DOJ/DHS National Computer Security Survey

Measuring the impact of cybercrime on U.S. businesses.

The DOJ/DHS National Computer Security Survey (NCSS), the first national survey of this type, is being fielded in 2006 and sent to thousands of businesses across 37 industry sectors, including critical infrastructure. The NCSS collects data on:

The nature and extent of computer security incidents;
Monetary costs and other consequences of these incidents;
Incident details such as types of offenders and reporting to authorities; and
Computer security measures used by companies.

The goal of the NCSS is to produce reliable national and industry-level estimates of the prevalence of computer security incidents (such as denial of service attacks, fraud, or theft of information) against businesses and the resulting losses incurred by businesses. Because of its breadth and sample size, the NCSS data will be representative at both the national and industry levels. Data from the NCSS will enable DOJ, DHS, and industry as whole to make informed decisions and develop policies that effectively target resources in the area of cyber security. Participating businesses will be offered information that will allow them to benchmark themselves against the rest of their industry sector.

The survey has been completed. Many thanks to survey respondents for their participation. If you have any questions about the NCSS, please send an e-mail with your request to ncss@rand.org, or call RAND at (310) 393-0411 x7330, Monday through Friday, 8:00 a.m. to 5:00 p.m. Pacific Time. The survey results will be available in 2008.

About the Survey's Sponsors

The NCSS is sponsored by the U.S. Department of Justice, Bureau of Justice Statistics and the U.S. Department of Homeland Security, National Cyber Security Division. This data collection effort is part of the President's National Strategy to Secure Cyberspace (2003). One of the recommendations made in that report was to develop better data about victims of cybercrime and intrusions so that policymakers can understand the scope of the problem and can track changes over time. The U.S. Department of Justice (DOJ) is charged with collecting statistics on cybercrime and the costs of such crime; the Bureau of Justice Statistics (BJS), the statistics arm of the DOJ and part of the Office of Justice Programs, is implementing the survey. The National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security (DHS) is charged with coordinating the implementation of the President's National Strategy to Secure Cyberspace; identifying, analyzing, and reducing cyber threats and vulnerabilities; disseminating threat warning information; coordinating incident response; and providing technical assistance in continuity of operations and recovery planning.

About RAND

The RAND Corporation, a private nonprofit research institution established in 1948 to conduct independent, objective research and analysis to advance public policy, is the data collection agent for this study. The NCSS is being conducted within the Safety and Justice Program of RAND Infrastructure, Safety, and Environment (ISE), one of several business units within RAND. The ISE's mission is to improve the development, operation, use, and protection of society's essential built and natural assets and to enhance the related social aspects of safety and security of individuals in transit and in their workplaces and communities. The ISE research portfolio encompasses research and analysis on a broad range of policy areas, including homeland security. For more information about the RAND Corporation, visit www.rand.org.


NCSS Home Frequently Asked Questions NCSS Supporters Contact Information About the Sponsors	DOJ/DHS National Computer Security Survey Measuring the impact of cybercrime on U.S. businesses. The DOJ/DHS National Computer Security Survey (NCSS), the first national survey of this type, is being fielded in 2006 and sent to thousands of businesses across 37 industry sectors, including critical infrastructure. The NCSS collects data on: The nature and extent of computer security incidents; Monetary costs and other consequences of these incidents; Incident details such as types of offenders and reporting to authorities; and Computer security measures used by companies. The goal of the NCSS is to produce reliable national and industry-level estimates of the prevalence of computer security incidents (such as denial of service attacks, fraud, or theft of information) against businesses and the resulting losses incurred by businesses. Because of its breadth and sample size, the NCSS data will be representative at both the national and industry levels. Data from the NCSS will enable DOJ, DHS, and industry as whole to make informed decisions and develop policies that effectively target resources in the area of cyber security. Participating businesses will be offered information that will allow them to benchmark themselves against the rest of their industry sector. The survey has been completed. Many thanks to survey respondents for their participation. If you have any questions about the NCSS, please send an e-mail with your request to ncss@rand.org, or call RAND at (310) 393-0411 x7330, Monday through Friday, 8:00 a.m. to 5:00 p.m. Pacific Time. The survey results will be available in 2008. About the Survey's Sponsors The NCSS is sponsored by the U.S. Department of Justice, Bureau of Justice Statistics and the U.S. Department of Homeland Security, National Cyber Security Division. This data collection effort is part of the President's National Strategy to Secure Cyberspace (2003). One of the recommendations made in that report was to develop better data about victims of cybercrime and intrusions so that policymakers can understand the scope of the problem and can track changes over time. The U.S. Department of Justice (DOJ) is charged with collecting statistics on cybercrime and the costs of such crime; the Bureau of Justice Statistics (BJS), the statistics arm of the DOJ and part of the Office of Justice Programs, is implementing the survey. The National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security (DHS) is charged with coordinating the implementation of the President's National Strategy to Secure Cyberspace; identifying, analyzing, and reducing cyber threats and vulnerabilities; disseminating threat warning information; coordinating incident response; and providing technical assistance in continuity of operations and recovery planning. About RAND The RAND Corporation, a private nonprofit research institution established in 1948 to conduct independent, objective research and analysis to advance public policy, is the data collection agent for this study. The NCSS is being conducted within the Safety and Justice Program of RAND Infrastructure, Safety, and Environment (ISE), one of several business units within RAND. The ISE's mission is to improve the development, operation, use, and protection of society's essential built and natural assets and to enhance the related social aspects of safety and security of individuals in transit and in their workplaces and communities. The ISE research portfolio encompasses research and analysis on a broad range of policy areas, including homeland security. For more information about the RAND Corporation, visit www.rand.org.
	NCSS Home \| FAQ \| NCSS Supporters \| Contact Information \| Sponsors RAND® is a registered trademark. Page content is in the public domain. For information on proper citation, please contact RAND's Permissions Manager. Last modified: February 27, 2008 Privacy Policy \| RAND Home