DOCSLIB.ORG

Cyber Benefits and Risks: Quantitatively Understanding and Forecasting the Balance

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cyber Benefits and Risks: Quantitatively Understanding and Forecasting the Balance Extended Project Report from the Frederick S. Pardee Center for International Futures Josef Korbel School of International Studies University of Denver www.pardee.du.edu September 2015 Barry B. Hughes, David Bohl, Mohammod Irfan, Eli Margolese-Malin, and José Solórzano In project collaboration with and the Table of Contents Executive Summary 4 Conceptualizing Benefits and Costs 4 Using the IFs System for Analysis 4 Background Research Foundations 5 Forecasts and Findings 9 Conclusion 11 A Final Note on Study Contributions 12 1. Introduction: Understanding and Anticipating Change in the Benefits and Costs of Cyber Technology 13 2. ICT and Cyber Development Indices 18 Indices Replicated in the IFs Forecasting System 18 ICT Development Index 18 Global Cybersecurity Index 19 Additional Indices of Importance in Cyber Security Analyses 21 Digitization Index 21 Digital Economy Ranking Index 21 Networked Readiness Index 22 3. Benefits 23 Competing Schools of Thought on Economic Benefits 23 Pessimism Versus optimism concerning ICT’s economic production impacts 23 ICT as a general-purpose technology 25 ICT’s Economic Impact: The Production Side 26 ICT as a growth sector in the economy 26 ICT investment and capital services 29 ICT and multifactor productivity 32 Comparing the Productivity Impacts of GPTs: Steam, Electricity, ICT 33 Variation in ICT Impact across Time/Pervasiveness and Countries 36 Drivers of variation in ICT impact: ICT (especially broadband) pervasiveness 36 Drivers of variable ICT impact: Beyond PCs and broadband 39 Drivers of variable ICT impact: Country development level 41 Consumer Surplus 42 Consumer surplus forecasts 46 Summary of Knowledge Concerning Cyber Risk Benefits: Modeling Implications 47 4. Costs 49 Spending on risk mitigation 49 The cybersecurity industry 50 National cyber defense spending 51 Cyber insurance 53 General comments on cyber security spending 53 Adverse Cyber Events: Micro Analysis 53 The cyber system itself 54 Beyond the internet 55 The evidence from actual events 56 Model-based analyses 57 Cyber Risk Extended Report 2 Very large-scale events 59 Adverse Cyber Events: Macro Analysis 60 Defining motivations, actions, actors and targets 60 Estimating probability of adverse cyber events 63 The debate around cyberwar occurrence/probability 64 General comments on probabilities of adverse events 65 Measuring costs of adverse events 66 Bringing probabilities and costs together: The Cyber Risk Matrix 69 Opportunity Costs 72 Summary of Knowledge Concerning Cyber Risk Costs: Modeling Implications 73 Comparing the Costs and Benefits of ICT/Cyber 74 5. Structure of Cyber Risks and Benefits Representation in IFs 77 Forecasting Cyber Risks and Benefits 77 ICT or Cyber Pervasiveness 78 Security Spending and Security Levels 79 Adverse Event Probabilities and Costs 81 Cyber Contributions to Economic Growth (Productivity) and Possible Opportunity Costs of Underutilizing ICT 84 Cyber Benefits: Consumer Surplus 88 Cyber Benefits: ICT Production Sector Growth 89 ICT/Cyber Total and Cumulative Costs and Benefits 90 Cyber Benefits and Costs: Forward Linkage to Economic Productivity 91 6. Forecasting of Cyber Benefits and Risk-Related Costs 93 Base Case Analysis 93 ICT/cyber pervasiveness 93 ICT/cyber benefits 94 ICT/cyber costs 96 Comparing cyber benefits and costs 100 Scenarios of Cyber Benefits and Costs: Foundational Analysis 103 Scenarios of Cyber Benefits and Costs: Defining a Scenario Space 107 Scenarios of Cyber Benefits and Costs: Exploring the Alternative Futures 109 7. Conclusions 115 Acknowledgments 116 Bibliography 117 Works Cited 117 Additional Works Consulted 124 Appendices 126 Appendix A: The Cyber Risk Dashboard Concept (Final May Differ Somewhat) 126 Appendix B: Productivity Impacts of ICT 129 MFP Physical Capital Equations 130 Appendix C: Cyber Risk Form in IFs Stand-Alone Model 131 Cyber Risk Extended Report 3 Executive Summary What is the balance of economic benefits and costs conferred upon societies by cyber technologies, also designated here as information and communication technologies (ICT)? And how might that balance change in coming years? This report, prepared as a quantitative foundation for work sponsored by the Zurich Insurance Group, addresses these questions by assessing the current pattern of benefits and costs in countries and globally, mapping their apparent trajectory in recent years, and exploring their possible futures through 2030. Conceptualizing Benefits and Costs Conceptually, the economic benefits from cyber technologies include the often rapid relative growth rates of cyber-producing sectors, the contributions to production, productivity (and therefore growth across the broader economy) from investments in cyber technologies, and consumer-captured surpluses from cost reductions as the technologies develop (i.e., surpluses not represented in standard economic measures such as gross domestic product). Costs include the spending required to defend against adverse cyber events stemming from hacking, cybercrime, cyber espionage, and cyber terror or war, the costs of such events themselves, and opportunity costs—the potential economic benefits not realized because of forgone use of cyber-technologies in fear of such events.1 All of these benefits and costs obviously depend on the changing technological landscape and decisions made by households, organizations including corporations, and governments with respect to cyber security, its use and abuse. Using the IFs System for Analysis Research for this report uses specialized cyber benefit and risk extensions to the existing International Futures (IFs) forecasting system, based at the Frederick S. Pardee Center for International Futures at the University of Denver. The IFs system includes highly integrated, long-term models of demographics, economics, education, health, energy, agriculture, governance and other systems that together provide a foundation for addressing the questions motivating this project. In addition to augmenting the existing modeling system so as to represent ICT/cyber pervasiveness and the various categories of benefits and costs, this project is building a new, stand-alone form or dashboard within the IFs system to support our analysis and that of others. 1 Countries that lack the human capital and infrastructure capacity to fully deploy cyber technologies can also suffer from such opportunity costs. Cyber Risk Extended Report 4 Background Research Foundations Among the findings of our research with respect to cyber benefits are: Estimates of the share of the Internet economy in the total economy vary from just over 1% of GDP in some countries (e.g. Indonesia at 1.3% and Brazil at 1.5%) to about 8 percent of GDP in others (e.g. the United Kingdom at 8.3% and South Korea at 7.3%). Interestingly, in the United States it appears to be only about 4.7%.2 Although exceptionally rapid growth rates in this sector have fueled some increments to GDP growth in recent decades, the sector is not likely to grow much larger over time—in many respects it is analogous to the energy sector of the global economy, in which value added of another general purpose technology is approximately 6 percent of GDP and where some forms of energy will grow rapidly and replace others, and some country shares (especially in developing countries) will rise while those of others will fall, but the sector size does not change much over time. The ICT sector’s value added has similarly been estimated globally to have grown from about 6 to 9 percent of total business value added and then to have actually begun a decline bringing it back down near 6 percent by 2011. The sector's growth as a share of global GDP is very likely behind us. We have therefore paid no attention to the further growth of this sector as a source of direct economic benefit. ICT’s greatest economic impact, however, is and will remain its contribution to the production of the larger economy. That has two potential elements. First, ICT capital investments in the ICT and other sectors provide capital services (just as capital investments in other sectors do). Second, many argue that ICT is a general-purpose technology that enhances the productivity of labor and capital broadly, just as steam power and electricity did in earlier centuries. Estimates of the two economic benefits range widely across not just time and countries, but analysis, with much clearer evidence for significant capital services contributions than for broader total factor productivity impact. Generally estimates for total GDP contribution fall into the range of 20-30 percent of economic growth, about 0.6-1.5 percentage points of absolute contribution to growth. Many studies focus more narrowly on the impact of broadband penetration rates and find that increases in penetration rates of 10 percent generate 0.9-2.0 percentage points of economic growth, with the greatest impacts coming as countries approach the middle range of the penetration process Yet, broadband is only a recent entry in a series of sub-waves of ICT technologies that have built on each other over time and will continue to do so into the future. Today, the use of the cloud for storage and computation is building on a foundation of 2 Because these are estimates for the “internet economy” they will somewhat underestimate the size of the cyber economy. Cyber Risk Extended Report 5 broadband access; and there is already visible movement on several future waves,
Recommended publications
  • Cost of a Cyber Incident)

