The Community for Technology Leaders
RSS Icon
Issue No.03 - May/June (2010 vol.8)
pp: 28-35
Ian P. Cook , RAND Corporation
Shari Lawrence Pfleeger , RAND Corporation
In 2005, the Bureau of Justice Statistics (BJS) surveyed 36,000 businesses about cybercrime. The authors contrast past cybersecurity data collection efforts with the BJS study. Then, based on a framework for evaluating the applicability of data to models and decision-making, they discuss data collection and reporting common to cybercrime studies. Finally, they assess the potential for any data collection effort to fulfill multiple security models' data needs.
cybersecurity, modeling, decision support
Ian P. Cook, Shari Lawrence Pfleeger, "Security Decision Support Challenges in Data Collection and Use", IEEE Security & Privacy, vol.8, no. 3, pp. 28-35, May/June 2010, doi:10.1109/MSP.2010.59
1. R. Rue and S.L. Pfleeger, "Making the Best Use of Cybersecurity Economic Models," IEEE Security & Privacy, vol. 7, no. 4, 2009, pp. 52–60.
2. R. Boehme and T. Moore, The Iterated Weakest Link: A Model of Adaptive Security Investment, Center for Research on Computation and Society, Harvard Univ., 2009; .
3. S.L. Pfleeger and R. Rue, "Cybersecurity Economic Issues: Clearing the Path to Good Practice," IEEE Software, vol. 25, no. 1, 2008, pp. 25–42; MS.2008.4.
4. S.L. Pfleeger et al., "Investing in Cyber Security: The Path to Good Practice," Cutter IT J., vol. 19, no. 1, 2006, pp. 11–18.
5. A.L. Cochrane, Effectiveness and Efficiency: Random Reflections on Health Services, Nuffield Provincial Hospitals Trust, Jan. 1972.
6. R. Freidmann and D. Post, "Software Makes Decision Analysis Easy," Legal Technology Newsletter, Dec. 1990; www.prismlegal.comindex.php?option=content&task=view&id=54&Itemid=58 .
7. B.A. Kitchenham, T. Dybå, and M. J⊘rgenson, "Evidence-Based Software Engineering," Proc. 26th Int'l Conf. Software Engineering (ICSE 04), IEEE CS Press, 2009, pp. 273–281; PDFskitchenham04_pdf.
8. R.R. Rantala, Cybercrime Against Businesses, 2005, Bureau of Justice Statistics Special Report, US Dept. of Justice, Office of Justice Programs, Bureau of Justice Statistics, 2008;
9. L.M. Davis et al., The National Computer Security Survey: Final Methodology, RAND tech. report TR-544, RAND Corp., 2008; RAND_TR544.pdf.
10. Symantec Global Internet Security Threat Report 2008, tech. report, Symantec Enterprise Security, 2008; .
11. "Personal Information: Data Breaches are Frequent, But Evidence of Resulting Identity Theft is Limited; However, the Full Extent is Unknown," report to Congress, GAO-07-737, Government Accountability Office, June 2007;
12. S. Romanosky, R. Telang, and A. Acquisti, "Do Data Breach Disclosure Laws Reduce Identity Theft?" Proc. Workshop on the Economics of Information Security (WEIS 08), 16 Sept. 2008; .
13. W.F. Ogburn and I. Goltra, "How Women Vote: A Study of an Election in Portland, Oregon," Political Science Quarterly, vol. 34, no. 3, 1919, pp. 413–433.
14. G. King, A Solution to the Ecological Inference Problem, Princeton Univ. Press, 1997.
15. D.A. Freedman, S.P. Klein, and M. Ostland, "Review of A Solution to the Ecological Inference Problem," J. Am Statistical Assoc., vol. 93, 1999, pp. 1518–1522.
16. P. McNamara, "Making Data-Breach Research Easier," Network World,15 July 2008; .
17. Measuring and Optimizing Patch Management: An Open Model, tech. report, Securosis, July 2009; .
18. "Testimony of Richard G. Power, Editor, Computer Security Institute," US Congress, Senate Committee on Governmental Affairs, Permanent Subcommittee on Investigations, 6 May 1996, text from Federation of American Scientists; .
39 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool