Computer Crime & Security Survey



Similar documents
Computer Crime & Security Survey

CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY

AUTOMATED PENETRATION TESTING PRODUCTS

TENTH ANNUAL CSI/FBI COMPUTER CRIME AND SECURITY SURVEY. GoCSI.com

How To Understand The 2004 Csi/Fbi Computer Crime And Security Survey

ELEVENTH ANNUAL CSI/FBI COMPUTER CRIME AND SECURITY SURVEY. GoCSI.com

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

AUTOMATED PENETRATION TESTING PRODUCTS

CSI Computer Crime & Security Survey

A Return On Investment from Computer Security Technology

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Cyber Security. John Leek Chief Strategist

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

14th Annual. CSI Computer Crime and Security Survey Executive Summary

The Information Security Problem

E-Business, E-Commerce

Personal Security Practices of the CAO

2012 Endpoint Security Best Practices Survey

2015 Global Study on IT Security Spending & Investments

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

An Introduction on How to Better Protect Your Computer and Sensitive Data

Certified Information Systems Auditor (CISA)

CHAPTER 10: COMPUTER SECURITY AND RISKS

Defending Against Data Beaches: Internal Controls for Cybersecurity

Client Security Risk Assessment Questionnaire

The Protection Mission a constant endeavor

Integrated Protection for Systems. João Batista Territory Manager

Professional Services Overview

Course Title: Penetration Testing: Communication Media Testing, 1st Edition

SECURITY ISSUES INTERNET WORLD WIDE WEB FOR THE AND THE

Top tips for improved network security

Unit 3 Cyber security

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Cloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD.

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

Cybersecurity Health Check At A Glance

2012 Data Breach Investigations Report

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Business Phone Security. Threats to VoIP and What to do about Them

Network Support. Technical Certificate. Program Outcomes: FOUNDATION COURSES. 1 of 7

Chapter 15: Computer and Network Security

Data loss prevention and endpoint security. Survey findings

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Cyber Risks and Insurance Solutions Malaysia, November 2013

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

Detailed Description about course module wise:

Network/Cyber Security

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Cybersecurity: Protecting Your Business. March 11, 2015

AASTMT Acceptable Use Policy

Data Security Incident Response Plan. [Insert Organization Name]

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

3 day Workshop on Cyber Security & Ethical Hacking

Healthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security

Jort Kollerie SonicWALL

Global Partner Management Notice

Course: Information Security Management in e-governance

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

White Paper. Information Security -- Network Assessment

Information Security Incident Management Guidelines

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

IT Security in Higher Education Survey Questionnaire

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Did you know your security solution can help with PCI compliance too?

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Frequently Asked Questions

2011 NATIONAL SMALL BUSINESS STUDY

Transcription:

4 th Japan & US Computer Crime & Security Survey Katsuya Uchida Professor, Ph. D. Institute of Information Security uchida@iisec.ac.jp Graduate School of Information Security 1

Respondents by Number of Employees 5 45% 4 43% 2007(4 th ) 783 (3 rd ) 1,002 614 2005 549 4 35% 3 26% 27% 26% 23% 25% 27% 25% 22% 2 2 13% 14% 14% 12% 17% 5% 2% 2% 1 ~ 99 100 ~ 499 500 ~ 1499 1,500 ~ 9,999 10,000 or more 2

Respondents by Industry Sector C S I JAPAN Industry Sector 2005 Industry Sector Financial 17% 17% Manufacturing HighTech/Info. Tech 11% Retail Manufacturing 9% 9% Educational Federal Government 8% 9% Government Medical 7% 7% Construction Educational 8% 6% Telecommunication State Government 3% 5% Complex retail Telecommunication 4% 4% Transportation Utilities 3% 4% Financial Local Government 3% 2% Real estate Transportation 1% 1% Food / Hotel Retail 1% 1% Medical / Welfare Legal 1% 1% Hightech Consulting 14% Utilities Others 11% 19% Others 2007 27% 13% 13% 7% 7% 3% 3% 3% 2% 1% 1% 1% 6% 34% 14% 12% 5% 8% 7% 5% 3% 2% 2% 1% 1% 1% 6% Respondents: =615, 2005= 699 2007=782, =1,004 3

Respondents by Job Description 6 52% 2007(4 th ) 739 (3 rd ) 1,004 614 2005 690 5 44% 4 35% 35% 32% 26% 3 23% 26% 19% 2 12% 16% 13%13% Systems Admin 7% SecOfficer/ Mgr/Directr 8% 2% 1% 6% 1% 1% 7% 8% 1%1% 1% 6% 5% CIO CEO CISO CSO Others Respondents: =615, 2005= 690 2007=739, =1,004 4

Number of PCs 6 2007(4 th ) 781 (3 rd ) 1,004 53% 57% 5 4 3 28% 26% 2 18% 16% 1% 1% Less than 10 11 99 100 999 More than 1,000 Respondents: 2007=781 =1,004 5

3 25% Percentage of IT Budget Spent on Security 21% 26% 24% 2007(4 th ) 752 (3 rd ) 964 24% 613 2005 690 27% 23% 2 16% 11% 14% 16% 16% 18% 11% 8% 11% 11% 9% 13% 11% 13% 8% 12% 6% 6% 5% 4% Less than 1% 12% 35% 67% 8 More than Unknown Respondents: =613, 2005= 690 2007=752, =964 6

Percentage of Organizations Using ROI, NPV and IRR Metrics 10 9 2007(4 th ) 760 (3 rd ) 980 512 2005 599 91% 87% 8 7 6 5 4 42% 38% 3 2 2% 1% 19% 18% 21%19% 1% 0.3% 0.4% 7% 4% ROI NPV IRR Others Unknown Non Respondents: =512, 2005= 599 2007=760, =980 7

