Computer Crime & Security Survey



Similar documents
Computer Crime & Security Survey

CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY

TENTH ANNUAL CSI/FBI COMPUTER CRIME AND SECURITY SURVEY. GoCSI.com

TENTH ANNUAL CSI/FBI COMPUTER CRIME AND SECURITY SURVEY. GoCSI.com

How To Understand The 2004 Csi/Fbi Computer Crime And Security Survey

AUTOMATED PENETRATION TESTING PRODUCTS

Research Imperatives

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Jeanne Schreurs, Rachel Moreau

ELEVENTH ANNUAL CSI/FBI COMPUTER CRIME AND SECURITY SURVEY. GoCSI.com

Information Assurance in Practice: Information Security in Small Businesses

AUTOMATED PENETRATION TESTING PRODUCTS

Navigating the New MA Data Security Regulations

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

A Return On Investment from Computer Security Technology

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Cyber Security. John Leek Chief Strategist

CHAPTER 10: COMPUTER SECURITY AND RISKS

The Information Security Problem

Directives and Legislation

Network/Cyber Security

The Evolution of Data Breaches

Survey on Information Security Countermeasures in Organizations

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

How are we keeping Hackers away from our UCD networks and computer systems?

Client Security Risk Assessment Questionnaire

Critical Controls for Cyber Security.

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Network Security. Intertech Associates, Inc.

2012 Endpoint Security Best Practices Survey

COMPUTER CRIME AND SECURITY SURVEY

SECURITY ISSUES INTERNET WORLD WIDE WEB FOR THE AND THE

Cybersecurity Health Check At A Glance

Security & Compliance, Sikich LLP

LIGC-ACC Presentation November 9, 2015

WHITE PAPER: MASSACHUSETTS DATA SECURITY REGULATIONS

COMPUTER CRIME AND SECURITY SURVEY

White Paper. Information Security -- Network Assessment

2012 CyberSecurity Watch Survey

Digital War in e-business

Gabriel Coimbra Research & Consulting Director IDC Portugal. Porto, 29 de Maio

Healthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Online Cash Management Security: Beyond the User Login

Result of the Attitude Survey on Information Security

Certified Information Systems Auditor (CISA)

Security Management. Keeping the IT Security Administrator Busy

Data Privacy and Gramm- Leach-Bliley Act Section 501(b)

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Aadhaar. Security Policy & Framework for UIDAI Authentication. Version 1.0. Unique Identification Authority of India (UIDAI)

93% of large organisations and 76% of small businesses

Information Security Policy

PCI Data Security Standards

CSI Computer Crime & Security Survey

Cybersecurity: Protecting Your Business. March 11, 2015

PCI DSS Requirements - Security Controls and Processes

Defending Against Data Beaches: Internal Controls for Cybersecurity

BSHSI Security Awareness Training

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Italy. EY s Global Information Security Survey 2013

Network Incident Report

SUPPLIER SECURITY STANDARD

Frequently Asked Questions

Automation Suite for. 201 CMR Compliance

Reliance Bank Fraud Prevention Best Practices

IT Security in Higher Education Survey Questionnaire

Data Breach Lessons Learned. June 11, 2015

Page 1. Copyright MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved.

Cascading Risk. Tom Kellermann, CISM VP of Security Awareness. Core Security Technologies

The Information Security Process

Enterprise PrivaProtector 9.0

New York State Department of Financial Services. Report on Cyber Security in the Banking Sector

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Two Approaches to PCI-DSS Compliance

IDENTITY THEFT: DATA SECURITY FOR EMPLOYERS. Boston, MA Richmond, Virginia Tel. (617) Tel. (804)

E-Business, E-Commerce

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES

US-CERT Overview & Cyber Threats

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

NCUA LETTER TO CREDIT UNIONS

How-To Guide: Cyber Security. Content Provided by

Establish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions

Network Support. Technical Certificate. Program Outcomes: FOUNDATION COURSES. 1 of 7

Common Cyber Threats. Common cyber threats include:

External Supplier Control Requirements

ACE Advantage PRIVACY & NETWORK SECURITY

ADM:49 DPS POLICY MANUAL Page 1 of 5

Transcription:

3 rd Japan & US Computer Crime & Security Survey Katsuya Uchida Associate Professor Institute of Information Security uchidak@gol.com Graduate School of Information Security Intentionally blank

