INFOSEC

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • 140902-F-II211-904

    Commentary

    Put a Cybercop on the Beat

    Jan 22, 2015

    What remains vitally needed is legislation that would grant at least one capable government organization the authority to track cyber-intruders and -criminals with the same freedom and speed of maneuver that these adversaries enjoy, while protecting the civil liberties and freedoms that allowed the establishment of the Internet.

  • Fotolia_60505744_Subscription_Monthly_XXL

    Commentary

    The Hackers' Bazaar

    Apr 11, 2014

    Today's cyber black markets have evolved into playgrounds of financially driven, highly organized and sophisticated groups, often connected with traditional crime organizations.

Explore Information Security

  • Network hub and cable

    Testimony

    Strategies for Defending U.S. Government Networks in Cyberspace

    Hackers, including state and non-state actors, are continuing to find opportunities to penetrate U.S. government networks. Defending these networks will require a systems approach.

    Jun 24, 2015

  • Report

    Issues with Access to Acquisition Data and Information in the Department of Defense: Policy and Practice

    This report identifies the problems and challenges associated with sharing unclassified information within the U.S. Department of Defense and investigates the role of policies and practices associated with such sharing.

    Jun 12, 2015

  • Report

    Issues with Access to Acquisition Data and Information in the Department of Defense: Executive Summary

    This report identifies the problems and challenges associated with sharing unclassified information within the U.S. Department of Defense and investigates the role of policies and practices associated with such sharing.

    Jun 12, 2015

  • News Release

    Companies Are Making Cybersecurity a Greater Priority, but Hackers Still May Be Gaining

    While worldwide spending on cybersecurity is close to $70 billion a year and growing, many chief information security officers believe that hackers may gain the upper hand in two to five years, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

    Jun 10, 2015

  • An information security illustration superimposed over a businesswoman holding a tablet

    Report

    Companies Are Prioritizing Cybersecurity, but Hackers Still May Be Gaining

    While spending on cybersecurity is $70 billion a year and growing, many chief information security officers believe that hackers may gain the upper hand in two to five years, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

    Jun 10, 2015

  • Report

    Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems: Guidance for Where to Focus Mitigation Efforts

    RAND researchers developed a process for prioritizing functions and information systems in assessing mission assurance under cyber attack, a challenge due to the number of systems, range of vulnerabilities, and variety of combat support functions.

    May 29, 2015

  • Hand touching tablet behind social media diagram and map

    Commentary

    The Clash of Internet Civilizations: Why Neither Side Should Prevail

    The debate over net neutrality pits two opposing philosophies against each other — one pushing for the continued evolution of the Internet as an open information superhighway, the other asserting that the Internet's evolution needs to take more account of the many ways it is and will be used.

    Apr 10, 2015

  • Eye and technology display

    Report

    Training Cyber Warriors: Lessons from Defense Language Training

    To ensure the U.S. Department of Defense has sufficient numbers of skilled cyber workers, it may need to develop additional training approaches as it plans for broader recruiting and workforce management. Examining how DoD handles foreign language training yields lessons that could be applied to cyber training.

    Mar 16, 2015

  • A man accesses data from a computer

    Testimony

    Sharing Information About Threats Is Not a Cybersecurity Panacea

    Information-sharing—specifically, threat-centric information-sharing—has dominated recent discussions on improving cybersecurity, but it is not a silver bullet. Its usefulness is tied to certain assumptions about attacks, and while it should be encouraged, it addresses only one facet of a very complex space.

    Mar 4, 2015

  • People holding mobile phones are silhouetted against a backdrop projected with the Twitter logo

    Commentary

    Decoding the Breach: The Truth About the CENTCOM Hack

    When ISIS hackers hijacked the Twitter account of U.S. Central Command on Jan. 12, they falsely claimed that they had hacked into U.S. military computers. While the incident was embarrassing, it was not concerning in operational military terms. It was, however, damaging to the counterinsurgency against ISIS.