    Cost of a Cyber Incident)

    CO ST OF A CYBER INCIDENT: S YSTEMATIC REVIEW AND C ROSS-VALIDATION OCTOBER 26, 2020 1 Acknowledgements We are grateful to Dr. Allan Friedman, Dr. Lawrence Gordon, Jay Jacobs, Dr. Sasha Romanosky, Matthew Shabat, Kelly Shortridge, Steven Surdu, David Tobar, Brett Tucker and Sounil Yu for the review comments and helpful feedback on the earlier draft of the report. The authors would like to thank CISA staff for support and advice on this project. 2 Table of Contents 1. Objectives .................................................................................................................................................................... 7 2. Results in Brief .......................................................................................................................................................... 8 3. Analysis ...................................................................................................................................................................... 16 3.1. Per-Incident Cost and Loss Estimates .............................................................................................. 18 3.1.1. Cross-Validation: Primary Loss Data for Large and Small Incidents .................................. 20 3.1.2. Reconciliation of Per-Incident Cost Studies .................................................................................. 26 3.1.3. Per-Record Estimates ............................................................................................................................. 29 3.2. Aggregate
  • Mitigate Cyber Attack Risk Solution Brief

    Mitigate Cyber Attack Risk Solution Brief

    SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations extend technology deeper into their day-to-day business HIGH operations, their risk profiles evolve. DIGITAL RISK New digital risks—those unwanted and often unexpected outcomes that stem MEDIUM from digital transformation, digital business processes and the adoption RISK of related technologies—represent a LOW larger portion of potential obstacles to TRADITIONAL BUSINESS RISK achieving business objectives. While the digital technology creates new DIGITAL ADOPTION business opportunities, it frequently leads to higher levels of cybersecurity, FIGURE 1: Digital risk increasing the overall business risk as organizations embrace digital transformation. third-party, compliance and business resiliency risk. The impacts from these growing digital risks may be more disruptive than the operational risks that businesses have historically managed. In fact, many organizations are finding that as digital adoption accelerates, digital risk becomes the greatest facet of risk they face, especially growing cyber risks. AS ORGANIZATIONS EXPAND DIGITAL OPERATIONS, CYBER SECURITY RISKS MULTIPLY Organizations need to evolve to stay in front of rising cyber threats and their wide-reaching impact across increasingly digitized operations. Attackers continue to advance and use sophisticated techniques to infiltrate organizations which no longer have well defined perimeters. At the same time, responsibilities for detecting and responding to security It’s arguably impossible incidents are expanding beyond the security operations center (SOC). Business stakeholders continue to digitize their operations, elevating the risk and potential to prevent all cyber impact of cyber attacks.
  • North Korean Cyber Capabilities: in Brief

    North Korean Cyber Capabilities: in Brief

    North Korean Cyber Capabilities: In Brief Emma Chanlett-Avery Specialist in Asian Affairs Liana W. Rosen Specialist in International Crime and Narcotics John W. Rollins Specialist in Terrorism and National Security Catherine A. Theohary Specialist in National Security Policy, Cyber and Information Operations August 3, 2017 Congressional Research Service 7-5700 www.crs.gov R44912 North Korean Cyber Capabilities: In Brief Overview As North Korea has accelerated its missile and nuclear programs in spite of international sanctions, Congress and the Trump Administration have elevated North Korea to a top U.S. foreign policy priority. Legislation such as the North Korea Sanctions and Policy Enhancement Act of 2016 (P.L. 114-122) and international sanctions imposed by the United Nations Security Council have focused on North Korea’s WMD and ballistic missile programs and human rights abuses. According to some experts, another threat is emerging from North Korea: an ambitious and well-resourced cyber program. North Korea’s cyberattacks have the potential not only to disrupt international commerce, but to direct resources to its clandestine weapons and delivery system programs, potentially enhancing its ability to evade international sanctions. As Congress addresses the multitude of threats emanating from North Korea, it may need to consider responses to the cyber aspect of North Korea’s repertoire. This would likely involve multiple committees, some of which operate in a classified setting. This report will provide a brief summary of what unclassified open-source reporting has revealed about the secretive program, introduce four case studies in which North Korean operators are suspected of having perpetrated malicious operations, and provide an overview of the international finance messaging service that these hackers may be exploiting.
  • Never Agains IV February 2010

