Cover
Title Page
Copyright
Preface
Contents
Figures
Tables
Summary
Acknowledgments
Abbreviations
Chapter One: Introduction
Organization of This Report
Chapter Two: Chief Information Security Officers Surveyed
Common Knowledge Confirmed
Reasonable Suppositions Validated
Surprises
Some Conclusions
Chapter Three: The Efficacy of Security Systems
Measures and Countermeasures to Mitigate the Likelihood of an Attack
Attackers and Defenders Often Employ the Same Tools and Techniques
The Shift from Signature-Only to Behavior-Based Detection
Having More-Sophisticated Tools Do Not Necessarily Equate to Smaller Error Rates
Measures and Countermeasures Developed to Mitigate the Impact of an Attack
Human Element Continues to Be a Great Weakness
A Cycle of Market Offerings
Ideal Solutions Can Depend on the Size of an Organization
Some Conclusions
Chapter Four: Improving Software
When Vulnerabilities Matter
Markets for Zero-Days
In the Short Run, Vulnerability Discovery Might Worsen Matters
Can Software Become Good Enough?
A Wave of (Connected) Gadgets
Some Conclusions
Chapter Five: A Heuristic Cybersecurity Model
Model Structure
Results
Sensitivity Analyses
Conclusions
Chapter Six: Lessons for Organizations and Public Policy
Lessons for Organizations
Lessons for Public Policy
Some Conclusions
A. Questionnaire
B. Model Specification
C. Baseline Parameters
Bibliography