INFOSEC

Featured

Technology allows individuals and organizations access to more comprehensive and diverse information, but this access requires that electronic information, networks, data repositories, and data transmissions be adequately safeguarded. RAND has developed a large body of research focused on recognizing the potential threats to information security and data integrity, as well as implications for personal and institutional privacy.

  • Fotolia_55457025_Subscription_Monthly_XL

    Report

    Companies Are Prioritizing Cybersecurity, but Hackers Still May Be Gaining

    Jun 10, 2015

    While spending on cybersecurity is $70 billion a year and growing, many chief information security officers believe that hackers may gain the upper hand in two to five years, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

  • 140902-F-II211-904

    Commentary

    Put a Cybercop on the Beat

    Jan 22, 2015

    What remains vitally needed is legislation that would grant at least one capable government organization the authority to track cyber-intruders and -criminals with the same freedom and speed of maneuver that these adversaries enjoy, while protecting the civil liberties and freedoms that allowed the establishment of the Internet.

Explore Information Security

  • Journal Article

    Investing in Cybersecurity

    This research examines why, how and how much organisations in critical infrastructure sectors invest in cybersecurity.

    Feb 11, 2016

  • U.S. Defense Secretary Ash Carter meets with Chinese Gen. Fan Changlong, vice chairman of China's Central Military Commission, at the Pentagon, June 11, 2015

    Commentary

    OPM Hack Poses Overlooked Counterintelligence Risk for Economic Espionage

    Since discovering the theft of personal data from an OPM database last spring, government officials have been preoccupied with assessing the risks to national security. But they must also address its potential to enable an adversary to steal valuable economic and commercial information.

    Feb 1, 2016

  • Department of Homeland Security researchers work at the Idaho National Laboratory in Idaho Falls, April 28, 2010

    Tool

    A Framework for Programming and Budgeting for Cybersecurity

    When defending an organization, cybersecurity professionals must choose from a large set of defensive measures while operating with a limited set of resources. What is the menu of actions for defending against an attack? And how can defenders navigate the selection process?

    Jan 20, 2016

  • A flying police car hovers past city buildings

    Essay

    How Will Technology Change Criminal Justice?

    In perhaps no other field does society have as direct a stake in getting technology right as in policing. How will technology change the work that law enforcement agencies do and the communities they serve?

    Jan 7, 2016

  • Journal Article

    Cloud-Trust—a Security Assessment Model for Infrastructure as a Service (IaaS) Clouds

    The vulnerability of Cloud Computing Systems (CCSs) to Advanced Persistent Threats (APTs) is a significant concern to government and industry.

    Dec 23, 2015

  • Financial system representation

    Report

    The National Security Implications of Virtual Currency

    Could a non-state actor deploy a virtual currency to disrupt sovereignty and increase its political or economic power? How might a government or organization successfully disrupt such a deployment?

    Dec 16, 2015

  • Internet of Things graphic

    Commentary

    Keeping Hackers Away from Your Car, Fridge, and Front Door

    In the ever-growing Internet of Things, attackers already outpace the defenders. If developing solutions for software liability doesn't become more of a priority, there may be no winning this technological war.

    Dec 7, 2015

  • Close-up view on white conceptual keyboard - European Union (key with flag)

    Report

    Exploring Cybersecurity Threats and Policy Responses in the EU and Beyond

    Existing cybersecurity measures in the EU are fragmented, largely due to gaps in operational capabilities as well as strategic priorities of Member States. However, there are many policy options that may improve the EU's overall cybersecurity approach.

    Nov 18, 2015

  • A U.S. Air Force airman works at the 561st Network Operations Squadron, which executes defensive cyber operations

    Commentary

    The Two Sides of Cybersecurity

    Securing government networks is certainly necessary, but authorities should not lose sight of the need to couple their defense of America's networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats in cyberspace.

    Nov 13, 2015

  • Journal Article

    Deterrence, Influence, Cyber Attack, and Cyberwar

    This study uses a simple model to speculate about whether deterrence can be a significant part of dealing with special features of the cyber attack challenge, and distinguishing different classes and contexts of cyber threats.

    Nov 13, 2015

  • Volkswagen CEO Matthias Mueller gives a tour of the VW factory in Wolfsburg, Germany, October 21, 2015

    Commentary

    When Public Trust in Corporations Is Shaken

    The Volkswagen scandal comes at a time when the public's trust in both the automotive industry and tech companies is at risk. The level of public trust in an individual organization could end up burnishing — or infecting — an entire industry or new technology.

    Oct 28, 2015

  • Research Brief

    Cybersecurity of Air Force Weapon Systems: Ensuring Cyber Mission Assurance Throughout a System's Life Cycle

    Discusses how the Air Force acquisition/life-cycle management community can improve cybersecurity throughout the life cycle of Air Force weapon systems.

    Oct 27, 2015

  • An F-15 flying over Nevada during a USAFWS Mission Employment Exercise

    Report

    Improving the Cybersecurity of U.S. Air Force Weapon Systems

    U.S. Air Force weapon systems containing information technology may be vulnerable to intelligence exploitation and cyberattacks. But there are steps that the Air Force can take to improve the security of these systems throughout their life cycles.

    Oct 27, 2015

  • Malware phishing data concept

    Commentary

    Social Engineering Explained: The Human Element in Cyberattacks

    The human element is the most unpredictable factor in cybersecurity. A social engineer aims to make people do what they want or give the social engineer information, often without the person considering the negative consequences.

    Oct 20, 2015

  • A person looking at top secret files with a magnifying glass

    Commentary

    Defining a New Paradigm for Government Secrecy

    Technology has afforded the U.S. national security apparatus incredible capabilities, along with equally monumental challenges and risks. The government has the option to choose whether to adjust by taking a proactive approach or to allow external forces to determine the future of its secrets.

    Oct 13, 2015

  • Joint service and civilian personnel concentrate on exercise scenarios during "Cyber Guard 2015."

    Testimony

    Perspective on 2015 DoD Cyber Strategy

    The DoD's cyber strategy is aligned with its mission, but there will be challenges to implementation—including building and maintaining a capable workforce, assessing risk across DoD networks and systems, and planning for operations.

    Sep 29, 2015

  • congressional-podcast-teaser-highres

    Multimedia

    Lessons from a Hacker: Cyber Concepts for Policymakers

    In this September 14th congressional briefing, Lillian Ablon discusses the basics of cyber and information security and provides insights into some of the complexities of cybersecurity policymaking. Topics include why software vulnerabilities are significant, the components of cyber risk beyond the threat, motivations of various cyber threats actors, and what they exploit.

    Sep 14, 2015

  • Report

    Cyber Practices: What Can the U.S. Air Force Learn from the Commercial Sector?

    This report describes common commercial practices for cyber workforce management and organizational issues that are applicable to the U.S. Air Force as it endeavors to improve the management of its cyber forces.

    Sep 9, 2015

  • Digital internet security concept

    Announcement

    RAND Hosts Cybersecurity Exercise

    The discussion of cybersecurity should not be trapped within narrow technical, national security, or legal stovepipes and should include an examination of economic, civil, and societal factors. With that goal in mind, RAND hosted an analytic exercise on cybersecurity.

    Sep 3, 2015

  • An illustration of a projection of binary code on a man holding a laptop computer

    Commentary

    Is It Time to Appoint a Data Security Czar?

    Cybersecurity needs to become more of a priority for the government and private corporations. Whatever the solution, public and private officials need to do a better job of weighing the risk-benefit calculation of storing data on Internet-accessible computers and justifying data-handling protocols.

    Sep 3, 2015