Template:Filtered Table: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(11 intermediate revisions by 3 users not shown) | |||
Line 158: | Line 158: | ||
|- | |- | ||
| Besunder, Allison A.||2009||[[Best_Practices_for_Data_Protection_and_Privacy|Best Practices for Data Protection and Privacy]]||Yes||Book||4.6 [[Information Sharing/Disclosure]],<br>4.10 [[Privacy]],<br>5.1 [[Regulation/Liability]] | | Besunder, Allison A.||2009||[[Best_Practices_for_Data_Protection_and_Privacy|Best Practices for Data Protection and Privacy]]||Yes||Book||4.6 [[Information Sharing/Disclosure]],<br>4.10 [[Privacy]],<br>5.1 [[Regulation/Liability]] | ||
|- | |||
| Boebert, W. Earl||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059366.pdf A Survey of Challenges in Attribution]||No||Journal Article||4.8 [[Attribution]],<br>5.3 [[Government Organizations]],<br>5.7 [[Technology]] | |||
|- | |- | ||
| Bohme, Rainer ||2005||[[Cyber-Insurance_Revisited|Cyber-Insurance Revisited ]]||Yes||Independent Report ||4.2.2 [[Incentives]],<br>4.2.3 [[Insurance]],<br>,4.2.5 [[Market Failure]] | | Bohme, Rainer ||2005||[[Cyber-Insurance_Revisited|Cyber-Insurance Revisited ]]||Yes||Independent Report ||4.2.2 [[Incentives]],<br>4.2.3 [[Insurance]],<br>,4.2.5 [[Market Failure]] | ||
Line 166: | Line 168: | ||
|- | |- | ||
| Booz Allen Hamilton and the Economist Intelligence Unit ||2012-01-15||[http://www.cyberhub.com/CyberPowerIndex Cyber Power Index ]||No||Industry Report||4. [[Issues]],<br>4.1 [[Metrics]],<br>5. [[Approaches]] | | Booz Allen Hamilton and the Economist Intelligence Unit ||2012-01-15||[http://www.cyberhub.com/CyberPowerIndex Cyber Power Index ]||No||Industry Report||4. [[Issues]],<br>4.1 [[Metrics]],<br>5. [[Approaches]] | ||
|- | |||
| Bradley, Curtis A. and Goldsmith, Jack L.||2011||[[Overview_of_International_Law_and_Institutions|Overview of International Law and Institutions]]||Yes||Article||3.2.1 [[States]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | |||
|- | |- | ||
| Brown, Davis ||2006||[[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict|A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict ]]||Yes||Journal Article ||3.3.1.2 [[Military Networks (.mil)]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | | Brown, Davis ||2006||[[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict|A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict ]]||Yes||Journal Article ||3.3.1.2 [[Military Networks (.mil)]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | ||
Line 171: | Line 175: | ||
| Burstein, Aaron J.||2008||[[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research|Amending the ECPA to Enable a Culture of Cybersecurity Research]]||Yes||Journal Article||4.6 [[Information Sharing/Disclosure]],<br>4.7 [[Public-Private Cooperation]] | | Burstein, Aaron J.||2008||[[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research|Amending the ECPA to Enable a Culture of Cybersecurity Research]]||Yes||Journal Article||4.6 [[Information Sharing/Disclosure]],<br>4.7 [[Public-Private Cooperation]] | ||
|- | |- | ||
| Business Roundtable|| | | Business Roundtable||2011-10-11||[http://businessroundtable.org/uploads/studies-reports/downloads/2011_10_Mission_Critical_A_Public-Private_Strategy_for_Effective_Cybersecurity.pdf Mission Critical: A Public-Private Strategy for Effective Cybersecurity ]||No||Independent Report|| | ||
|- | |- | ||
| Business Software Alliance ||2012-02-02||Global Cloud Computing Scorecard a Blueprint for Economic Opportunity||No||Industry Report||3.3.3.3 [[Cloud Computing]] | | Business Software Alliance ||2012-02-02||Global Cloud Computing Scorecard a Blueprint for Economic Opportunity||No||Industry Report||3.3.3.3 [[Cloud Computing]] | ||
Line 177: | Line 181: | ||
| Business Software Alliance, Center for Democracy & Technology, U.S. Chamber of Commerce, Internet Security Alliance, Tech America ||2011-03-08||[http://www.cdt.org/files/pdfs/20110308_cbyersec_paper.pdf Improving our Nation’s Cybersecurity through the Public-Private Partnership: a White Paper ]||No||Industry Report||4.6 [[Information Sharing/Disclosure]],<br>4.7 [[Public-Private Cooperation]],<br>5. [[Approaches]] | | Business Software Alliance, Center for Democracy & Technology, U.S. Chamber of Commerce, Internet Security Alliance, Tech America ||2011-03-08||[http://www.cdt.org/files/pdfs/20110308_cbyersec_paper.pdf Improving our Nation’s Cybersecurity through the Public-Private Partnership: a White Paper ]||No||Industry Report||4.6 [[Information Sharing/Disclosure]],<br>4.7 [[Public-Private Cooperation]],<br>5. [[Approaches]] | ||
