Computer Crime Surveys are important inputs to management and authorities, providing information on the national IT security status. Such measurement instruments are increasingly valuable as more and more enterprises become critically dependent on IT in general and particularly on the Internet. The paper examines practices for access control and data protection from the Norwegian Computer Crime and Security Survey 2006 and discusses strengths and weaknesses of the survey. Finally, recommendations for improvements regarding access control and data protection are provided. The paper is part of a comprehensive study on information security and measurement.
展开▼