Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing
This week we published a special edition to the Microsoft Security Intelligence Report titled “Linking Cybersecurity Outcomes and Policies.” The report contains a new methodology for identifying the linkages between socio-economic factors, public policies, and cybersecurity outcomes. We are making this report available to help encourage further discussion and research on the relationship between policy decisions and technical outcomes. This post is intended to help provide insight into the methodology that was used in the analysis.
In our discussions with governments around the world, we have been asked if there exists a relationship between a country or region’s malware infection rate based on data from the Microsoft Security Intelligence Report (Computers Cleaned per Mille CCM) and the demographics or socioeconomic factors in that region. While direct correlations can be made, often times they do not yield actionable insights into a region’s particular cybersecurity performance. We conducted the research in this report in an attempt to identify patterns or policies that could help to distinguish countries with different cybersecurity levels (as measured by CCM.)
Based on these cluster of countries we were able to look for patterns in how things like policies, infrastructure, and technology usage differ depending on what cluster a country or region belongs to (Maximizers, Aspirants or Seekers). The table below shows the distribution of selected factors across the clusters.
Table 1 - Impact of Policy upon Cybersecurity Performance
Of course this model is by no means perfect, but we believe it is a step in the right direction to understanding some of the factors that drive security outcomes in factors around the world. Most of all, as national and international policymakers struggle with cybersecurity concerns, we encourage others to produce more research like this to help link cybersecurity policies and outcomes.
I encourage you to download the paper to learn more about the methodology and conclusions from our analysis.