|- | |- | ||
| Cabinet Office (United Kingdom) || | | Cabinet Office (United Kingdom) ||2011-11-11||[http://www.cabinetoffice.gov.uk/sites/default/files/resources/uk-cyber-security-strategy-final.pdf The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world ]||No||Non-U.S. Government Report||3. [[Threats and Actors]],<br>4.7 [[Public-Private Cooperation]],<br>5.3 [[Government Organizations]] | ||
|- | |- | ||
| Camp, L. Jean ||2004||[[Economics_of_Information_Security|Economics of Information Security ]]||Yes||Book ||4.2 [[Economics of Cybersecurity]],<br>5.1 [[Regulation/Liability]] | | Camp, L. Jean ||2004||[[Economics_of_Information_Security|Economics of Information Security ]]||Yes||Book ||4.2 [[Economics of Cybersecurity]],<br>5.1 [[Regulation/Liability]] | ||
Line 187: | Line 191: | ||
| Center for Strategic and International Studies ||2008||[[Securing_Cyberspace_for_the_44th_Presidency|Securing Cyberspace for the 44th Presidency ]]||Yes||Independent Report ||4.7 [[Public-Private Cooperation]],<br>5.1 [[Regulation/Liability]],<br>5.4 [[International Cooperation]] | | Center for Strategic and International Studies ||2008||[[Securing_Cyberspace_for_the_44th_Presidency|Securing Cyberspace for the 44th Presidency ]]||Yes||Independent Report ||4.7 [[Public-Private Cooperation]],<br>5.1 [[Regulation/Liability]],<br>5.4 [[International Cooperation]] | ||
|- | |- | ||
| Centre for Secure Information Technologies|| | | Centre for Secure Information Technologies||2011||[http://www.csit.qub.ac.uk/sites/CSIT/InnovationatCSIT/Reports/Filetoupload,295594,en.pdf World Cybersecurity Technology Research Summit (Belfast 2011) ]||No||Independent Report|| | ||
|- | |- | ||
| Cetron, Marvin J. and Davies, Owen||2009||[[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity|World War 3.0: Ten Critical Trends for Cybersecurity]]||Yes||Journal Article||3.2 [[Actors and Incentives]],<br>3.3.1 [[Public Critical Infrastructure]],<br>4.12 [[Cyberwar]] | | Cetron, Marvin J. and Davies, Owen||2009||[[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity|World War 3.0: Ten Critical Trends for Cybersecurity]]||Yes||Journal Article||3.2 [[Actors and Incentives]],<br>3.3.1 [[Public Critical Infrastructure]],<br>4.12 [[Cyberwar]] | ||
|- | |||
| Clark, David and Landau, Susan||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059365.pdf Untangling Attribution]||No||Journal Article||4.8 [[Attribution]],<br>5.6 [[Deterrence]],<br>5.7 [[Technology]] | |||
|- | |- | ||
| Clarke, Richard A. ||2010||[[Cyber_War|Cyber War ]]||Yes||Book ||3.1 [[The Threat and Skeptics]],<br>3.2.1 [[States]],<br>4.12 [[Cyberwar]] | | Clarke, Richard A. ||2010||[[Cyber_War|Cyber War ]]||Yes||Book ||3.1 [[The Threat and Skeptics]],<br>3.2.1 [[States]],<br>4.12 [[Cyberwar]] | ||
Line 195: | Line 201: | ||
| Clinton, Larry ||Undated ||[[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security|Cyber-Insurance Metrics and Impact on Cyber-Security ]]||Yes||Independent Report ||4.2.3 [[Insurance]],<br>5.2 [[Private Efforts/Organizations]] | | Clinton, Larry ||Undated ||[[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security|Cyber-Insurance Metrics and Impact on Cyber-Security ]]||Yes||Independent Report ||4.2.3 [[Insurance]],<br>5.2 [[Private Efforts/Organizations]] | ||
|- | |- | ||
| Cloud Security Alliance || | | Cloud Security Alliance ||2009-12||[http://www.cloudsecurityalliance.org/csaguide.pdf Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 ]||No||Independent Report||3.3.3.3 [[Cloud Computing]],<br>4. [[Issues]],<br>5.2 [[Private Efforts/Organizations]] | ||
|- | |||
| Cohen, Geoff||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059445.pdf Targeting Third Party Collaboration]||No||Journal Article||3.1 [[The Threat and Skeptics]],<br>4.7 [[Public-Private Cooperation]],<br>4.11 [[Cybercrime]] | |||
|- | |- | ||
| Computer Economics, Inc. ||2007||[[2007_Malware_Report|2007 Malware Report ]]||Yes||Industry Report ||4.2 [[Economics of Cybersecurity]] | | Computer Economics, Inc. ||2007||[[2007_Malware_Report|2007 Malware Report ]]||Yes||Industry Report ||4.2 [[Economics of Cybersecurity]] | ||
