Docstoc

Security and Trust in the Online Environment.ppt

Document Sample
Security and Trust in the Online Environment.ppt Powered By Docstoc
					Geneva, 28 May 2008


Measuring Security
and Trust in the
Online Environment


     Martin Schaaper
     OECD
     Directorate for Science, Technology and Industry
     Economic Analysis and Statistics Division
              Introduction
• Security vs. trust
• OECD Ministerial Meeting
• Measuring security and trust
  – Official data
  – Other sources
       OECD model survey
    of ICT use by businesses
7. Did your business have any of the
   following IT security measures in place at
   <reference date>?
  – Virus checking or protection software which is
    regularly updated
  – Anti-spyware software which is regularly updated
  – Firewall
  – Spam filter
  – Secured communication between clients and servers
    (e.g. via SSL, SHTTP)
  – …/…
        OECD model survey
     of ICT use by businesses
7. Continued
  – …/…
  – Authentication software or hardware for internal
    users
  – Authentication software or hardware for external
    users (e.g. customers)
  – Intrusion detection system
  – Regular back up of data critical to your business
    operations
  – Offsite data backup
  – No IT security measures in place
       OECD model survey
    of ICT use by businesses
8. Did your business experience an attack
   by a virus or similar (for example, a
   trojan horse or worm) which has
   resulted in loss of data or time, or
   damage to software during <period>?

  Excluding: attacks which were successfully prevented
  by security measures in place.

  – No/Yes
        OECD model survey
     of ICT use by businesses
14. Which of the following factors, if any,
    limited or prevented Internet selling by
    your business during <period>?
  – Products are not well suited to sell via the Internet
  – Security concerns
  – Privacy concerns
  – Prefer to maintain current business model, e.g. face to
    face interaction
  – Customers' or suppliers' computer systems are
    incompatible with yours
  – …/…
        OECD model survey
     of ICT use by businesses
14. Continued
  – …/…
  – Insufficient level of customer demand for purchasing
    via the Internet
  – Uncertainty concerning legal/regulatory framework
    for selling over the Internet
  – Cost of development and/or maintenance is too high
  – Lack of skilled employees
  – No limitations to selling over the Internet
  – Not relevant
  – Other (please specify)
        OECD model survey
     of ICT use by businesses
16. As at <reference date> did your
    business' Web site have any of the
    following features?
  – Product catalogues or price lists
  – Customised Web page or information provided for
    repeat clients
  – Facility for collecting customer information on line
  – A privacy policy statement
  – A privacy seal or certification (trustmark)
  – …/…
        OECD model survey
     of ICT use by businesses
16. Continued
  – …/…
  – An online ordering facility for your business' products
  – Facility for online payment
  – Provision of online after sales support
  – Order tracking available on line
  – A security policy statement
  – A security seal or certification (trustmark)
   OECD model survey of ICT access
and use by households and individuals
 5. What are ALL the reasons for members of
    this household not having access to the
    Internet at home?
   – Not interested
   – Costs are too high
   – Lack of confidence, knowledge or skills
   – Concern that content is harmful
   – Have access to Internet elsewhere
   – Security concerns, for example, concerns about viruses
   – Privacy concerns, e.g. abuse of personal information
   – Other (please specify)
   OECD model survey of ICT access
and use by households and individuals
 8. When using a computer at home in the last
    12 months, how frequently did you back up
    files (such as documents, spreadsheets or
    digital photographs) which you created and
    kept on the computer?
   – Always or almost always
   – Sometimes
   – Never or hardly ever
   – Not applicable - I have not created files which I kept on a
     computer used at home
   OECD model survey of ICT access
and use by households and individuals
 15. When using a computer to access the
     Internet at home in the last 12 months,
     have you experienced an attack by a virus
     or similar (for example, a Trojan horse or
     worm) which has resulted in loss of data
     or time, or damage to software?
   –   No/Yes/Don’t know
   OECD model survey of ICT access
and use by households and individuals
 16. Was the computer you (mainly) used to
     access the Internet at home protected by:

   No/Yes/Don’t know

   – Virus checking or protection software?
   – A firewall?
   – Anti-spyware software?
   OECD model survey of ICT access
and use by households and individuals
 23. What were ALL the reasons for not buying
     or ordering goods or services for private
     use over the Internet in the last 12
     months?
   – Not interested
   – Prefer to shop in person or deal personally with a service
     provider
   – Security concerns, for example, worried about giving
     debit or credit card details over the Internet
   – …/…
   OECD model survey of ICT access
and use by households and individuals
 23. Continued
   – …/…
   – Privacy concerns, for example, worried about giving
     personal details over the Internet
   – Trust concerns, for example, worried about warranties,
     receiving goods or services, or returning goods
   – Lack of confidence, knowledge or skills
   – Speed of connection is too slow
   – Other (please specify)
Eurostat ICT model questionnaire
on ICT use by households and
       individuals 2009
Eurostat ICT model questionnaire
on ICT use by households and
       individuals 2009
Eurostat ICT model questionnaire
on ICT use by households and
       individuals 2009
Eurostat ICT model questionnaire
on ICT use by households and
       individuals 2009
           Some examples
•   Access barriers
•   Protection
•   Problems encountered
•   E-commerce barriers
•   E-commerce problems
•   Consumer trust enhancing measures
•   Government and security
                               Access barriers
  Privacy or security concerns as one of the main reasons for not having
 access to the Internet at home (% of households without Internet access)

