The defender's dilemma: charting a course toward cybersecurity
Saved in:
| Main Author: | |
|---|---|
| Format: | Electronic eBook |
| Language: | English |
| Published: |
Santa Monica, Calif.
RAND
[2015]
|
| Series: | Research report (Rand Corporation)
RR-1024-JNI. |
| Subjects: | |
| Online Access: | FAW01 FAW02 |
| Item Description: | At head of title: RAND National Security Research Division. - "Prepared for Juniper Networks, Inc." Description based on print version record and CIP data provided by publisher; resource not viewed |
| Physical Description: | 1 online resource (xxv, 135 pages) |
| ISBN: | 9780833091031 0833091034 9780833091017 0833091018 9780833091024 0833091026 9780833089113 0833089110 |
Staff View
MARC
| LEADER | 00000nmm a2200000zcb4500 | ||
|---|---|---|---|
| 001 | BV043785998 | ||
| 003 | DE-604 | ||
| 005 | 00000000000000.0 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 160920s2015 |||| o||u| ||||||eng d | ||
| 020 | |a 9780833091031 |9 978-0-8330-9103-1 | ||
| 020 | |a 0833091034 |9 0-8330-9103-4 | ||
| 020 | |a 9780833091017 |9 978-0-8330-9101-7 | ||
| 020 | |a 0833091018 |9 0-8330-9101-8 | ||
| 020 | |a 9780833091024 |9 978-0-8330-9102-4 | ||
| 020 | |a 0833091026 |9 0-8330-9102-6 | ||
| 020 | |a 9780833089113 |c pbk. : alk. paper |9 978-0-8330-8911-3 | ||
| 020 | |a 0833089110 |9 0-8330-8911-0 | ||
| 035 | |a (ZDB-4-EBA)ocn912237900 | ||
| 035 | |a (ZDB-4-ITC)ocn912237900 | ||
| 035 | |a (OCoLC)912237900 | ||
| 035 | |a (DE-599)BVBBV043785998 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-1046 |a DE-1047 | ||
| 082 | 0 | |a 005.8 |2 23 | |
| 100 | 1 | |a Libicki, Martin C. |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a The defender's dilemma |b charting a course toward cybersecurity |c Martin C. Libicki, Lillian Ablon, Tim Webb |
| 264 | 1 | |a Santa Monica, Calif. |b RAND |c [2015] | |
| 264 | 4 | |c © 2015 | |
| 300 | |a 1 online resource (xxv, 135 pages) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 490 | 0 | |a Research report (Rand Corporation) |v RR-1024-JNI. | |
| 500 | |a At head of title: RAND National Security Research Division. - "Prepared for Juniper Networks, Inc." | ||
| 500 | |a Description based on print version record and CIP data provided by publisher; resource not viewed | ||
| 505 | 8 | |a Introduction. -- Chief information security officers surveyed. -- The efficacy of security systems. -- Improving software. -- A heuristic cybersecurity model. -- Lessons for organizations and public policy. -- Appendixes. -- Bibliography | |
| 505 | 8 | |a Cover; Title Page; Copyright; Preface; Contents; Figures; Tables; Summary; Acknowledgments; Abbreviations; Chapter One: Introduction; Organization of This Report; Chapter Two: Chief Information Security Officers Surveyed; Common Knowledge Confirmed; Reasonable Suppositions Validated; Surprises; Some Conclusions; Chapter Three: The Efficacy of Security Systems; Measures and Countermeasures to Mitigate the Likelihood of an Attack; Attackers and Defenders Often Employ the Same Tools and Techniques; Security Product Development Has Sped Up | |
| 505 | 8 | |a The Shift from Signature-Only to Behavior-Based Detection Having More-Sophisticated Tools Do Not Necessarily Equate to Smaller Error Rates; Measures and Countermeasures Developed to Mitigate the Impact of an Attack; Human Element Continues to Be a Great Weakness; A Cycle of Market Offerings; Ideal Solutions Can Depend on the Size of an Organization; Some Conclusions; Chapter Four: Improving Software; When Vulnerabilities Matter; Markets for Zero-Days; In the Short Run, Vulnerability Discovery Might Worsen Matters; Can Software Become Good Enough?; A Wave of (Connected) Gadgets | |
| 505 | 8 | |a Some Conclusions Chapter Five: A Heuristic Cybersecurity Model; Model Structure; Results; Sensitivity Analyses; Conclusions; Chapter Six: Lessons for Organizations and Public Policy; Lessons for Organizations; Lessons for Public Policy; Some Conclusions; APPENDIXES; A. Questionnaire; B. Model Specification; C. Baseline Parameters; Bibliography | |
| 505 | 8 | |a Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures, and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Cyberspace / Security measures | |
| 650 | 4 | |a Electronic commerce / Law and legislation | |
| 650 | 7 | |a COMPUTERS / Internet / Security |2 bisacsh | |
| 650 | 7 | |a Computer networks / Security measures |2 fast | |