Line 287: | Line 295: | ||
| Federal Communications Commission (FCC) ||2010-04-21||[http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-305618A1.doc Explore the reliability and resiliency of commercial broadband communications networks ]||No||U.S. Government Report||3.3.3 [[Communications]],<br>5.1 [[Regulation/Liability]],<br>5.3 [[Government Organizations]] | | Federal Communications Commission (FCC) ||2010-04-21||[http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-305618A1.doc Explore the reliability and resiliency of commercial broadband communications networks ]||No||U.S. Government Report||3.3.3 [[Communications]],<br>5.1 [[Regulation/Liability]],<br>5.3 [[Government Organizations]] | ||
|- | |- | ||
| Federal Communications Commission (FCC) ||2011-06-03||[ftp://ftp.fcc.gov/pub/Daily_Releases/Daily_Business/2011/ db0610/DOC-307454A1.txt FCC's Plan for Ensuring the Security of Telecommunications Networks ]||No||U.S. Government Report|| | | Federal Communications Commission (FCC) ||2011-06-03||[ftp://ftp.fcc.gov/pub/Daily_Releases/Daily_Business/2011/db0610/DOC-307454A1.txt FCC's Plan for Ensuring the Security of Telecommunications Networks ]||No||U.S. Government Report|| | ||
|- | |- | ||
| Financial Services Sector Coordinating Council for Critical Infrastructure Protection ||2008||[[Research_Agenda_for_the_Banking_and_Finance_Sector|Research Agenda for the Banking and Finance Sector ]]||Yes||Independent Report ||3.3.2.2 [[Financial Institutions and Networks]],<br>4.1 [[Metrics]],<br>4.2.1 [[Risk Management and Investment]] | | Financial Services Sector Coordinating Council for Critical Infrastructure Protection ||2008||[[Research_Agenda_for_the_Banking_and_Finance_Sector|Research Agenda for the Banking and Finance Sector ]]||Yes||Independent Report ||3.3.2.2 [[Financial Institutions and Networks]],<br>4.1 [[Metrics]],<br>4.2.1 [[Risk Management and Investment]] | ||
Line 359: | Line 367: | ||
| GAO||2012-02-28||[http://www.csit.qub.ac.uk/media/pdf/Filetoupload,252359,en.pdf Cybersecurity: Challenges to Securing the Modernized Electricity Grid ]||No||Non-U.S. Government Report || | | GAO||2012-02-28||[http://www.csit.qub.ac.uk/media/pdf/Filetoupload,252359,en.pdf Cybersecurity: Challenges to Securing the Modernized Electricity Grid ]||No||Non-U.S. Government Report || | ||
|- | |- | ||
| GAO||2009||[[Critical_Infrastructure_Protection|Critical Infrastructure Protection - Current Cyber Sector-Specific Planning Approach Needs Reassessment]]||Yes||U.S. Government Report||3 | | GAO||2009||[[Critical_Infrastructure_Protection|Critical Infrastructure Protection - Current Cyber Sector-Specific Planning Approach Needs Reassessment]]||Yes||U.S. Government Report||3.3.1 [[Public Critical Infrastructure]],<br>5.1 [[Regulation/Liability]],<br>5.3 [[Government Organizations]] | ||
|- | |- | ||
| GAO||2009-07||[http://www.gao.gov/new.items/d09546.pdf Information Security: Agencies Continue to Report Progress, but Need to. Mitigate Persistent Weaknesses]||No||U.S. Government Report||3.3.1.1 [[Government Networks (.gov)]],<br>5.3 [[Government Organizations]] | | GAO||2009-07||[http://www.gao.gov/new.items/d09546.pdf Information Security: Agencies Continue to Report Progress, but Need to. Mitigate Persistent Weaknesses]||No||U.S. Government Report||3.3.1.1 [[Government Networks (.gov)]],<br>5.3 [[Government Organizations]] | ||
Line 370: | Line 378: | ||
|- | |- | ||
| Geer, Daniel E. and Conway, Daniel G.||2010||[[Nothing_Ventured,_Nothing_Gained|Nothing Ventured, Nothing Gained]]||Yes||Journal Article||4.2 [[Economics of Cybersecurity]],<br>4.2.1 [[Risk Management and Investment]],<br>4.2.2 [[Incentives]] | | Geer, Daniel E. and Conway, Daniel G.||2010||[[Nothing_Ventured,_Nothing_Gained|Nothing Ventured, Nothing Gained]]||Yes||Journal Article||4.2 [[Economics of Cybersecurity]],<br>4.2.1 [[Risk Management and Investment]],<br>4.2.2 [[Incentives]] | ||
|- | |||
| Gellman, Robert||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059444.pdf Civil Liberties and Privacy Implications of Policies to Prevent Cyberattacks ]||No||Journal Article||4.8 [[Attribution]],<br>4.10 [[Privacy]],<br>5.1 [[Regulation/Liability]] | |||