    Feb 3, 2015

  • Service members working in the Global Strategic Warning and Space Surveillance System Center

    Commentary

    Put a Cybercop on the Beat

    What remains vitally needed is legislation that would grant at least one capable government organization the authority to track cyber-intruders and -criminals with the same freedom and speed of maneuver that these adversaries enjoy, while protecting the civil liberties and freedoms that allowed the establishment of the Internet.

    Jan 22, 2015

  • U.S. President Barack Obama delivers his State of the Union address to a joint session of Congress on Capitol Hill in Washington, January 20, 2015

    Blog

    State of the Union 2015: Clarion Calls on Terrorism, Cyber, Education, and More

    The agenda President Barack Obama outlined in his State of the Union address can perhaps best be characterized as broad, mirroring the range of diverse and emerging issues facing the U.S. in 2015.

    Jan 21, 2015

  • Lily Ablon holding medal received for winning DEF CON 21 challenge at Def Con Cybersecurity conference

    Blog

    The Good Hacker: Q&A with Lillian Ablon

    Lillian Ablon talks about hacking, winning the DEF CON black badge, women in STEM, and more.

    Jan 16, 2015

  • Report

    RAND Review: January-February 2015

    This issue of RAND Review reports on technology literacy in kids, self-driving cars, marijuana legalization, hacking and cybersecurity, monetary compensation for mass tragedies, and recent philanthropic gifts to RAND.

    Jan 12, 2015

  • People pose in front of a display showing the word 'cyber' in binary code, Zenica, Bosnia and Herzegovina, December 27, 2014

    Commentary

    After a Year of Major Hacks, 2015 Resolutions to Bolster Cyber Security

    With numerous data breaches and emerging software vulnerabilities, 2014 was the year the hack went viral. But realizing a few New Year's resolutions in 2015 could help defenders make strides in protection, tools, and techniques to gain the edge over cyber attackers in years to come.

    Dec 31, 2014

  • Illustrated photo of a person typing on a computer keyboard

    Commentary

    Preventing Cyber Attacks: Sharing Information About Tor

    While Tor has many benefits, it is also used to hide criminal activity online such as the recent cyber attacks against JPMorgan Chase and Sony Pictures. The U.S. government should share the IP addresses of Tor network nodes with U.S. critical infrastructure and financial firms so that future cyber attacks could be prevented.

    Dec 17, 2014

  • North Korean leader Kim Jong-un guides a takeoff and landing drill on a highway airfield in this undated photo released by North Korea's Korean Central News Agency in Pyongyang, October 19, 2014

    Commentary

    How Should the U.S. Respond to the Sony Hack?

    North Korea is likely testing the United States and its cyber community to see where vulnerabilities may exist. So this is not just an issue of how Sony Pictures responds—this is an issue of how the United States responds.

    Dec 11, 2014

  • Richard Danzig, Adm. Michael S. Rogers, and Michael E. Leiter at RAND's Politics Aside 2014

    Blog

    Setting Standards for Cyber Security

    Developing international norms and standards about appropriate cyber security activity by nations, groups, and even individuals is key to governing online activity in the future, said NSA Director Adm. Michael S. Rogers during a panel discussion at RAND's Politics Aside event.

    Nov 14, 2014

  • Server room in data center

    Commentary

    Putting the Brussels House in Order: Why Data Protection Frameworks in EU Institutions and Agencies Are Not Fit for Purpose

    EU institutions and agencies urgently need to revisit the frameworks that govern data privacy in their own houses if they want to keep pace with some of the latest trends in corporate information and communication technology (ICT) delivery and use, such as cloud computing or the consumerisation of ICT ('bring your own device').

    Oct 23, 2014

  • Tinker Air Force Base Computing Center

    Report

    Cost Considerations in Cloud Computing

    Until the Department of Defense develops official guidance for cost analysis of cloud and data centers, examining cost drivers for several data management approaches can help guide DoD analysts.

    Oct 2, 2014