| 650 | 7 | |a Computer networks / Security measures / Government policy |2 fast | |
| 650 | 7 | |a Industries / Security measures |2 fast | |
| 650 | 4 | |a Industrie | |
| 650 | 4 | |a Politik | |
| 650 | 4 | |a Recht | |
| 650 | 4 | |a Computer networks |x Security measures |a Computer networks |x Security measures |x Government policy |z United States |a Industries |x Security measures | |
| 651 | 4 | |a USA | |
| 700 | 1 | |a Ablon, Lillian |e Sonstige |4 oth | |
| 700 | 1 | |a Webb, Tim |e Sonstige |4 oth | |
| 710 | 2 | |a Rand CorporationXXbNational Security Research DivisionXXeissuing body |e Sonstige |4 oth | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |a Libicki, Martin C |t . Defender's dilemma |
| 912 | |a ZDB-4-EBA |a ZDB-4-ITC | ||
| 999 | |a oai:aleph.bib-bvb.de:BVB01-029197058 | ||
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1017988 |l FAW01 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1017988 |l FAW02 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
Record in the Search Index
| _version_ | 1804176621412810753 |
|---|---|
| any_adam_object | |
| author | Libicki, Martin C. |
| author_facet | Libicki, Martin C. |
| author_role | aut |
| author_sort | Libicki, Martin C. |
| author_variant | m c l mc mcl |
| building | Verbundindex |
| bvnumber | BV043785998 |
| collection | ZDB-4-EBA ZDB-4-ITC |
| contents | Introduction. -- Chief information security officers surveyed. -- The efficacy of security systems. -- Improving software. -- A heuristic cybersecurity model. -- Lessons for organizations and public policy. -- Appendixes. -- Bibliography Cover; Title Page; Copyright; Preface; Contents; Figures; Tables; Summary; Acknowledgments; Abbreviations; Chapter One: Introduction; Organization of This Report; Chapter Two: Chief Information Security Officers Surveyed; Common Knowledge Confirmed; Reasonable Suppositions Validated; Surprises; Some Conclusions; Chapter Three: The Efficacy of Security Systems; Measures and Countermeasures to Mitigate the Likelihood of an Attack; Attackers and Defenders Often Employ the Same Tools and Techniques; Security Product Development Has Sped Up The Shift from Signature-Only to Behavior-Based Detection Having More-Sophisticated Tools Do Not Necessarily Equate to Smaller Error Rates; Measures and Countermeasures Developed to Mitigate the Impact of an Attack; Human Element Continues to Be a Great Weakness; A Cycle of Market Offerings; Ideal Solutions Can Depend on the Size of an Organization; Some Conclusions; Chapter Four: Improving Software; When Vulnerabilities Matter; Markets for Zero-Days; In the Short Run, Vulnerability Discovery Might Worsen Matters; Can Software Become Good Enough?; A Wave of (Connected) Gadgets Some Conclusions Chapter Five: A Heuristic Cybersecurity Model; Model Structure; Results; Sensitivity Analyses; Conclusions; Chapter Six: Lessons for Organizations and Public Policy; Lessons for Organizations; Lessons for Public Policy; Some Conclusions; APPENDIXES; A. Questionnaire; B. Model Specification; C. Baseline Parameters; Bibliography Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures, and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities |
| ctrlnum | (ZDB-4-EBA)ocn912237900 (ZDB-4-ITC)ocn912237900 (OCoLC)912237900 (DE-599)BVBBV043785998 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>06273nmm a2200709zcb4500</leader><controlfield tag="001">BV043785998</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">160920s2015 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833091031</subfield><subfield code="9">978-0-8330-9103-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833091034</subfield><subfield code="9">0-8330-9103-4</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833091017</subfield><subfield code="9">978-0-8330-9101-7</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833091018</subfield><subfield code="9">0-8330-9101-8</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833091024</subfield><subfield code="9">978-0-8330-9102-4</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833091026</subfield><subfield code="9">0-8330-9102-6</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833089113</subfield><subfield code="c">pbk. : alk. paper</subfield><subfield code="9">978-0-8330-8911-3</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833089110</subfield><subfield code="9">0-8330-8911-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-4-EBA)ocn912237900</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-4-ITC)ocn912237900</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)912237900</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV043785998</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1046</subfield><subfield code="a">DE-1047</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Libicki, Martin C.