|- | |- | ||
| General Accountability Office (GAO) ||2010-07-15||[http://www.gao.gov/products/GAO-10-628 Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed ]||No||U.S. Government Report||3.3 [[Security Targets]],<br>4.6 [[Information Sharing/Disclosure]],<br>4.7 [[Public-Private Cooperation]] | | General Accountability Office (GAO) ||2010-07-15||[http://www.gao.gov/products/GAO-10-628 Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed ]||No||U.S. Government Report||3.3 [[Security Targets]],<br>4.6 [[Information Sharing/Disclosure]],<br>4.7 [[Public-Private Cooperation]] | ||
Line 420: | Line 430: | ||
|- | |- | ||
| Kerr, Paul K. et al.<br />CRS||2010-12-09||[http://www.fas.org/sgp/crs/natsec/R41524.pdf The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability]||No||U.S. Government Report||3.3 [[Security Targets]],<br>4.12 [[Cyberwar]],<br>5.4 [[International Law (including Laws of War)]] | | Kerr, Paul K. et al.<br />CRS||2010-12-09||[http://www.fas.org/sgp/crs/natsec/R41524.pdf The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability]||No||U.S. Government Report||3.3 [[Security Targets]],<br>4.12 [[Cyberwar]],<br>5.4 [[International Law (including Laws of War)]] | ||
|- | |||
| Kesan, Jay P. and Hayes, Carol M.||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059446.pdf Thinking Through Active Defense in Cyberspace ]||No||Journal Article||4.2 [[Economics of Cybersecurity]],<br>5.3 [[Government Organizations]],<br>5.7 [[Technology]] | |||
|- | |- | ||
| Kobayashi, Bruce H.||2005||[[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods|An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and other Public Security Goods]]||Yes||Journal Article||4.2.1 [[Risk Management and Investment]],<br>4.2.2 [[Incentives]],<br>4.7 [[Public-Private Cooperation]] | | Kobayashi, Bruce H.||2005||[[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods|An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and other Public Security Goods]]||Yes||Journal Article||4.2.1 [[Risk Management and Investment]],<br>4.2.2 [[Incentives]],<br>4.7 [[Public-Private Cooperation]] | ||
Line 440: | Line 452: | ||
|- | |- | ||
| Lewis, James Andrews||2005||[[Cyber_Security_and_Regulation_in_the_United_States|Aux armes, citoyens: Cyber Security and Regulation in the United States]]||Yes||Journal Article||3.3.1 [[Public Critical Infrastructure,<br>3.3.2.2 [[Financial Institutions and Networks]],<br>3.3.2.3 [[Transportation]] | | Lewis, James Andrews||2005||[[Cyber_Security_and_Regulation_in_the_United_States|Aux armes, citoyens: Cyber Security and Regulation in the United States]]||Yes||Journal Article||3.3.1 [[Public Critical Infrastructure,<br>3.3.2.2 [[Financial Institutions and Networks]],<br>3.3.2.3 [[Transportation]] | ||
|- | |||
| Libicki, Martin||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059490.pdf Pulling Punches in Cyberspace]||No||Journal Article||3.2.1 [[States]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | |||
|- | |||
|Lin, Herbert||2012||[[Media:Lin-Cyber_Conflict_and_National_Security_2012.pdf|Cyber Conflict and National Security]]||No||Article|| | |||
|- | |||
| Lukasik, Stephen J.||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059438.pdf A Framework for Thinking about Cyber Conflict and Cyber Deterrence with Possible Declatory Policies for these Domain]||No||Journal Article||3.2 [[Actors and Incentives]],<br>5.4 [[International Cooperation]],<br>5.6 [[Deterrence]] | |||
|- | |- | ||
| Massachusetts Institute of Technology (MIT) ||2011-12-05||[http://web.mit.edu/mitei/research/studies/the-electric-grid-2011.shtml The Future of the Electric Grid ]||No||Independent Report||3.3.2.1 [[Electricity, Oil and Natural Gas]],<br>4. [[Issues]],<br>5.1 [[Regulation/Liability]] | | Massachusetts Institute of Technology (MIT) ||2011-12-05||[http://web.mit.edu/mitei/research/studies/the-electric-grid-2011.shtml The Future of the Electric Grid ]||No||Independent Report||3.3.2.1 [[Electricity, Oil and Natural Gas]],<br>4. [[Issues]],<br>5.1 [[Regulation/Liability]] | ||
Line 453: | Line 471: | ||
| McAfee, Inc. ||2010||[[McAfee_Threats_Report|McAfee Threats Report ]]||Yes||Industry Report ||3.2.3 [[Hacktivists]],<br>3.2.5 [[Criminals and Criminal Organizations]],<br>4.11 [[Cybercrime]] | | McAfee, Inc. ||2010||[[McAfee_Threats_Report|McAfee Threats Report ]]||Yes||Industry Report ||3.2.3 [[Hacktivists]],<br>3.2.5 [[Criminals and Criminal Organizations]],<br>4.11 [[Cybercrime]] | ||
