G2TT
来源类型Report
规范类型报告
DOIhttps://doi.org/10.7249/RR1024
来源IDRR-1024-JNI
The Defender's Dilemma: Charting a Course Toward Cybersecurity
Martin C. Libicki; Lillian Ablon; Timothy Webb
发表日期2015-06-10
出版年2015
语种英语
结论

Common Knowledge Confirmed

  • Security postures are highly specific to company type, size, etc.; and there often aren't good solutions for smaller businesses.
  • Quarantining certain parts of an organization offline can be a useful option.
  • Responding to the desire of employees to bring their own devices and connect them to the network creates growing dilemmas.
  • Chief information security officers (CISOs) feel that attackers have the upper hand, and will continue to have it.

Reasonable Suppositions Validated

  • Customers look to extant tools for solutions even though they do not necessarily know what they need and are certain no magic wand exists.
  • CISOs want information on the motives and methods of specific attackers, but there is no consensus on how such information could be used.
  • Current cyberinsurance offerings are often seen as more hassle than benefit, only useful in specific scenarios, and providing little return.

Surprising Findings

  • A cyberattack's effect on reputation (rather than more direct costs) is the biggest cause of concern for CISOs. The actual intellectual property or data that might be affected matters less than the fact that any intellectual property or data is at risk.
  • In general, loss estimation processes are not particularly comprehensive.
  • The ability to understand and articulate an organization's risk arising from network penetrations in a standard and consistent matter does not exist and will not exist for a long time.
摘要

Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures — and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities.

目录
  • Chapter One

    Introduction

  • Chapter Two

    Chief Information Security Officers Surveyed

  • Chapter Three

    The Efficacy of Security Systems

  • Chapter Four

    Improving Software

  • Chapter Five

    A Heuristic Cybersecurity Model

  • Chapter Six

    Lessons for Organizations and Public Policy

  • Appendix A

    Questionnaire

  • Appendix B

    Model Specification

  • Appendix C

    Baseline Parameters

主题Cybercrime ; Cybersecurity ; The Internet ; Law Enforcement ; Markets
URLhttps://www.rand.org/pubs/research_reports/RR1024.html
来源智库RAND Corporation (United States)
引用统计
资源类型智库出版物
条目标识符http://119.78.100.153/handle/2XGU8XDN/522772
推荐引用方式
GB/T 7714
Martin C. Libicki,Lillian Ablon,Timothy Webb. The Defender's Dilemma: Charting a Course Toward Cybersecurity. 2015.
条目包含的文件
文件名称/大小 资源类型 版本类型 开放类型 使用许可
RAND_RR1024.pdf(1148KB)智库出版物 限制开放CC BY-NC-SA浏览
1495296693027.jpg(10KB)智库出版物 限制开放CC BY-NC-SA缩略图
浏览
个性服务
推荐该条目
保存到收藏夹
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Martin C. Libicki]的文章
[Lillian Ablon]的文章
[Timothy Webb]的文章
百度学术
百度学术中相似的文章
[Martin C. Libicki]的文章
[Lillian Ablon]的文章
[Timothy Webb]的文章
必应学术
必应学术中相似的文章
[Martin C. Libicki]的文章
[Lillian Ablon]的文章
[Timothy Webb]的文章
相关权益政策
暂无数据
收藏/分享
文件名: RAND_RR1024.pdf
格式: Adobe PDF
文件名: 1495296693027.jpg
格式: JPEG

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。