capabilities.

    Aug 16, 2016

  • Guo Shengkun, China's Minister of Public Security, speaks during the Second U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues in Beijing, China, June 14, 2016

    Commentary

    The U.S.-China Cyber Agreement: A Good First Step

    The 2015 U.S.-China cyber agreement is a potentially important first step toward addressing the problem of Chinese espionage. But it is by no means a final step.

    Aug 1, 2016

  • Massive unclassified paper shred and uniform drop-off bins help prevent OPSEC violations

    Commentary

    Keeping Up with the Policymakers: The Unclassified Tearline

    Unclassified tearlines could convey the bottom line and potential implications of a classified story in unclassified terms, while obscuring sensitive sources and methods. There are good reasons to build them into the business process and culture of intelligence agencies.

    Jul 28, 2016

  • Periodical

    RAND Review: July-August 2016

    This issue highlights the stress of military deployments and resilience of military families; RAND research on cybercrime, network defense, and data breaches; the 40th anniversary of RAND's landmark Health Insurance Experiment; and more.

    Jun 27, 2016

  • Eyeball on a laptop computer screen

    Essay

    The Digital Underworld: What You Need to Know

    A growing threat is emanating from a digital underworld where hackers sell their services like mercenaries and credit-card numbers can be had for pennies on the dollar.

    Jun 24, 2016