Narrow your search
Listing 1 - 9 of 9
Sort by

Book
Internet freedom software and illicit activity
Author:
ISBN: 0833090909 0833091107 9780833090904 9780833090881 0833090887 9780833090898 0833090895 9780833091109 Year: 2015 Publisher: Santa Monica, CA


Book
Comparison of Public and Private Sector Cybersecurity and IT Workforces
Authors: --- ---
Year: 2023 Publisher: RAND Corporation

Loading...
Export citation

Choose an application

Bookmark

Abstract

Direct workforce comparisons between U.S. Department of Defense (DoD) and private sector organizations are complicated because of available data and the different taxonomies used to classify cybersecurity and information technology (IT) workforces. On one hand, some data use the U.S. Bureau of Labor Statistics (BLS) Standard Occupational Classification (SOC) system, while other data use the Defense Cyber Workforce Framework (DCWF), an extension of the National Institute of Standards and Technology's workforce framework for cybersecurity. In this report, the authors update and extend previous RAND Corporation research conducted for DoD to support its zero-based review of cybersecurity and IT personnel. For the purpose of this research, the authors developed a common taxonomy across BLS SOC and DCWF schemes based on work roles, key tasks, and responsibilities. Using this common taxonomy, the authors examine the proportion of cybersecurity and IT work roles and workers' salaries across private and public sectors, as well as three technology-related industry sectors, using ten years of BLS data (2012–2021). The authors also examine the demand for these jobs as measured by job opening data from CyberSeek, an online data analysis tool supported by the National Initiative for Cybersecurity Education.

Keywords


Book
Identifying Critical IT Products and Services
Authors: --- --- --- --- --- et al.
Year: 2022 Publisher: RAND Corporation

Loading...
Export citation

Choose an application

Bookmark

Abstract

In the past 20 years, the U.S. government, championed by the U.S. Department of Homeland Security (DHS) and in collaboration with other public and private entities, has made considerable progress enumerating the country's critical infrastructure components and National Critical Functions (NCFs). However, these efforts have not enabled specific identification of the most-critical computing systems within networks. To help fill that gap, researchers from the Homeland Security Operational Analysis Center sought to examine and enumerate the businesses that provide the most-critical information technology (IT) products and services and lay the groundwork for DHS and other federal and private-sector elements to better apply a risk-based approach to protecting the country's most-important assets and systems. They sought to (1) create a prioritized list of software and businesses that provide IT products and services and (2) develop a framework that could continue and extend this analysis into the future to accommodate emerging technologies and the evolution of the technology market. The work featured four workstreams: (1) identifying and integrating disparate data sources to identify the most-critical vulnerabilities and software applications in the U.S. internet protocol space; (2) collecting original data to map the software dependency and ownership structure of the most-referenced libraries; (3) leveraging existing work to identify specific IT and communication companies that were most interconnected and could suffer the greatest economic loss; and (4) developing a way to link NCFs to actual software companies supporting those functions.

Keywords


Book
The Common Vulnerability Scoring System (CVSS) and its applicability to Federal agency systems
Authors: --- --- ---
Year: 2007 Publisher: Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology,

Loading...
Export citation

Choose an application

Bookmark

Abstract


Book
The internet of bodies : opportunities, risks, and governance
Authors: --- --- --- --- --- et al.
Year: 2020 Publisher: Santa Monica, Calif. RAND Corporation

Loading...
Export citation

Choose an application

Bookmark

Abstract

Internet-connected "smart" devices are increasingly available in the marketplace, promising consumers and businesses improved convenience and efficiency. Within this broader Internet of Things (IoT) lies a growing industry of devices that monitor the human body and transmit the data collected via the internet. This development, which some have called the Internet of Bodies (IoB), includes an expanding array of devices that combine software, hardware, and communication capabilities to track personal health data, provide vital medical treatment, or enhance bodily comfort, function, health, or well-being. However, these devices also complicate a field already fraught with legal, regulatory, and ethical risks. The authors of this report examine this emerging collection of human body–centric and internet-connected technologies; explore benefits, security and privacy risks, and ethical implications; survey the nascent regulatory landscape for these devices and the data they collect; and make recommendations to balance IoB risks and rewards.


