Computer Crime & Security Survey

DETAILED SURVEY RESULTS

This is an informal survey. As one might expect, this report looks specifically at what the 522

respondents to this year's questionnaire had to say. In looking at this data, certain inherent

constraints on interpretation should be born in mind.

First and foremost, this isn’t a random sample of all the people in the country who are

ostensibly responsible for the security of their networks. Rather, there is almost certainly a

skew created by the fact that this is the CSI community—members of the organization and

those who move in its orbit (attending paid conferences and the like) without necessarily

being members. It’s a community that is actively working to improve security. This pool, in

short, doesn't stand in for the organizations in the United States that are simply not paying

attention to security (and there are, unfortunately, all too many such organizations).

But an important question that we in the security field must have a ready answer for is this:

Do current best practices produce results?

In a profession filled with (often quite justified) concerns about what will be different and more

insidious about the next round of attacks, we must also take time to consider what the run-ofthe-

mill, present-day attacks look like and whether we’ve done anything worthwhile to keep

the attackers at bay. While much of the news in the information security field isn’t

encouraging, there’s arguably some fairly good news with regard to how practitioners who are

making a concerted effort are faring against commonplace threats such as computer viruses.

And while we’re not surveying the world at large, there’s reason to believe that changes in

survey results over time reflect changes in the CSI community. Five thousand surveys are

sent out and 522 were received back, meaning there was a 10 percent response rate. That

level of response is quite respectable, but the question requiring judgment is that of

whether those who chose to reply were markedly different that those who did not.

Even if you imagine that those not answering the survey are altogether different in some

way from those who do, it’s interesting to note that the demographics of the respondents

have remained very stable over the years, as has the basic makeup of the CSI community.

2008 CSI Computer Crime and Security Survey

4

We feel confident that similar groups complete the survey year over year. And, indeed, the

vast majority of the questions yield virtually the same statistics year over year. The answers

that have changed have been primarily the estimates of losses to cybercrime and we've seen

them both rise and fall dramatically.

One could argue, as some have done, that security professionals simply don’t have a clue how

badly they are beaten down and robbed by their hacker adversaries. If that’s the case, then

their estimates of financial loss should simply be ignored. Our view is that this can only be the

case if we take a needlessly dim view of the intellect of our peers. They almost certainly don’t

have an exact and accurate reckoning of losses due to, say, a denial-of-service attack (there’s

no standard way for arriving at such a number, so how could they?). But to say that they don’t

notice when their business is crippled due to such an attack is fear-mongering.

For our part, we think the rough reckoning of seasoned professionals is nevertheless worth

attentive consideration. When the group says they lost less money this past year than they

lost two or three years ago, we think it means they lost less money.

About the Respondents

The CSI survey has always been conducted anonymously as a way of enabling respondents to

speak freely about potentially serious and costly events that have occurred within their

networks over the past year. This anonymity introduces a difficulty in interpreting the data

year over year, because of the possibility that entirely different people are responding to the

questions each time they are posed. There is, despite that concern, real consistency in the

demographics year over year.

As figure 1 shows, organizations covered by the survey include many areas from both the

private and public sectors. The outer ring shows the current year's statistical breakdown,

while the inner rings show the prior years. There is a fair degree of consistency in the

breakdown over the past three years, though there have been some shifts due to the

addition of new categories (military and law enforcement) last year.

2008 CSI Computer Crime and Security Survey

5

The sectors with the largest number of responses came from the financial sector (22

percent), followed by consulting (15 percent), information technology (9 percent), and

health services (7 percent). The portion coming from government agencies (combining

federal, state, and local levels) was 13 percent (down 4 percent from last year) and

educational institutions accounted for 7 percent of the responses. The diversity of

organizations responding was also reflected in the 10 percent designated as “Other.”

Figure 2 shows that the survey pool leans toward respondents from large enterprises.

Organizations with 1,500 or more employees accounted for a little less than half of the

responses. As the chart shows, the percentages of respondents from the various categories

remained very close to this question's breakdown in 2006 and 2007. That breakdown clearly

favors larger organizations, at least compared to the U.S. economy as a whole, where there

is a preponderance of small businesses.

Seven Principles for Good Practice in Undergraduate Education.

Seven principles that can help to improve undergraduate education are identified. Based on research on college teaching and learning, good practice in undergraduate education:
 (1) encourages contacts between students and faculty; 
(2) develops reciprocity and cooperation among students;
 (3) uses active learning techniques; 
(4) gives prompt feedback; 
(5) emphasizes time on task; 
(6) communicates high expectations; 
 (7) respects diverse talents and ways of learning. 
Examples of approaches that have been used in different kinds of college in the last few years are described.
 In addition, the implications of these principles for the way states fund and govern higher education and for the way institutions are run are briefly discussed.
 Examples of good approaches include: freshman seminars on important topics taught by senior faculty; learning groups of five to seven students who meet regularly during class to solve problems set by the instructor; active learning using structured exercises, discussions, team projects, and peer critiques, as well as internships and independent study; and mastery learning, contract learning, and computer-assisted instruction approaches, which required adequate time on learning. (SW)

Guidance Book For Windows 7 Installation

    Now let's take a look on how you can go ahead and reinstall Windows 7 on your computer  ( or )  how to install Windows 7 on your computer
        First  ensure that you back up all your data before beginning the                   reinstallation.

    Reason being simple  when we are going to install Windows,
    Windows will erase all the data on the computer and reinstall a fresh copy.
    First  insert the Windows disk that you have got into the computer.
    Now restart your computer and then tap f12 on the keyboard to get to,
    The boot menu there choose boot device to cd/dvd or cd rom or dvd rom and then tap enter continuously until you see an option which says Windows is loading files.
    By any chance if you are not able to go to the boot menu then tap f2 when the machine turns on.
    It will take you to the bios there go to the boot section and
    Then change the boot order prioriy to cd/dvd rom and then restart your system then
     It will attempt to boot from the disk.
    Now  once the machine is booting from the disk as I told you you will see a message stating that Windows is loading files.
    Wait until Windows loads all the files.
    Once it loads all the files you will get a Window
    where it will ask you to select the language choose the language in which you want to install Windows.
    Below that you will also see an another option.
    which says choose the keyboard lay out choose the keyboard layout and after that click on next.
    Now you should see a message stating click on install now. Click on install now.
    Now  you will get an another screen which says accept the license terms and conditions.
    Please accept the license terms and conditions  and then click on next.
    Once when you click  on next it will take you to a page where it will give you 2 options upgrade or custom advanced.
    Click on custom advanced.
    Now you should see the list of partitions available on your computer.
    Select the partition where you want to install Windows and then format the partition by choosing drive options and
    then clicking on format.
    When you click on format you will get a warning message stating that
    what ever data that you got every thing will be erased.
    Click on ok.
    Note: when you click on format what ever data that you have got on the machine every thing will be erased.
    Once the format is completed you will come back to the same screen displaying the partitions.
    Now since the partition is formatted select the partition and then click on next.
    Windows will start the installation.
    And while the installation is going on it will ask you choose the settings like the time zone,
    computer name, and  user accounts.
    Go ahead and choose them installation will be completed after that you will be back to your desk top.
    That's it Windows is installed on the computer.
    Once Windows is installed go ahead and install the drivers that needs to be installed on your computer.