Respondents by Number of Employees Respondents: = 699 Japan= 1,002 Respondents by Revenue Respondents: = 549 Japan=898

Respondents by Industry Sector Financial Hightech Manufacturing Federal Government Medical Educational State Government Telecommunication Utilities Local Government Transportation Retail Legal Others 17% 1 7% 6% 4% 4% 1 Manufacturing Retail Educational Construction Telecommunication Government Complex retail Transportation Financial Real estate Food / Hotel Medical / Welfare Hightech Utilities Legal Others 34% 14% 1 8% 7% 0% 0% 6% Respondents: = 699 Japan= 1,004 Respondents by Job Description Respondents: = 690 Japan= 1,004

Number of PCs Respondents: Japan= 1,004 Percentage of IT Budget Spent on Security = 690 Japan = 964 Japan 1 16% 1 24% 16% 3 24% 18% 6 7% 8% 6% 8 10% 1 10% 8% 1 Unknown 1 2 Respondents: = 690 Japan= 1,004

Percentage of Organizations Using ROI, NPV and IRR Metrics Japan ROI NPV IRR Unknown Not Calc. 228 108 114 10 3 4 94 869 Respondents: = 599 Japan= 980 Organizations with External Insurance Against Cybersecurity Risks Respondents: = 652 Japan= 997

Organizations Conducting Security Audits Respondents: = 681 Japan= 997 Percentage of Security Function Outsourced Respondents: = 682 Japan= 923

Average Percent of Security Outsourced By Organization Revenue Respondents: = 682 Japan= 923 Security Technologies Used AntiVirus Software Firewall Serverbased Access Control Lists Intrusion Detection System : IDS Encryption for data in transit Reusable account/login passwords Intrusion Protection System : IPS Encryption files Smart cards/other onetime password tokens One time passwords Public Key Infrastructure Biometrics Others 96% 97% 70% 7 68% 5 3 46% 4 3 1 94% 9 7 2 3 8 10% 27% 1 1 10% Respondents: = 687 Japan= 987

Unauthorized Use of Computer Systems within the Last 12 Months Respondents: = 693 Japan= 984 Types of Attacks or Misuse Detected in the Last 12 Months Virus Insider Abuse of Net Access Laptop/Mobile Theft Unauthorized access to Information System Penetration Denial of Service Theft of Proprietary Information Sabotage Telecom Fraud Abuse of Wireless Network Misuse of Public Web Application Others No attack / Misuse 3 7 3 10% 48% 7% 48% 16% 67% 18% 2 4% 1 0% 2 Note: Percentages of is calculated from Fig. 14 in 2005 /FBI survey Respondents: = 700 Japan= 984

How Many Incidents? From the Outside? From the Inside? Inside Outside Inside Outside 1 5 46% 47% 3 4 6 10 7% 10% 4% 11 30 8% 31 Don t know 44% 3 1 No incident 5 4 Respondents: = 453 Japan= 887 Percentage Experiencing Web Site Incidents 1 5 6 10 10 9 7 6% Respondents: = 453 Japan= 887 Dollar Amount Losses by Type Virus $42,787,767 1 $5,029,847 1 Laptop theft $4,107,300 6 $3,769,338 2 Insider Net abuse $6,856,450 5 $579,987 3 Denial of Service $7,310,725 4 $258,132 4 Theft of proprietary info $30,933,000 3 $230,382 5 Unauthorized access $31,233,100 2 $213,200 6 System penetration $841,400 9 $64,310 7 Financial fraud $2,565,000 7 $50,000 8 Web site defacement $115,000 13 $38,585 9 Telecom fraud $242,000 12 $20,000 10 Sabotage $340,600 11 $12,200 11 Misuse of public Web application $2,227,500 8 $12,100 12 Abuse of wireless network $544,700 10 $11,300 13 Others $1,231,160 Total Losses $130,104,542 $11,520,541 Avarage of Losses/Respondent $ 203,606 $ 53,335 Respondents: = 639 Japan= 216

Actions Taken After Computer Intrusion(s) Patched holes Did not report Reported to law enforcement Reported to legal counsel 7 37% 20% 1 67% 16% 8% Respondents: = 320 Japan= 230 Reason Organization Did Not Report the Intrusion to Law Enforcement Negative publicity would hurt stock/image 4 94% Competitors would use to their advantage 3 6% Civil remedy seemed best course 16% 0% Unaware of law enforcement interest 16% Respondents: = 320 Japan= 230

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information