|- | |- | ||
| | | McDermott, Rose||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059442.pdf Decision Making Under Uncertainty]||No||Journal Article||4.4 [[Usability/Human Factors]],<br>4.5 [[Psychology and Politics]],<br>4.8 [[Attribution]] | ||
|- | |- | ||
| Mitre Corp (JASON Program Office) || | | Microsoft||2010-11||[http://cdn.globalfoundationservices.com/documents/InformationSecurityMangSysforMSCloudInfrastructure.pdf Information Security Management System for Microsoft Cloud Infrastructure ]||No||Industry Report||3.3.3.3 [[Cloud Computing]],<br>5.2 [[Private Efforts/Organizations]] | ||
|- | |||
| Mitre Corp (JASON Program Office) ||2010-11||[http://www.fas.org/irp/agency/dod/jason/cyber.pdf Science of Cyber-Security ]||No||Independent Report||1. [[Overview]],<br>4. [[Issues]] | |||
|- | |||
| Moore, Tyler||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059364.pdf Introducing the Economics of Cybersecurity: Principles and Policy Options]||No||Journal Article||4.2 [[Economics of Cybersecurity]],<br>4.7 [[Public-Private Cooperation]],<br>5.1 [[Regulation/Liability]] | |||
|- | |- | ||
| Moore, Tyler ||2007||[[Examining_the_Impact_of_Website_Take-down_on_Phishing|Examining the Impact of Website Take-down on Phishing ]]||Yes||Independent Report ||4.2 [[Economics of Cybersecurity]],<br>4.11 [[Cybercrime]],<br>5.7 [[Technology]] | | Moore, Tyler ||2007||[[Examining_the_Impact_of_Website_Take-down_on_Phishing|Examining the Impact of Website Take-down on Phishing ]]||Yes||Independent Report ||4.2 [[Economics of Cybersecurity]],<br>4.11 [[Cybercrime]],<br>5.7 [[Technology]] | ||
Line 464: | Line 486: | ||
|- | |- | ||
| Moore, Tyler, et. al ||2009||[[The_Economics_of_Online_Crime|The Economics of Online Crime ]]||Yes||Journal Article ||3.2.5 [[Criminals and Criminal Organizations]],<br>3.3.2.2 [[Financial Institutions and Networks]],<br>4.2 [[Economics of Cybersecurity]] | | Moore, Tyler, et. al ||2009||[[The_Economics_of_Online_Crime|The Economics of Online Crime ]]||Yes||Journal Article ||3.2.5 [[Criminals and Criminal Organizations]],<br>3.3.2.2 [[Financial Institutions and Networks]],<br>4.2 [[Economics of Cybersecurity]] | ||
|- | |||
| Morgan, Patrick M. ||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059436.pdf Applicability of Traditional Deterrence Concepts and Theory to the Cyber Realm ]||No||Journal Article||4.12 [[Cyberwar]],<br>5.4 [[International Cooperation]],<br>5.6 [[Deterrence ]] | |||
|- | |- | ||
| National Association of Secretaries of State ||2012-01-12||[http://www.nass.org/index.php?option=com_docman&task=doc_download&gid=1257 Developing State Solutions to Business Identity Theft: Assistance, Prevention and Detection Efforts by Secretary of State Offices ]||No||Independent Report||4.7 [[Public-Private Cooperation]],<br>4.9 [[Identity Management]],<br>5.3 [[Government Organizations]] | | National Association of Secretaries of State ||2012-01-12||[http://www.nass.org/index.php?option=com_docman&task=doc_download&gid=1257 Developing State Solutions to Business Identity Theft: Assistance, Prevention and Detection Efforts by Secretary of State Offices ]||No||Independent Report||4.7 [[Public-Private Cooperation]],<br>4.9 [[Identity Management]],<br>5.3 [[Government Organizations]] | ||
Line 482: | Line 506: | ||
|- | |- | ||
| National Institute of Standards and Technology (NIST) ||2010-09-02||[http://www.nist.gov/public_affairs/releases/nist-finalizes-initial-set-of-smart-grid-cyber-security-guidelines.cfm NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines ]||No||U.S. Government Report||3.3.2.1 [[Electricity, Oil and Natural Gas]],<br>5.1 [[Regulation/Liability]],<br>5.3 [[Government Organizations]] | | National Institute of Standards and Technology (NIST) ||2010-09-02||[http://www.nist.gov/public_affairs/releases/nist-finalizes-initial-set-of-smart-grid-cyber-security-guidelines.cfm NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines ]||No||U.S. Government Report||3.3.2.1 [[Electricity, Oil and Natural Gas]],<br>5.1 [[Regulation/Liability]],<br>5.3 [[Government Organizations]] | ||
|- | |||