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The defender's dilemma</subfield><subfield code="b">charting a course toward cybersecurity</subfield><subfield code="c">Martin C. Libicki, Lillian Ablon, Tim Webb</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Santa Monica, Calif.</subfield><subfield code="b">RAND</subfield><subfield code="c">[2015]</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">© 2015</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (xxv, 135 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">Research report (Rand Corporation)</subfield><subfield code="v">RR-1024-JNI.</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">At head of title: RAND National Security Research Division. - "Prepared for Juniper Networks, Inc."</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Description based on print version record and CIP data provided by publisher; resource not viewed</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Introduction. -- Chief information security officers surveyed. -- The efficacy of security systems. -- Improving software. -- A heuristic cybersecurity model. -- Lessons for organizations and public policy. -- Appendixes. -- Bibliography</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Cover; Title Page; Copyright; Preface; Contents; Figures; Tables; Summary; Acknowledgments; Abbreviations; Chapter One: Introduction; Organization of This Report; Chapter Two: Chief Information Security Officers Surveyed; Common Knowledge Confirmed; Reasonable Suppositions Validated; Surprises; Some Conclusions; Chapter Three: The Efficacy of Security Systems; Measures and Countermeasures to Mitigate the Likelihood of an Attack; Attackers and Defenders Often Employ the Same Tools and Techniques; Security Product Development Has Sped Up</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The Shift from Signature-Only to Behavior-Based Detection Having More-Sophisticated Tools Do Not Necessarily Equate to Smaller Error Rates; Measures and Countermeasures Developed to Mitigate the Impact of an Attack; Human Element Continues to Be a Great Weakness; A Cycle of Market Offerings; Ideal Solutions Can Depend on the Size of an Organization; Some Conclusions; Chapter Four: Improving Software; When Vulnerabilities Matter; Markets for Zero-Days; In the Short Run, Vulnerability Discovery Might Worsen Matters; Can Software Become Good Enough?; A Wave of (Connected) Gadgets</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Some Conclusions Chapter Five: A Heuristic Cybersecurity Model; Model Structure; Results; Sensitivity Analyses; Conclusions; Chapter Six: Lessons for Organizations and Public Policy; Lessons for Organizations; Lessons for Public Policy; Some Conclusions; APPENDIXES; A. Questionnaire; B. Model Specification; C. Baseline Parameters; Bibliography</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures, and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Cyberspace / Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Electronic commerce / Law and legislation</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Internet / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks / Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks / Security measures / Government policy</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Industries / Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Industrie</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Politik</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Recht</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="x">Government policy</subfield><subfield code="z">United States</subfield><subfield code="a">Industries</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="651" ind1=" " ind2="4"><subfield code="a">USA</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Ablon, Lillian</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Webb, Tim</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="710" ind1="2" ind2=" "><subfield