Toward a Safer and More Secure Cyberspace

Questions? Call 800-624-6242

About | Ordering | New

LoginRegister

| Items in cart [0]

PAPERBACK
price:$57.00
add to cart

Rights & Permissions

Free PDF Access

Free Resources

Related Titles

Toward a Safer and More Secure Cyberspace (2007)
Computer Science and Telecommunications Board (CSTB)

Citation Manager Export the bibliographic data for this book in your chosen format
Web Search Builder Use this book's key terms to search within this book, across our collection, or across the Web.
Skim This Chapter Skim this chapter and use this chapter's key terms to search within this book.
Reference Finder Paste in your own text to find books that relate to your topic.

Citation Manager

. "2 What Is at Stake?." Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press, 2007.

Please select a format:

Page
36


E-mail Share on facebook Facebook Share on delicious Delicious Share on stumbleupon Stumble Share on twitter Twitter More Sharing ServicesMore

The following HTML text is provided to enhance online readability. Many aspects of typography translate only awkwardly to HTML. Please use the page image as the authoritative form to ensure accuracy.

Toward a Safer and More Secure Cyberspace

BOX 2.2

Major Sources of Data Characterizing the Cyberthreat

There are many sources of data characterizing the nature of the cybersecurity threat. The sources of data and analysis described in this box are (or are planned to be) updated on an ongoing (e.g., annual) basis. (In a few instances reports have been issued consistently for more than 10 years.) Sponsoring organizations include academic institutions, federal agencies, and a range of private-sector companies working either alone or in collaboration.

The first two sources listed here focus on the frequency of incidents and the type of attacks observable through the monitoring of Internet traffic. The others are surveys measuring the scope, impact, and cost of incidents to organizations and firms, although the purpose, scope, and methods of these surveys vary considerably.

CERT/CC Statistics: The Computer Emergency Response Team Coordination Center (CERT/CC) has collected statistics on vulnerabilities and incidents since 1988. CERT is a center of Internet security expertise located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. In addition to maintaining incident and vulnerability statistics, CERT/CC works with US-CERT to coordinate defense against and response to cyberattacks. Further information is available at http://www.cert.org/stats/cert_stats.html.
Symantec Internet Security Threat Report: First published in January 2002 by Riptech, Inc. (acquired by Symantec in July 2002), this report has been published twice annually since 2002, for a total of 10 reports. Using network data collected by sensors monitoring network activity globally, these reports summarize and analyze network attack trends, vulnerability trends, and malicious code trends. Metrics used to measure the “threat landscape” have continued to evolve along with the types of attacks. All of the reports are available at http://www.symantec.com/enterprise/threatreport/index.jsp.
E-Crime Watch Survey: This annual survey, started in 2004, is conducted by CSO (Chief Security Officer) magazine in cooperation with the U.S. Secret Service’s Electronic Crimes Task Force, CERT/CC, and Microsoft Corporation. The purpose of the survey is to identify electronic-crime trends and techniques and to gather data on their impact. The 2006 report is available at http://www.cert.org/archive/pdf/ecrimesurvey06.pdf.
FBI Computer Crime Survey: Conducted in 2005, the purpose of this survey is to “gain an accurate understanding of what computer security incidents are being experienced by the full spectrum of sizes and types of organizations within the United States.”¹