| National Research Council ||2009||[[Media:NRC-Cyberattack_Capabilities-2009.pdf|Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities]]||No||Independent Report|| | |||
|- | |- | ||
| National Research Council ||2010-09-21||[http://www.nap.edu/catalog.php?record_id=12998 Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop ]||No||Independent Report||4.2 [[Economics of Cybersecurity]],<br>4.4 [[Usability/Human Factors]],<br>4.10 [[Privacy]] | | National Research Council ||2010-09-21||[http://www.nap.edu/catalog.php?record_id=12998 Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop ]||No||Independent Report||4.2 [[Economics of Cybersecurity]],<br>4.4 [[Usability/Human Factors]],<br>4.10 [[Privacy]] | ||
Line 491: | Line 517: | ||
| National Research Council ||2007||[[Toward_a_Safer_and_More_Secure_Cyberspace|Toward a Safer and More Secure Cyberspace ]]||Yes||Independent Report ||1. [[Overview]],<br>4.8 [[Attribution]],<br>5.6 [[Deterrence]] | | National Research Council ||2007||[[Toward_a_Safer_and_More_Secure_Cyberspace|Toward a Safer and More Secure Cyberspace ]]||Yes||Independent Report ||1. [[Overview]],<br>4.8 [[Attribution]],<br>5.6 [[Deterrence]] | ||
|- | |- | ||
| National Research Council, Committee for Advancing Software-Intensive Systems Producibility ||2010-10-20||[http://www.nap.edu/catalog.php?record_id=12979 Critical Code: Software Producibility for Defense ]||No|| | | National Research Council, Committee for Advancing Software-Intensive Systems Producibility ||2010-10-20||[http://www.nap.edu/catalog.php?record_id=12979 Critical Code: Software Producibility for Defense ]||No||Independent Reprot ||3.3.1.2 [[Military Networks (.mil)]],<br>5.3 [[Government Organizations]],<br>5.7 [[Technology]] | ||
|- | |- | ||
| National Science and Technology Council ||2006||[[Federal_Plan_for_Cyber_Security_and_Information_Assurance_Research_and_Development|Federal Plan for Cyber Security and Information Assurance Research and Development ]]||Yes||U.S. Government Report ||4.1 [[Metrics]],<br>4.7 [[Attribution]],<br>4.8 [[Public-Private Cooperation]] | | National Science and Technology Council ||2006||[[Federal_Plan_for_Cyber_Security_and_Information_Assurance_Research_and_Development|Federal Plan for Cyber Security and Information Assurance Research and Development ]]||Yes||U.S. Government Report ||4.1 [[Metrics]],<br>4.7 [[Attribution]],<br>4.8 [[Public-Private Cooperation]] | ||
Line 543: | Line 569: | ||
| President's Information Technology Advisory Council ||2005||[[Cyber_Security:_A_Crisis_of_Prioritization|Cyber Security: A Crisis of Prioritization ]]||Yes||U.S. Government Report ||4.2.2 [[Incentives]],<br>4.7 [[Public-Private Cooperation]],<br>5.3 [[Government Organizations]] | | President's Information Technology Advisory Council ||2005||[[Cyber_Security:_A_Crisis_of_Prioritization|Cyber Security: A Crisis of Prioritization ]]||Yes||U.S. Government Report ||4.2.2 [[Incentives]],<br>4.7 [[Public-Private Cooperation]],<br>5.3 [[Government Organizations]] | ||
|- | |- | ||
| Project on National Security Reform (PNSR) || | | Project on National Security Reform (PNSR) ||2010-11||[http://www.pnsr.org/data/images/pnsr_the_power_of_people_report.pdf The Power of People: Building an Integrated National Security Professional System for the 21st Century ]||No||U.S. Government Report||4.4 [[Usability/Human Factors]],<br>5.3 [[Government Organizations]] | ||
|- | |- | ||
| Quadrennial Defense Review ||2010-07-30||[http://www.usip.org/quadrennial-defense-review-independent-panel-/view-the-report The QDR in Perspective: Meeting AmericaÅfs National Security Needs In the 21st Century (QDR Final Report) ]||No||U.S. Government Report ||3.3.1.2 [[Military Networks (.mil)]],<br>5.3 [[Government Organizations]] | | Quadrennial Defense Review ||2010-07-30||[http://www.usip.org/quadrennial-defense-review-independent-panel-/view-the-report The QDR in Perspective: Meeting AmericaÅfs National Security Needs In the 21st Century (QDR Final Report) ]||No||U.S. Government Report ||3.3.1.2 [[Military Networks (.mil)]],<br>5.3 [[Government Organizations]] | ||
|- | |- | ||