10 9 8 7 6 5 4 3 2 Organizations with External Insurance Against Cybersecurity Risks 2007(4 th ) 767 (3 rd ) 997 11% 8% Insurance 29% 571 2005 652 25% No Insurance Respondents: =571, 2005= 652 2007=767, =997 89% 92% 71% 75% 8

Organizations Conducting Security Audits 9 8 82% 2007(4 th ) 771 (3 rd ) 995 597 7 62% 62% 6 38% 54% 5 4 29% 22% 3 16% 2 Internal External Non Respondents: =597 2007=771, =995 9

Percentage of Security Function Outsourced 7 6 54% 61% 63% 2007(4 th ) 735 (3 rd ) 923 609 2005 682 51% 5 4 3 27% 26% 21% 22% 2 11% 8% 5% 5% 6% 6% 7% 6% 4% 2% 5% 5% 1% 2% 1% None 1 2 21 4 41 6 61 8 81 10 Respondents: =609, 2005= 682 2007=735, =923 10

Security Technologies Used AntiVirus Software Firewall Reusable account/login passwords Serverbased Access Control Lists AntiSpyware Log Management Software Encryption for data in transit Intrusion Detection System : IDS Encryption for data in Storage Smart cards/other onetime password tokens One time passwords Applicationlevel Firewall Intrusion Prevention System : IPS Specialized wireless security system Public Key Infrastructure Biometrics Forensics tools Endpoint security clinent software Others CSI 97% 98% 46% 7 79% 41% 63% 69% 48% 38% 39% 43% 32% 36% 2 38% 31% 4% 2005 96% 97% 52% 7 68% 72% 46% 42% 35% 35% JPN 2007 95% 92% 82% 69% 47% 37% 35% 24% 19% 18% 8% 17% 12% 9% 9% 2% 4% 94% 91% 83% 75% 32% 21% 27% 11% 9% 5% Respondents: =616, 2005= 687 2007=769, =987 11

Unauthorized Use of Computer Systems within the Last 12 Months 8 7 77% 71% 2007(4 th ) 759 (3 rd ) 984 616 2005 693 6 52% 57% 5 4 38% 31% 3 19% 24% 2 12% 3% 5% Yes No Don't know Respondents: =616, 2005=693 2007=759, =984 12

Types of Attacks or Misuse Detected in the Last 12 Months Virus Laptop/Mobile Theft Insider Abuse of Net Access Denial of Service Unauthorized access to Information Web Site Defacement System Penetration Theft of Proprietary Information Sabotage Abuse of Wireless Network Telecom fraud Financial fraud Misuse of Public Web Application Other No attack / Misuse C S I 65% 1 47% 2 42% 3 25% 5 32 % 4 6 % 12 15 % 6 9 % 8 3 % 13 14 % 7 8 % 10 9 % 9 6 % 11 2005 32 % 75 % 9 % 48 % 32 % 5 % 10 % 2 % 7 % 16 % 48 % 7 % 5 % Japan 2007 84 % 1 67 % 30 % 2 23 % 22 % 3 18 % 14 % 4 11 % 5 % 5 5 % 5 % 6 4 % 7 3 % 8 2 % 9 2 % 10 1 % 11 0 % 12 13 4 % 43 % 4 % 2 % 1 % 3 % 0 % 0 % 3 % 2 % 23 % Note: Percentages of CSI 2005 is calculated from Fig. 14 in 2005 CSI/FBI survey Respondents: =616, 2005=700 2007=533, =984 13

How Many Incidents? From the Outside? From the Inside? 1 5 6 10 11 30 31 Don t Know None Inside 2005 46 % 7 % 3 % 44 % CSI Outside 2005 47 % 10 % 8 % 35 % 48 % 15 % 9 % 28 % Japan Inside Outside 2007 2007 19 % 31 % 30 % 42 % 3 % 3 % 2 % 4 % 1 % 1 % 2 % 3 % 0 % 1 % 1 % 1 % 12 % 12 % 10 % 9 % 65 % 52 % 56 % 41 % Respondents: =341, 2005=453 2007=686, =887 14

Virus 15,691,460 Laptop Theft 6,642,660 Telecom Fraud 1,262,410 Theft of proprietary Info 6,034,000 Insider Net Abuse 1,849,810 Unauthorized Access 10,617,000 Denial of Service 2,922,000 Bots within the organ. 923,700 Financial Fraud 2,556,900 System Penetration 758,000 Web site defacement 162,500 Sabotage 260,000 Password sniffing 161,210 Phishing in which your org. 647,510 Abuse of wireless net 469,010 Exploit of DNS Server 90,100 Instant Msg misuse 291,510 Misuse of public Web App 269,500 Other 885,000 Total Losses 52,494,290 Avarage of Losses/Resp 167,713 Dollar Amount Losses by Type CSI 2005 1 42,787,767 3 4,107,300 8 242,000 4 30,933,000 7 6,856,450 2 31,233,100 5 7,310,725 9 6 2,565,000 10 841,400 16 115,000 15 340,600 17 11 12 544,700 18 13 14 2,227,500 130,104,542 203,606 Unit: $(= 100) Japan 2007 2,916,042 1 5,029,847 636,707 2 3,769,338 509,960 3 20,000 229,260 4 230,382 224,178 5 579,987 222,637 6 213,200 140,202 7 258,132 108,860 8 100,160 9 50,000 35,260 10 64,310 27,552 11 38,585 20,160 12 12,200 17,460 13 5,010 14 1,160 15 11,300 360 16 160 17 12,100 113,800 1,231,160 5,308,928 11,520,541 21,581 53,335 Respondents: =313, 2005=639 2007=246, =216 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information