                                                             2006      2005
20
18
16
14
12
10
8
6
4
2
0
                                                            4)




                                                                                                                                  4)
                                                                                                       3)
                          25
         3)




                                              LU




                                                                                 L
                               FR

                                     U




                                                   EL




                                                                      PL
                   SI




                                                                                     IS




                                                                                                      IE


                                                                                                                 LT




                                                                                                                                   Z
       PT




                                                                 AT




                                                                                                                              (2 O
                                                                                                                 LV
         Y
   P DE




               K




                                                                                                             K
                          EE




                                                                           BE




                                                                                          SK



                                                                                                  (2 A




                                                                                                                      SE
                                                        (2 T




                                                                                                       P
                                         FI




                                                                                N




                                                                                                                                 C
                                                            I
       C




              U




                                                                                                            D
                                                                                                SA BR
                                                                                           SG
                                    H




                                                                                                                                 N
                                                          00




                                                                                                                                00
                                                                                                    00
      00




                        EU
    (2




                                                        TR




                                                                                                                            O
 JA




                                                                                                                           R
                                                                                               U
                             Protection
            Enterprises with Internet access with a firewall (%)

                                        2006     2005   2004    2003

100

90

80

70

60

50

40

30

20

10

 0
                                            SI
                   IE




                              IS


                                   25
           K


           K
           E
           T




                                                                           P




                                                                                  Y
                                                        EL




                                                                                      PL
           L




                             AT



                                        U




                                                               PT




                                                                                           LV


                                                                                                BG
          O




                                                    S




                                                                                  A




                                                                                                         O
                  LU
   FI




           P
  SE




                        BE




                                                                     IT
                                                                    ES


                                                                                EE



                                                                                  Z


                                                                                SK




                                                                                                     R
                                                  FR




                                                                                                LT
         N




         M




                                                                                C
                                                                          JA
         U


         D
         D




                                                                                C
                                                 AU




                                                                               BR
        SG




                                        H




                                                                                                 KO
        N




                                                                                                         R
                               EU
                         Problems encountered
 Internet users in the EU suffering from virus attacks or receiving spam (%)

                         Virus (2005)   Spam (2006)    Virus (2005) all          Spam (2006) all

80%
70%
60%
50%
40%
30%
20%
10%
0%
      W n




                        ed ion




                                                                 d
                                   n




                                                                                          4

                                                                                          4

                                                                                          4

                                                                                          4

                                                                                          4

                                                                                          4
                                                                 d




                                                                 s
                        ed ion




                                                                on
         en




                                                               on
          e




                                                                                        -2

                                                                                        -3

                                                                                        -4

                                                                                        -5

                                                                                        -6

                                                                                        -7
                                                              an
                                                              an
                                io
  M




                                                             gi
       om




                             at




                             at
                            at




                                                                                     16

                                                                                     25

                                                                                     35

                                                                                     45

                                                                                     55

                                                                                     65
                                                            gi
                                                          db
                                                           db




                                                          re
                          uc

                          uc

                          uc




                                                         re
                                                        oa
                                                        oa




                                                                           ed

                                                                                  ed

                                                                                  ed

                                                                                  ed

                                                                                  ed

                                                                                  ed
                                                       ne
                        ed




                                                      er
                                                     br
                                                     Br




                                                                          Ag

                                                                                Ag

                                                                               Ag

                                                                               Ag

                                                                               Ag

                                                                               Ag
                                                     O

                                                    th
                 w




                      h
                      e




                                                   o
                   ig
                   dl




                                                  e

                                                 O
              Lo




                                                 N



                                               tiv
                 id

                 H
                     M




                                             ec
                                          bj
                                         O
  EL
       (2




                  0
                      10
                           20
                                30
                                     40
                                          50
                                               60
                                                    70
                                                         80
   SI 005
       (2 )
  C 00
    Y       5)
       (
 BG 20
           0
      (0 5)
  SK 0   4/
            5
       (2 )
  BE 00
             5
       (2 )
  LU      00
       (2 4 )
  ES 00
            4
       (2 )
 H 00
    U        5
       (2 )
  PL      00
             5
       (2 )
  LV 00
            5
       (2 )
  D      00
    E       5
       (2 )
   IT     00
             5
       (2 )
  AT 00
             2
       (2 )
  FR      00
             4
       (2 )
   IE 002
                                                              non-sellers




BR (20 )
    A 05
       (      )
 R 200
    O       5)
                                                              sellers




JA (20
    P 04
       (      )
 PT 200
            3
C (05 )
  H /0
    E        4
       (2 )
  C       00
    Z        2
       (2 )
          00
   FI        3
C (2 0 )
  AN 0
            4
AU (20 )
                                                                                                                                                      E-commerce barriers