| RAND||2011-12-21||[http://www.rand.org/content/dam/rand/pubs/occasional_papers/2011/RAND_OP342.pdf A Cyberworm that Knows No Boundaries ]||No||Independent Report||3. [[Threats and Actors]],<br>5.3 [[Government Organizations]],<br>5.7 [[Technology]] | | RAND||2011-12-21||[http://www.rand.org/content/dam/rand/pubs/occasional_papers/2011/RAND_OP342.pdf A Cyberworm that Knows No Boundaries ]||No||Independent Report||3. [[Threats and Actors]],<br>5.3 [[Government Organizations]],<br>5.7 [[Technology]] | ||
|- | |||
| Rattray, Gregory and Healey, Jason||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059437.pdf Categorizing and Understanding Offensive Cyber Capabilities and Their Use ]||No||Journal Article||3.1 [[The Threat and Skeptics]],<br>3.3 [[Security Targets]],<br>4.12 [[Cyberwar]] | |||
|- | |- | ||
| Rollins, John and Wilson, Clay||2007||[[Terrorist_Capabilities_for_Cyberattack|Terrorist Capabilities for Cyberattack]]||Yes||U.S. Government Report||3.2.4 [[Terrorists]],<br>3.3 [[Security Targets]],<br>4.2.2 [[Incentives]] | | Rollins, John and Wilson, Clay||2007||[[Terrorist_Capabilities_for_Cyberattack|Terrorist Capabilities for Cyberattack]]||Yes||U.S. Government Report||3.2.4 [[Terrorists]],<br>3.3 [[Security Targets]],<br>4.2.2 [[Incentives]] | ||
|- | |- | ||
| Romanosky et al. ||2008||[[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft|Do Data Breach Disclosure Laws Reduce Identity Theft ]]||Yes||Independent Report ||4.2.2 [[Incentives]],<br>4.6 [[Information Sharing/Disclosure]],<br>5.1 [[Regulation/Liability]] | | Romanosky et al. ||2008||[[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft|Do Data Breach Disclosure Laws Reduce Identity Theft ]]||Yes||Independent Report ||4.2.2 [[Incentives]],<br>4.6 [[Information Sharing/Disclosure]],<br>5.1 [[Regulation/Liability]] | ||
|- | |||
| Rosenzweig, Paul||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059443.pdf The Organization of the United States Government and Private Sector for Achieving Cyber Deterrence ]||No||Journal Article||4.3 [[Supply Chain Issues]],<br>4.7 [[Public-Private Cooperation]],<br>5.3 [[Government Organizations]] | |||
|- | |- | ||
| Rotenberg et. al. ||2010||[[The_Cyber_War_Threat_Has_Been_Grossly_Exaggerated|The Cyber War Threat Has Been Grossly Exaggerated ]]||Yes||Article||3.1 [[The Threat and Skeptics]],<br>3.2.1 [[States]],<br>4.12 [[Cyberwar]] | | Rotenberg et. al. ||2010||[[The_Cyber_War_Threat_Has_Been_Grossly_Exaggerated|The Cyber War Threat Has Been Grossly Exaggerated ]]||Yes||Article||3.1 [[The Threat and Skeptics]],<br>3.2.1 [[States]],<br>4.12 [[Cyberwar]] | ||
Line 564: | Line 594: | ||
|- | |- | ||
| Schmitt, Michael N. ||1999||[[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law|Computer Network Attack and the Use of Force in International Law ]]||Yes||Journal Article ||3.2.1 [[States]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | | Schmitt, Michael N. ||1999||[[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law|Computer Network Attack and the Use of Force in International Law ]]||Yes||Journal Article ||3.2.1 [[States]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | ||
|- | |||
| Schmitt, Michael N. ||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059439.pdf Cyber Operations in International Law: The Use of Force, Collective Security, Self-Defense, and Armed Conflicts]||No||Journal Article||3.2.1 [[States]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | |||
|- | |- | ||
| Schmitt, Michael N., et. al ||2004||[[Computers_and_War|Computers and War ]]||Yes||Independent Report ||3.2.1 [[States]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | | Schmitt, Michael N., et. al ||2004||[[Computers_and_War|Computers and War ]]||Yes||Independent Report ||3.2.1 [[States]],<br>4.12 [[Cyberwar]],<br>5.5 [[International Law (including Laws of War)]] | ||
Line 582: | Line 614: | ||
|- | |- | ||
| Sklerov, Matthew J. ||2009||[[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks|Solving the Dilemma of State Responses to Cyberattacks ]]||Yes||Journal Article ||3.2.1 [[States]],<br>4.8 [[Attribution]],<br>5.5 [[International Law (including Laws of War)]] | | Sklerov, Matthew J. ||2009||[[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks|Solving the Dilemma of State Responses to Cyberattacks ]]||Yes||Journal Article ||3.2.1 [[States]],<br>4.8 [[Attribution]],<br>5.5 [[International Law (including Laws of War)]] | ||
|- | |||
