 |
|
|
|
 |
U.S.
Department of Justice · Office of Justice Programs Bureau of Justice Statistics |
 |
|
|
|
|
|
U.S.
Department of Justice · Office of Justice Programs Bureau of Justice Statistics |
|
|
Relevant topic: |
National Computer Security SurveyAbout the survey | Information for respondents | ContactsAbout the surveyThe goal of National Computer Security Survey (NCSS) is to produce reliable national and industry-level estimates of the prevalence of computer security incidents (such as denial of service attacks, fraud, or theft of information) against businesses and the resulting losses incurred by businesses. The first national survey of thousands of businesses is being conducted in 2006. Sponsors:
Data Collection Agent: The NCSS collects data on -
Because of its breadth and sample size, the NCSS data will be representative at both the national level and across 37 industry sectors, including critical infrastructure. Data from the NCSS will enable the Department of Justice, the Department of Homeland Security, and industry as whole to make informed decisions and develop policies that effectively target resources in the area of cyber security. Participating businesses will be offered information that will allow them to benchmark themselves against the rest of their industry sector. The survey is supported by a wide variety of trade associations and industry groups. (For a list of supporters, go to the RAND NCSS site.) For more information about the survey, see the NCSS Frequently Asked Questions. Information for respondentsFor this survey thousands of companies have been scientifically selected to represent their industry and the nation's 5.3 million businesses. These companies will receive instructions about completing the survey from the RAND Corporation between February and August 2006. All the information collected in this voluntary survey is confidential by law (P.L. 107-347, Title V and 44 U.S.C. ยง 3501 note). It may be seen only by persons certified to uphold the confidentiality of information, and used only for statistical purposes from which no company can be identified. For example, in reporting the results data will be aggregated in such a way that individual companies cannot be identified. The law also prohibits the sharing of your data with other agencies, exempts the information you provide from requests made under the Freedom of Information Act (FOIA), and ensures that your responses are immune from legal process. The Freedom of Information Act (FOIA) protects from disclosure any confidential "trade secrets and commercial or financial" information provided to the Federal government by a corporation. This means that information voluntarily provided by companies about their security practices and experience with computer security incidents as part of the survey is not subject to subpoena under the FOIA. Moreover, only select project staff at RAND will know the identity of participating companies. And, as a private, non-governmental organization, RAND is not subject to the FOIA. The experience of RAND in conducting surveys is noteworthy. Despite multiple legal efforts over the years to compel RAND to disclose confidential survey information, no such effort or court subpoena has ever succeeded. For this project, RAND has submitted a "Privacy Certificate" that complies with 28 CFR 22.23. As with all surveys RAND conducts, your organization's identity will be kept confidential. Again, only select project staff at RAND will know the identity of businesses participating in the study. Neither the U.S. Department of Justice nor the U.S. Department of Homeland Security will have access to company identities. And, again, no data about your company will be shared with other agencies or businesses. ContactsIf you have questions regarding the NCSS, e-mail askbjs@usdoj.gov or the data collection agent at ncss@rand.org. |
| BJS home page | Top of this page |
 |
|
|