The National Computer Security Survey (NCSS)

Final Methodology

Lois M. Davis, Daniela Golinelli, Robin L. Beckman, Sarah K. Cotton, Robert H. Anderson, Anil Bamezai, Christopher R. Corey, Megan Zander Cotugno, John L. Adams, Roald Euller, et al.

ResearchPublished Sep 16, 2008

The Bureau of Justice Statistics (BJS) in the Office of Justice Programs (OJP) of the U.S. Department of Justice (DOJ) conducted a pilot survey in 2001 — the Computer Security Survey (CSS) — to collect information about computer infrastructure and security measures from a sample of 500 businesses across a range of economic sectors. Based on the pilot-survey results, BJS, along with the U.S. Department of Homeland Security (DHS), decided to field a National Computer Security Survey (NCSS), a nationally representative sample of 36,000 businesses across 36 industry sectors. In 2004, RAND was selected to conduct the NCSS. The survey itself was fielded in 2006 with the data collected representing the experiences of companies in 2005. The survey collected data on the nature, extent, and consequences of computer-security incidents, monetary costs and other consequences of these incidents, incident details (such as types of offenders and reporting to authorities), and computer-security measures used by companies. The goal was to produce reliable national estimates of the incidence and prevalence of computer-security incidents against businesses and businesses' resulting losses from such incidents. This RAND report details the methodology used to develop and field the NCSS, as well as the sampling design and weighting methodology used.

Order a Print Copy

Format
Paperback
Page count
90 pages
List Price
$24.00
Buy link
Add to Cart

Topics

Document Details

  • Availability: Available
  • Year: 2008
  • Print Format: Paperback
  • Paperback Pages: 90
  • Paperback Price: $24.00
  • Paperback ISBN/EAN: 978-0-8330-4467-9
  • DOI: https://doi.org/10.7249/TR544
  • Document Number: TR-544-BJS

Citation

RAND Style Manual
Davis, Lois M., Daniela Golinelli, Robin L. Beckman, Sarah K. Cotton, Robert H. Anderson, Anil Bamezai, Christopher R. Corey, Megan Zander Cotugno, John L. Adams, Roald Euller, and Paul S. Steinberg, The National Computer Security Survey (NCSS): Final Methodology, RAND Corporation, TR-544-BJS, 2008. As of October 15, 2024: https://www.rand.org/pubs/technical_reports/TR544.html
Chicago Manual of Style
Davis, Lois M., Daniela Golinelli, Robin L. Beckman, Sarah K. Cotton, Robert H. Anderson, Anil Bamezai, Christopher R. Corey, Megan Zander Cotugno, John L. Adams, Roald Euller, and Paul S. Steinberg, The National Computer Security Survey (NCSS): Final Methodology. Santa Monica, CA: RAND Corporation, 2008. https://www.rand.org/pubs/technical_reports/TR544.html. Also available in print form.
BibTeX RIS

This report was prepared for the Bureau of Justice Statistics and conducted under the auspices of the Safety and Justice Program within RAND Infrastructure, Safety, and Environment (ISE).

This publication is part of the RAND technical report series. RAND technical reports, products of RAND from 2003 to 2011, presented research findings on a topic limited in scope or intended for a narrow audience; discussions of the methodology employed in research; literature reviews, survey instruments, modeling exercises, guidelines for practitioners and research professionals, and supporting documentation; and preliminary findings. All RAND technical reports were subject to rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.