| Sofaer, Abraham; Clark, David; and Diffie, Whitfield||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059440.pdf Cyber Security and International Cooperation ]||No||Journal Article||5.1 [[Regulation/Liability]],<br>5.4 [[International Cooperation]],<br>5.5 [[International Law (including Laws of War)]] | |||
|- | |- | ||
| Software and Information Industry Association (SAII) ||2011-07-26||[http://www.siia.net/index.php?option=com_docman&task=doc_download&gid=3040&Itemid=318 Guide to Cloud Computing for Policy Makers ]||No||Independent Report ||3.3.3.3 [[Cloud Computing]],<br>5.1 [[Regulation/Liability]],<br>5.7 [[Technology]] | | Software and Information Industry Association (SAII) ||2011-07-26||[http://www.siia.net/index.php?option=com_docman&task=doc_download&gid=3040&Itemid=318 Guide to Cloud Computing for Policy Makers ]||No||Independent Report ||3.3.3.3 [[Cloud Computing]],<br>5.1 [[Regulation/Liability]],<br>5.7 [[Technology]] | ||
Line 748: | Line 782: | ||
|- | |- | ||
| Varian, Hal ||2004||[[System_Reliability_and_Free_Riding|System Reliability and Free Riding ]]||Yes||Book ||4.2 [[Economics of Cybersecurity]] | | Varian, Hal ||2004||[[System_Reliability_and_Free_Riding|System Reliability and Free Riding ]]||Yes||Book ||4.2 [[Economics of Cybersecurity]] | ||
|- | |||
| Vatis, Michael A.||2010||[http://sites.nationalacademies.org/xpedio/groups/cstbsite/documents/webpage/cstb_059441.pdf The Council of Europe Convention on Cybercrime]||No||Journal Article||4.11 [[Cybercrime]],<br>5.5 [[International Law (including Laws of War)]],<br>5.6 [[Deterrence]] | |||
|- | |- | ||
| Verizon ||2010||[[2010_Data_Breach_Investigations_Report|2010 Data Breach Investigations Report ]]||Yes||Industry Report ||3.3.2.2 [[Financial Institutions and Networks]],<br>4.11 [[Cybercrime]],<br>5.2 [[Private Efforts/Organizations]] | | Verizon ||2010||[[2010_Data_Breach_Investigations_Report|2010 Data Breach Investigations Report ]]||Yes||Industry Report ||3.3.2.2 [[Financial Institutions and Networks]],<br>4.11 [[Cybercrime]],<br>5.2 [[Private Efforts/Organizations]] | ||
Line 808: | Line 844: | ||
|- | |- | ||
| Zittrain, Jonathan L. ||2008||[[The_Future_of_the_Internet_and_How_To_Stop_It|The Future of the Internet and How To Stop It ]]||Yes||Book ||4.4 [[Usability/Human Factors]],<br>5.1 [[Regulation/Liability]] | | Zittrain, Jonathan L. ||2008||[[The_Future_of_the_Internet_and_How_To_Stop_It|The Future of the Internet and How To Stop It ]]||Yes||Book ||4.4 [[Usability/Human Factors]],<br>5.1 [[Regulation/Liability]] | ||
|- | |||
| Centre for Secure Information Technologies||2012||[http://www.csit.qub.ac.uk/sites/CSIT/InnovationatCSIT/Reports/Filetoupload,295595,en.pdf 2nd World Cyber security Technology Research Summit (Belfast 2012)]||No||Independent Report|| | |||
|} | |} |
Latest revision as of 16:03, 25 January 2013
U.S. Government Report |
U.S. Government Hearing |
Non-U.S. Government Report |
Independent Report |
Industry Report |
Book |
Journal Article |
Article |
1. Overview |
3. Threats and Actors |
3.1 The Threat and Skeptics |
3.2 Actors and Incentives |
3.2.1 States |
3.2.2 Groups |
3.2.3 Hacktivists |
3.2.4 Terrorists |
3.2.5 Criminals and Criminal Organizations |
3.3 Security Targets |
3.3.1 Public Critical Infrastructure |
3.3.1.1 Government Networks (.gov) |
3.3.1.2 Military Networks (.mil) |
3.3.2 Private Critical Infrastructure |
3.3.2.1 Electricity, Oil and Natural Gas |
3.3.2.2 Financial Institutions and Networks |
3.3.2.3 Transportation |
3.3.2.4 Water, Sewer, etc. |
3.3.3 Communications |
3.3.3.1 Telephone |
3.3.3.2 Public Data Networks |
3.3.3.3 Cloud Computing |
4. Issues |
4.1 Metrics |
4.2 Economics of Cybersecurity |
4.2.1 Risk Management and Investment |
4.2.2 Incentives |
4.2.3 Insurance |
4.2.4 Behavioral Economics |
4.2.5 Market Failure |
4.3 Supply Chain Issues |
4.4 Usability/Human Factors |
4.5 Psychology and Politics |
4.6 Information Sharing/Disclosure |
4.7 Public-Private Cooperation |
4.8 Attribution |
4.9 Identity Management |
4.10 Privacy |
4.11 Cybercrime |
4.12 Cyberwar |
4.13 Espionage |
4.13.1 Government to Government |
4.13.2 Industrial |
4.13.3 Media Perceptions |
5. Approaches |
5.1 Regulation/Liability |
5.2 Private Efforts/Organizations |
5.3 Government Organizations |
5.4 International Cooperation |
5.5 International Law (including Laws of War) |
5.6 Deterrence |
5.7 Technology |