code="a">Rand CorporationXXbNational Security Research DivisionXXeissuing body</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="a">Libicki, Martin C</subfield><subfield code="t">. Defender's dilemma</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield><subfield code="a">ZDB-4-ITC</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-029197058</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1017988</subfield><subfield code="l">FAW01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1017988</subfield><subfield code="l">FAW02</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| geographic | USA |
| geographic_facet | USA |
| id | DE-604.BV043785998 |
| illustrated | Not Illustrated |
| indexdate | 2024-07-10T07:35:05Z |
| institution | BVB |
| isbn | 9780833091031 0833091034 9780833091017 0833091018 9780833091024 0833091026 9780833089113 0833089110 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-029197058 |
| oclc_num | 912237900 |
| open_access_boolean | |
| owner | DE-1046 DE-1047 |
| owner_facet | DE-1046 DE-1047 |
| physical | 1 online resource (xxv, 135 pages) |
| psigel | ZDB-4-EBA ZDB-4-ITC ZDB-4-EBA FAW_PDA_EBA |
| publishDate | 2015 |
| publishDateSearch | 2015 |
| publishDateSort | 2015 |
| publisher | RAND |
| record_format | marc |
| series2 | Research report (Rand Corporation) |
| spelling | Libicki, Martin C. Verfasser aut The defender's dilemma charting a course toward cybersecurity Martin C. Libicki, Lillian Ablon, Tim Webb Santa Monica, Calif. RAND [2015] © 2015 1 online resource (xxv, 135 pages) txt rdacontent c rdamedia cr rdacarrier Research report (Rand Corporation) RR-1024-JNI. At head of title: RAND National Security Research Division. - "Prepared for Juniper Networks, Inc." Description based on print version record and CIP data provided by publisher; resource not viewed Introduction. -- Chief information security officers surveyed. -- The efficacy of security systems. -- Improving software. -- A heuristic cybersecurity model. -- Lessons for organizations and public policy. -- Appendixes. -- Bibliography Cover; Title Page; Copyright; Preface; Contents; Figures; Tables; Summary; Acknowledgments; Abbreviations; Chapter One: Introduction; Organization of This Report; Chapter Two: Chief Information Security Officers Surveyed; Common Knowledge Confirmed; Reasonable Suppositions Validated; Surprises; Some Conclusions; Chapter Three: The Efficacy of Security Systems; Measures and Countermeasures to Mitigate the Likelihood of an Attack; Attackers and Defenders Often Employ the Same Tools and Techniques; Security Product Development Has Sped Up The Shift from Signature-Only to Behavior-Based Detection Having More-Sophisticated Tools Do Not Necessarily Equate to Smaller Error Rates; Measures and Countermeasures Developed to Mitigate the Impact of an Attack; Human Element Continues to Be a Great Weakness; A Cycle of Market Offerings; Ideal Solutions Can Depend on the Size of an Organization; Some Conclusions; Chapter Four: Improving Software; When Vulnerabilities Matter; Markets for Zero-Days; In the Short Run, Vulnerability Discovery Might Worsen Matters; Can Software Become Good Enough?; A Wave of (Connected) Gadgets Some Conclusions Chapter Five: A Heuristic Cybersecurity Model; Model Structure; Results; Sensitivity Analyses; Conclusions; Chapter Six: Lessons for Organizations and Public Policy; Lessons for Organizations; Lessons for Public Policy; Some Conclusions; APPENDIXES; A. Questionnaire; B. Model Specification; C. Baseline Parameters; Bibliography Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures, and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities Computer security Cyberspace / Security measures Electronic commerce / Law and legislation COMPUTERS / Internet / Security bisacsh Computer networks / Security measures fast Computer networks / Security measures / Government policy fast Industries / Security measures fast Industrie Politik Recht Computer networks Security measures Computer networks Security measures Government policy United States Industries Security measures USA Ablon, Lillian Sonstige oth Webb, Tim Sonstige oth Rand CorporationXXbNational Security Research DivisionXXeissuing body Sonstige oth Erscheint auch als Druck-Ausgabe Libicki, Martin C . Defender's dilemma |