    Never Agains IV February 2010

    the Availability Digest www.availabilitydigest.com More Never Agains IV February 2010 It is once again time to reflect on the damage that IT systems can inflict on us mere humans. We have come a long way in ensuring the high availability of our data-processing systems. But as the following stories show, we still have a ways to go. During the last six months, hardware/software and network faults shared responsibility, each causing about one-third of the outages. The rest of the outages were caused by a variety of problems such as power failures, construction mishaps, and hacking. Rackspace Hit with Another Outage Techcrunch, June 20, 2009 – On June 20, Rackspace suffered yet another outage1 due to a power failure. The breaker on the primary utility feed powering one of its nine data centers tripped, causing data center’s generators to start up. However, a field excitation failure escalated to the point that the generators became overloaded. An attempt by Rackspace to fail over to its secondary utility feed failed because the transfer switch malfunctioned. When the data center’s batteries ran out, the data center went down. Failovers do fail. Have a contingency plan no matter the extent of your redundancy. NYSE Suffers Several Outages in Less Than a Month Reuters, July 2, 2009 – On Thursday morning, July 2, brokers on the floor of the New York Stock Exchange found that they could not route orders, causing the NYSE to halt trading in some stocks and to extend the trading day. During the previous month, a software glitch halted trading; and an order-matching problem affected timely order reconciliation.
  • Cybersecurity in a Digital Era.Pdf

    Cybersecurity in a Digital Era.Pdf

    Digital McKinsey and Global Risk Practice Cybersecurity in a Digital Era June 2020 Introduction Even before the advent of a global pandemic, executive teams faced a challenging and dynamic environ- ment as they sought to protect their institutions from cyberattack, without degrading their ability to innovate and extract value from technology investments. CISOs and their partners in business and IT functions have had to think through how to protect increasingly valuable digital assets, how to assess threats related to an increasingly fraught geopolitical environment, how to meet increasingly stringent customer and regulatory expectations and how to navigate disruptions to existing cybersecurity models as companies adopt agile development and cloud computing. We believe there are five areas for CIOs, CISOs, CROs and other business leaders to address in particular: 1. Get a strategy in place that will activate the organization. Even more than in the past cybersecurity is a business issue – and cybersecurity effectiveness means action not only from the CISO organiza- tion, but also from application development, infrastructure, product development, customer care, finance, human resources, procurement and risk. A successful cybersecurity strategy supports the business, highlights the actions required from across the enterprise – and perhaps most importantly captures the imagination of the executive in how it can manage risk and also enable business innovation. 2. Create granular, analytic risk management capabilities. There will always be more vulnerabilities to address and more protections you can consider than you will have capacity to implement. Even companies with large and increasing cybersecurity budgets face constraints in how much change the organization can absorb.
  • Availability Digest

    Availability Digest

    the Availability Digest www.availabilitydigest.com Help! My Data Center is Down! Part 3: Internet Outages December 2011 Long gone are the days of the isolated data center. Back then, batch jobs were submitted to update databases and to generate reports. Back then, turn-around times were measured in hours or even days. In today’s competitive environment, IT services are online; and instant response times are expected. What good is a data center if no one can talk to it? Orders can’t be placed or tracked. Medical records can’t be accessed. Online banking comes to a halt. Today’s data centers must be connected. They depend upon the networks that allow users to access them online reliably and with fast response times. In the old days, a company had control over its communication network. It leased lines that it used exclusively for its purposes. If it lost communications, it had direct access to its communication carrier for rapid repair. For critical applications, companies installed redundant communication facilities so that they could continue in operation even in the presence of a communications failure on one of their lines. Not so true today. More and more, companies are relying on the public Internet to connect their users with company data centers. But how reliable is the Internet? In our previous articles in this series, we related horror stories of unimaginable power failures and storage failures that took down the best-designed data centers. In this article, we explore some notable Internet failures that rendered data centers useless even though they were otherwise fully operational.
  • Potential Human Cost of Cyber Operations

