Although spending on cybersecurity continues to grow, companies, government agencies, and nonprofit organizations are still being breached, and sensitive personal, financial, and health information is still being compromised. This report sets out the results of a study of consumer attitudes toward data breaches, notifications that a breach has occurred, and company responses to such events.
This report, the second in a series, reveals insights from chief information security officers; examines network defense measures and attacker-created countermeasures; and explores software vulnerabilities and inherent weaknesses.
Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets. This report characterizes these markets and how they have grown into their current state to provide insight into how their existence can harm the information security environment. Understanding these markets lays the groundwork for exploring options to minimize their potentially harmful influence.
Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that could augment conventional proxy examples and expert opinion, complement current efforts to create a framework for deciding whether to disclose or retain a cache of zero-day vulnerabilities and exploits, inform ongoing policy debates regarding stockpiling and vulnerability disclosure, and add extra context for those examining the implications and resulting liability of attacks and data breaches for U.S. consumers, companies, insurers, and for the civil justice system broadly. The authors provide insights about the zero-day vulnerability research and exploit development industry; give information on what proportion of zero-day vulnerabilities are alive (undisclosed), dead (known), or somewhere in between; and establish some baseline metrics regarding the average lifespan of zero-day vulnerabilities, the likelihood of another party discovering a vulnerability within a given time period, and the time and costs involved in developing an exploit for a zero-day vulnerability"--Publisher's description.
If its current artificial intelligence plan is successful, China will achieve an advantage over the United States and its allies. That has significant strategic implications that the United States must address.
Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets. This report characterizes these markets and how they have grown into their current state to provide insight into how their existence can harm the information security environment. Understanding these markets lays the groundwork for exploring options to minimize their potentially harmful influence.
This report, the second in a series, reveals insights from chief information security officers; examines network defense measures and attacker-created countermeasures; and explores software vulnerabilities and inherent weaknesses.
Zero-day vulnerabilities—software vulnerabilities for which no patch or fix has been publicly released—and their exploits are useful in cyber operations, as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that can inform ongoing policy debates regarding stockpiling (i.e., keeping zero-day vulnerabilities private) versus disclosing them to the public.
This report sets out the results of a study of consumer attitudes toward data breaches, notifications of those breaches, and company responses to such events.
Thank you for visiting our website. Would you like to provide feedback on how we could improve your experience?
This site does not use any third party cookies with one exception — it uses cookies from Google to deliver its services and to analyze traffic.Learn More.