The National Computer Security Survey (NCSS): Final Methodology
Rand Corporation, 2008 - Political Science - 75 pages
The Bureau of Justice Statistics (BJS) in the Office of Justice Programs (OJP) of the U.S. Department of Justice (DOJ) conducted a pilot survey in 2001 -- the Computer Security Survey (CSS) -- to collect information about computer infrastructure and security measures from a sample of 500 businesses across a range of economic sectors. Based on the pilot-survey results, BJS, along with the U.S. Department of Homeland Security (DHS), decided to field a National Computer Security Survey (NCSS), a nationally representative sample of 36,000 businesses across 36 industry sectors. In 2004, RAND was selected to conduct the NCSS. The survey itself was fielded in 2006 with the data collected representing the experiences of companies in 2005. The survey collected data on the nature, extent, and consequences of computer-security incidents, monetary costs and other consequences of these incidents, incident details (such as types of offenders and reporting to authorities), and computer-security measures used by companies. The goal was to produce reliable national estimates of the incidence and prevalence of computer-security incidents against businesses and businesses' resulting losses from such incidents. This RAND report details the methodology used to develop and field the NCSS, as well as the sampling design and weighting methodology used.
What people are saying - Write a review
We haven't found any reviews in the usual places.
Multiple Fielding Waves
3 other sections not shown
acceptable lNCLUDE allocated Anti-virus software apply G area network businesses certainty companies company G company's Competitor advantage G computer security audit computer security controls Computer Security Survey computer systems Computer Virus computer-security incidents Configuration management corporate trees Digital certificates Domestic hacker e-mail logs Electronic data interchange employees enforcement G estimates ESTlMATES are acceptable fielding G Current G Domestic G Donl know G lntrusion G Reported included industry sectors law enforcement Limit Percent lncidents lntemet Local area network logical imputations logs G Mall that apply Manufacturing Mark Mall NAICS code National Computer Security NCSS network VPN One-time password organizatlons specified packet mailed paper survey precalls Programs questions RAND team response rates sampling frame sampling unit Specify country spyware strata stratum SUDAAN temporary worker total number TYPES OF COMPUTER U.S. Department update US-CERT variables vendor Virtual private network Wave Wide area network