    Potential Human Cost of Cyber Operations

    ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS REPORT ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Report prepared and edited by Laurent Gisel, senior legal adviser, and Lukasz Olejnik, scientific adviser on cyber, ICRC THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Table of Contents Foreword............................................................................................................................................. 3 Acknowledgements ............................................................................................................................. 4 Executive summary ............................................................................................................................. 5 Introduction....................................................................................................................................... 10 Session 1: Cyber operations in practice .………………………………………………………………………….….11 A. Understanding cyber operations with the cyber kill chain model ...................................................... 11 B. Operational purpose ................................................................................................................. 11 C. Trusted systems and software supply chain attacks ...................................................................... 13 D. Cyber capabilities and exploits ..................................................................................................
  • The Reputational Impact of It Risk

    The Reputational Impact of It Risk

    FALLOUT THE REPUTATIONAL IMPACT OF IT RISK IN ASSOCIATION WITH: CONTENTS Executive Summary ..............................................................................................................................................2 Introduction: The Black Friday data breach .................................................................................................3 Where the Risks Are: From Human Error to System Failure ................................................................ 5 Sidebar: The Promise and Perils of the Cloud............................................................................................11 Protecting Your Reputation in the Always-On World ............................................................................12 Conclusion ..............................................................................................................................................................18 Acknowledgments...............................................................................................................................................19 EXECUTIVE SUMMARY U.S. retailers were not the first to su!er a massive data breach. Nor will they be the last, as cyber attacks, security breaches and system outages proliferate. Shadow technology and expanding supply chains bring more risks. How can companies better protect their reputation by ensuring the continuous—and secure—flow of information to support their business? After all, a major part of the brand experience for most customers comes through the
  • No Internet? February 2008

    No Internet? February 2008

    the Availability Digest What? No Internet? February 2008 On Wednesday, January 30, 2008, North Africa, the Middle East, and India experienced a massive Internet outage that was destined to last for several days or even weeks.1 How did this happen? How did companies cope? Could it happen in other areas such as Europe or the United States? The Failure The bulk of data traffic from North Africa, from the Middle Eastern countries, and from India and Pakistan is routed through North Africa. There, it is carried by a set of three submarine cables that lie under the Mediterranean Sea. The cables link Alexandria, Egypt, with Palermo, Italy, where the traffic then moves on to Europe, the UK, and the Eastern United States. On January 30, 2008, two of these three cables were severed. It is not yet known why, but the predominant theory is that the cables were severed by the anchor of a huge freighter. Heavy storms had hit the area the previous day and forced Egyptian authorities to close the northern entrance to the Suez Canal at Alexandria. As a result, ships had to anchor offshore in the Mediterranean Sea, dropping their anchors to ride out the storm. It is suspected that one of the freighters dropped its anchor on top of the cables. Reportedly, the two severed cables were a kilometer apart. The storm may have dragged the freighter’s anchor across the sea bed, thus taking out both cables. The result of this catastrophe was that 75% of channel capacity was lost from the Mideast to Europe and beyond.
  • Download Thesis

    Download Thesis

    This electronic thesis or dissertation has been downloaded from the King’s Research Portal at https://kclpure.kcl.ac.uk/portal/ Cyber security and the politics of time Stevens, Timothy Charles Awarding institution: King's College London The copyright of this thesis rests with the author and no quotation from it or information derived from it may be published without proper acknowledgement. END USER LICENCE AGREEMENT Unless another licence is stated on the immediately following page this work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International licence. https://creativecommons.org/licenses/by-nc-nd/4.0/ You are free to copy, distribute and transmit the work Under the following conditions: Attribution: You must attribute the work in the manner specified by the author (but not in any way that suggests that they endorse you or your use of the work). Non Commercial: You may not use this work for commercial purposes. No Derivative Works - You may not alter, transform, or build upon this work. Any of these conditions can be waived if you receive permission from the author. Your fair dealings and other rights are in no way affected by the above. Take down policy If you believe that this document breaches copyright please contact [email protected] providing details, and we will remove access to the work immediately and investigate your claim. Download date: 25. Sep. 2021 1 ] Cyber Security and the Politics of Time Timothy Charles Stevens Thesis submitted in accordance with the requirements for the degree of Doctor of Philosophy King’s College London Department of War Studies November 2013 2 Abstract Time is an under-represented topic in security studies and International Relations (IR).
  • Privacy As a Risk Management Challenge for Corporate Practice