Book
Measuring Intelligence, Surveillance, and Reconnaissance Effectiveness at the United States Central Command
Authors: --- --- --- --- --- et al.
Year: 2021 Publisher: Santa Monica, Calif. RAND Corporation

Loading...
Export citation

Choose an application

Bookmark

Abstract

U.S. Central Command (CENTCOM) Directorate of Intelligence sought RAND Corporation assistance in developing a repeatable process to measure the effectiveness of its intelligence, surveillance, and reconnaissance (ISR) operations to evaluate current performance and plan for, influence, and resource future operations. The authors of this report used a mixed set of methodologies for the analysis. They linked the effect CENTCOM wishes to achieve with its customer base to the five major roles assigned to ISR assets at CENTCOM. For each role, the authors identified CENTCOM-unique measures of effectiveness (MoEs) and measures of performance (MoPs) to evaluate the value and success of ISR support and requirements. They assessed the sufficiency of available data sources and identified new data required to complete the metrics, finding that MoPs must focus on outputs (quantitative) and MoEs on outcomes (qualitative) and that both sets of metrics must be defined in the context of their uses. Consideration of currently available data and databases uncovered issues with data heritage, curation, and volume that must be addressed to ensure that analytic outcomes using the data are reliable. Researchers provided an associated visualization tool to display the assessment results, which they determined to be the best way to allow analysts and other stakeholders to use the data to support decisionmaking.

Keywords


Book
Cyberstalking: A Growing Challenge for the U.S. Legal System

Loading...
Export citation

Choose an application

Bookmark

Abstract

Social media and other sophisticated communications technology have enabled a new kind of crime: cyberstalking. Cyberstalking involves using communications technology in threatening ways to stalk, harass, or share embarrassing information about victims, and it often involves the threat of intimate partner violence. As online platforms and messaging technologies have multiplied, cyberstalking has become more prevalent. Yet the problem has been understudied, and its dynamics are not well known. In this report, the authors enhance the understanding of cyberstalking by offering the first empirical analysis on federal cyberstalking cases: In particular, they analyze the number of federal cyberstalking cases filed over time, the characteristics of these cases, and the outcomes of these cases. The results of in-depth interviews with prosecutors, law enforcement officials, and victims' advocacy representatives are also presented.

Keywords


Book
Support to the DoD cyber workforce zero-based review : developing a repeatable process for conducting ZBRs within DoD

Loading...
Export citation

Choose an application

Bookmark

Abstract

Section 1652 of the fiscal year 2020 National Defense Authorization Act (NDAA) tasks the U.S. Department of Defense (DoD) to perform a zero-based review (ZBR) - a detailed review rather than a simple comparison with previous size or budget - of its cybersecurity and information technology (IT) workforces. DoD engaged the RAND National Defense Research Institute to produce a process for validating and ensuring the consistency of data and analysis used for its ZBR. The authors organize the NDAA requirements into five themes: current workforce, current work performed, manning and capability gaps, potential barriers to efficiency and effectiveness, and potential future changes in work performed or requirements. Organizations across the four DoD services - the U.S. Air Force, Army, Marine Corps, and Navy - plus the Defense Information Systems Agency were selected to participate in the DoD cyber ZBR. Collectively, the participating organizations reported a total of almost 18,000 cybersecurity and IT personnel, 84 percent of whom are civilians and 16 percent of whom are military personnel. The authors use quantitative and qualitative research methods to analyze multiple data sources, such as DoD workforce data, subject-matter expert interviews with organizational leadership, a work analysis data call, a comparison of DoD and private sector cyber workforces, and a sample of cybersecurity and IT position descriptions. They present key findings, aggregated across the participating organizations and arranged by theme. The ZBR process described in this report constitutes a transparent, repeatable process with which DoD can conduct ZBRs across the DoD cyber enterprise.


Book
Identifying and Prioritizing Systemically Important Entities : Advancing Critical Infrastructure Security and Resilience

Loading...
Export citation

Choose an application

Bookmark

Abstract

In response to the mounting specter of systemic cyber risks, the Cyberspace Solarium Commission recommended that Congress codify the concept of Systemically Important Critical Infrastructure—later renamed Systemically Important Entities (SIEs)—and that the Cybersecurity and Infrastructure Security Agency (CISA) be resourced to identify SIEs and support in the mitigation of their risks to support a broader national strategy of layered deterrence. In support of the CISA National Risk Management Center (NRMC), this report clarifies the concepts of SIEs and introduces a data-driven methodology for their identification and prioritization. Specifically, the authors identify SIEs by their potential to affect national critical functions (NCFs) and prioritize SIEs by measures of their size and interconnectedness. This report builds on existing work regarding Critical IT Products and Services and extending the researchers' analysis to federal agencies and firms that install potentially vulnerable software, in addition to firms that write software. This report further documents systemic risks and cyber risks in software supply chains, past and ongoing analytical support to CISA, and current limitations, and it outlines a path for future work.

Listing 1 - 9 of 9
Sort by