Download eBook for Free

Full Document

FormatFile SizeNotes
PDF file 0.6 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Summary Only

FormatFile SizeNotes
PDF file 0.1 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback90 pages $24.00

The Bureau of Justice Statistics (BJS) in the Office of Justice Programs (OJP) of the U.S. Department of Justice (DOJ) conducted a pilot survey in 2001 — the Computer Security Survey (CSS) — to collect information about computer infrastructure and security measures from a sample of 500 businesses across a range of economic sectors. Based on the pilot-survey results, BJS, along with the U.S. Department of Homeland Security (DHS), decided to field a National Computer Security Survey (NCSS), a nationally representative sample of 36,000 businesses across 36 industry sectors. In 2004, RAND was selected to conduct the NCSS. The survey itself was fielded in 2006 with the data collected representing the experiences of companies in 2005. The survey collected data on the nature, extent, and consequences of computer-security incidents, monetary costs and other consequences of these incidents, incident details (such as types of offenders and reporting to authorities), and computer-security measures used by companies. The goal was to produce reliable national estimates of the incidence and prevalence of computer-security incidents against businesses and businesses' resulting losses from such incidents. This RAND report details the methodology used to develop and field the NCSS, as well as the sampling design and weighting methodology used.

This report was prepared for the Bureau of Justice Statistics and conducted under the auspices of the Safety and Justice Program within RAND Infrastructure, Safety, and Environment (ISE).

This report is part of the RAND technical report series. RAND technical reports may include research findings on a specific topic that is limited in scope or intended for a narrow audience; present discussions of the methodology employed in research; provide literature reviews, survey instruments, modeling exercises, guidelines for practitioners and research professionals, and supporting documentation; or deliver preliminary findings. All RAND reports undergo rigorous peer review to ensure that they meet high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.