    Privacy As a Risk Management Challenge for Corporate Practice

    Privacy as a Risk Management Challenge for Corporate Practice By Kathleen Greenaway, Susan Zabolotniuk and Avner Levin Research Assistance provided by Judit Langhammer, Colin Rogers and Melanie Torrie March 2012 This is a work in progress which will be updated frequently. It is not for public use, duplication, citation, linking or other reference without the express written permission of the authors. PRIVACY AND CYBER CRIME INSTITUTE Acknowledgements This project has been funded through the Contribution Program of the Office of the Federal Privacy Commissioner and in-kind contributions from the Office of the Dean of the Ted Page | 2 Rogers School of Management, Ryerson University. We are grateful to both organizations for supporting research into the privacy practices of Canadian organizations. We also thank the companies and privacy experts who gave of their time and lent their expertise to assist us with this study. It is reassuring to meet Canadian business people who value research sufficiently to participate in our project. Finally, we thank our student researchers, Judit Langhammer, Colin Rogers and Melanie Torrie for their enthusiastic and able assistance. Table of Contents Acknowledgements Page | 3 Introduction Privacy Risk Management in context Project Goals and Objectives Methodology Literature Review Academic LIT Practitioner LIT Regulatory LIT The Concept of STILL TO BE SORTED Privacy as a Risk Management Privacy Risk Discipline Privacy risk as operational risk Governance considerations & etc. PRM in action in STILL TO BE SORTED Canadian Organizations & etc. CONCLUSION Summary of Findings Recommendations Future Research REFERENCES APPENDICES Lit Review tables PRM – Review of available models Page | 4 Risk/RM in Guidance Documents Research protocols Introduction Privacy Risk Management in context Organizations appear to have entered a “third phase” in their approach to the provision of Page | 5 information privacy to their customers.
  • Deutsche Nationalbibliografie

    Deutsche Nationalbibliografie

    Deutsche Nationalbibliografie Reihe T Musiktonträgerverzeichnis Monatliches Verzeichnis Jahrgang: 2015 T 05 Stand: 20. Mai 2015 Deutsche Nationalbibliothek (Leipzig, Frankfurt am Main) 2015 ISSN 1613-8945 urn:nbn:de:101-ReiheT05_2015-7 2 Hinweise Die Deutsche Nationalbibliografie erfasst eingesandte Pflichtexemplare in Deutschland veröffentlichter Medienwerke, aber auch im Ausland veröffentlichte deutschsprachige Medienwerke, Übersetzungen deutschsprachiger Medienwerke in andere Sprachen und fremdsprachige Medienwerke über Deutschland im Original. Grundlage für die Anzeige ist das Gesetz über die Deutsche Nationalbibliothek (DNBG) vom 22. Juni 2006 (BGBl. I, S. 1338). Monografien und Periodika (Zeitschriften, zeitschriftenartige Reihen und Loseblattausgaben) werden in ihren unterschiedlichen Erscheinungsformen (z.B. Papierausgabe, Mikroform, Diaserie, AV-Medium, elektronische Offline-Publikationen, Arbeitstransparentsammlung oder Tonträger) angezeigt. Alle verzeichneten Titel enthalten einen Link zur Anzeige im Portalkatalog der Deutschen Nationalbibliothek und alle vorhandenen URLs z.B. von Inhaltsverzeichnissen sind als Link hinterlegt. Die Titelanzeigen der Musiktonträger in Reihe T sind, wie sche Katalogisierung von Ausgaben musikalischer Wer- auf der Sachgruppenübersicht angegeben, entsprechend ke (RAK-Musik)“ unter Einbeziehung der „International der Dewey-Dezimalklassifikation (DDC) gegliedert, wo- Standard Bibliographic Description for Printed Music – bei tiefere Ebenen mit bis zu sechs Stellen berücksichtigt ISBD (PM)“ zugrunde.