    S 04
M (20 )
  EX 0
            5
       (2 )
 M        00
    T        3
       (2 )
  D 00
    K        5
       (2 )
                                                                             important barrier in limiting or preventing sales via the Internet (%)




 N 00
    O        2
       (2 )
                                                                            Security concerns, e.g. over payments, as extremely important or very




          00
            5)
                         E-commerce problems
Problems encountered by individuals in the EU when buying/ordering goods
  or services over the Internet in the last 12 months (% of individuals who
      bought or ordered goods over the Internet in the last 12 months)

                                                                                     2005    2006


                                     Lack of security of payments

                   Delivery costs/final price higher than indicated

                                Difficulties concerning guarantees

                                                             Other

Complaints/redress difficult or no satisf. response after complaint

                              Wrong or damaged goods delivered

                          Speed of delivery longer than indicated

                                                                      0%   2%   4%      6%          8%   10%   12%
                                Consumer trust
                              enhancing measures
Enterprises that used trust marks, customer service/complaints mechanisms,
or alternative dispute resolution mechanisms and informed about this on their
         Web sites, by category, 2005 (% enterprises with a Web site)
                                         Customer service     Trust marks      ADR
50%


40%


30%


20%


10%


 0%




                                                                                                4)

                                                                                                3)
                     T




                                                      IE
       U




                              EL




                                                                                                                 4)

                                                                                                                 3)
                                            4)
               3)




                                                                               3)




                                                                                                     LV
                                                                       E




                                                                                     Y
                         ES




                                                 SK
                                           3)




                                                                 4)
                    M




                                                                      D




                                                                                    C
      H




                                                                                              00

                                                                                              00




                                                                                                               00

                                                                                                               00
                                         00
             00




                                         00




                                                               00




                                                                             00




                                                                                            (2

                                                                                            (2




                                                                                                             (2

                                                                                                             (2
                                      (2
           (2




                                                                           (2
                                      (2




                                                            (2




                                                                                     LU


                                                                                          L
                                   BG




                                                                                                     PT

                                                                                                          AT
       IT




                               SE




                                                       BE




                                                                       FI




                                                                                         N
             Government and security
 Security problems encountered by public authorities in Denmark, 2005 (%)

                        Central government     Regional authorities   All municipalities
90

80

70

60

50

40

30

20

10

0
     Virus-attacks   Denial of service     Data loss        Unauthorised        Economic IT    Blackmail with
                         attacks       because of lack of     access              abuse       data or software
                                            backup
           Some conclusions
• Despite increasing use of protection measures,
  security incidents still widespread
• Intensity of use impacts the results
• Credit card fraud: serious barrier, but low
  incidence
• Challenge for business: convince consumers e-
  commerce is safe
• Collecting (official) indicators is a statistical
  challenge, in particular for e-government and
  security
              Online identity theft
• OECD Scoping paper on online identity theft:
  http://www.olis.oecd.org/olis/2007doc.nsf/ENGDATCORP
  LOOK/NT00005CAE/$FILE/JT03240674.PDF

• ID theft occurs when a party acquires, transfers, possesses,
  or uses personal information of a natural or legal person in
  an unauthorised manner, with the intent to commit, or in
  connection with, fraud or other crimes.

• …/…
             Online identity theft
Data limitations
• Statistics do not provide a clear picture of the notion of
  “victims” which either covers individuals, governments,
  international organisations, business and/or industry, or the
  economy as a whole.
• Statistics do not measure the same types of frauds or crimes
  and are thus incomparable.
• Statistics gathered by public authorities for policy purposes
  vary from those collected by private businesses for
  commercial purposes.
• Direct and indirect losses data do not cover all victims and
  all types of ID theft cases.
              Other data …
•   Phishing
•   Spoofing
•   Spyware
•   Viruses, worms, trojans and incidents
•   Botnets (zombie machines)
•   Modem hijacking
•   Click fraud and “search spam”
•   Secure sockets layer (SSL)
       … and other sources
• Perception, opinion and usage surveys
• Surveys of security professionals and law
  enforcement agencies
• Consumer complaint and Internet fraud
  statistics
• Crime statistics
• European Network Information and
  Security Agency (ENISA)
        Areas for improvement
• Data quality issues: understanding survey
  questions, reluctance of respondents to provide
  sensitive information, insufficient sample sizes
• More details on fraudulent payment card use and
  on spam
• E-government and security and trust: a real
  challenge, e.g. level of government
• Developing new indicators on online identity
  theft, e-crime, reporting security incidents and
  business management of e-security
                       Links
• OECD Guide: www.oecd.org/sti/measuring-
  infoeconomy/guide
• Eurostat surveys and more:
  http://epp.eurostat.ec.europa.eu/cache/ITY_SDDS/EN/i
  soc_pi_base.htm
• Papers
   – Measuring Security and Trust in the Online
     Environment: A View Using Official Data:
     http://www.oecd.org/dataoecd/47/18/40009578.pdf
   – Scoping Study for the Measurement of Trust in the
     Online Environment:
     http://www.oecd.org/dataoecd/26/15/35792806.pdf
THANK YOU!
 martin.schaaper@oecd.org

				
yanyan yan yanyan yan
About