Affiliations: [a] Gjøvik University College, Norway | [b] Norwegian Defence Research Establishment (FFI), Norway. E-mail: [email protected] | [c] University of Stavanger (UiS), University of Oslo/UNIK, Norway. E-mail: [email protected]
Abstract: Computer Crime Surveys are important inputs to management and authorities, providing information on the national IT security status. Such measurement instruments are increasingly valuable as more and more enterprises become critically dependent on IT and the Internet. The article presents a selection of findings from the Norwegian Computer Crime and Security Survey 2006 and discusses strengths and weaknesses of the survey. The survey reveals that next to malware infection and theft of IT equipment, hacking is the most commonly reported computer crime incident. The findings also document that there are large differences in security practices between large and small enterprises, even when it comes to measures one would have thought that all enterprises independent of size would have implemented. This practice may put small enterprises in a position of high risk. This is also worrying in a national context as small enterprises make up the majority of the total number of enterprises. Similar to previous surveys, the 2006 survey shows that the number of reported computer crime incidents is low because of weak detection mechanisms. Finally, a SWOT analysis of the 2006 survey is conducted to review improvements of the survey as a measurement tool.
Keywords: Access control, computer crime, information security, best practice