| spellingShingle | Libicki, Martin C. The defender's dilemma charting a course toward cybersecurity Introduction. -- Chief information security officers surveyed. -- The efficacy of security systems. -- Improving software. -- A heuristic cybersecurity model. -- Lessons for organizations and public policy. -- Appendixes. -- Bibliography Cover; Title Page; Copyright; Preface; Contents; Figures; Tables; Summary; Acknowledgments; Abbreviations; Chapter One: Introduction; Organization of This Report; Chapter Two: Chief Information Security Officers Surveyed; Common Knowledge Confirmed; Reasonable Suppositions Validated; Surprises; Some Conclusions; Chapter Three: The Efficacy of Security Systems; Measures and Countermeasures to Mitigate the Likelihood of an Attack; Attackers and Defenders Often Employ the Same Tools and Techniques; Security Product Development Has Sped Up The Shift from Signature-Only to Behavior-Based Detection Having More-Sophisticated Tools Do Not Necessarily Equate to Smaller Error Rates; Measures and Countermeasures Developed to Mitigate the Impact of an Attack; Human Element Continues to Be a Great Weakness; A Cycle of Market Offerings; Ideal Solutions Can Depend on the Size of an Organization; Some Conclusions; Chapter Four: Improving Software; When Vulnerabilities Matter; Markets for Zero-Days; In the Short Run, Vulnerability Discovery Might Worsen Matters; Can Software Become Good Enough?; A Wave of (Connected) Gadgets Some Conclusions Chapter Five: A Heuristic Cybersecurity Model; Model Structure; Results; Sensitivity Analyses; Conclusions; Chapter Six: Lessons for Organizations and Public Policy; Lessons for Organizations; Lessons for Public Policy; Some Conclusions; APPENDIXES; A. Questionnaire; B. Model Specification; C. Baseline Parameters; Bibliography Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures, and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities Computer security Cyberspace / Security measures Electronic commerce / Law and legislation COMPUTERS / Internet / Security bisacsh Computer networks / Security measures fast Computer networks / Security measures / Government policy fast Industries / Security measures fast Industrie Politik Recht Computer networks Security measures Computer networks Security measures Government policy United States Industries Security measures |
| title | The defender's dilemma charting a course toward cybersecurity |
| title_auth | The defender's dilemma charting a course toward cybersecurity |
| title_exact_search | The defender's dilemma charting a course toward cybersecurity |
| title_full | The defender's dilemma charting a course toward cybersecurity Martin C. Libicki, Lillian Ablon, Tim Webb |
| title_fullStr | The defender's dilemma charting a course toward cybersecurity Martin C. Libicki, Lillian Ablon, Tim Webb |
| title_full_unstemmed | The defender's dilemma charting a course toward cybersecurity Martin C. Libicki, Lillian Ablon, Tim Webb |
| title_short | The defender's dilemma |
| title_sort | the defender s dilemma charting a course toward cybersecurity |
| title_sub | charting a course toward cybersecurity |
| topic | Computer security Cyberspace / Security measures Electronic commerce / Law and legislation COMPUTERS / Internet / Security bisacsh Computer networks / Security measures fast Computer networks / Security measures / Government policy fast Industries / Security measures fast Industrie Politik Recht Computer networks Security measures Computer networks Security measures Government policy United States Industries Security measures |
| topic_facet | Computer security Cyberspace / Security measures Electronic commerce / Law and legislation COMPUTERS / Internet / Security Computer networks / Security measures Computer networks / Security measures / Government policy Industries / Security measures Industrie Politik Recht Computer networks Security measures Computer networks Security measures Government policy United States Industries Security measures USA |
| work_keys_str_mv | AT libickimartinc thedefendersdilemmachartingacoursetowardcybersecurity AT ablonlillian thedefendersdilemmachartingacoursetowardcybersecurity AT webbtim thedefendersdilemmachartingacoursetowardcybersecurity AT randcorporationxxbnationalsecurityresearchdivisionxxeissuingbody thedefendersdilemmachartingacoursetowardcybersecurity |