The OAD survey is based on a web questionnaire with predefined answers, which guarantees the total anonymity of the respondents: the questionnaire does not require detailed technical answers, so it is not possible to trace them back to the respondent 's informatics systems.
As a web survey, with "voluntary" responses by respondents (by respondents which are non predefined and therefore does not represent a statistic sample), the OAD survey does not and can not have a strict statistical value, not referring over time to a predefined pool of respondents in the various product sectors; but given the number of answers and the good balance between companies / entities by size, as a number of employees, and by sectors, the OAD survey provides precise and significant indications of the phenomenon of digital attacks and their trends in Italy.
The comparisons between the data of one year with those of the previous ones are therefore not statistically valid and correct, even if they provide a significant and valid indication of the attacks phenomenon and its trends
Determinant for the survey is the breadth of the pool of potential respondents diversified by organizational size and by sectors. As can be seen from each Report, and in particular in the last years, OAD tries to cover the different product sectors, according to the ATECO classification (see: http://www3.istat.it/strumenti/definizioni/ateco/) and companies / institutions of all sizes.
The potential pool of respondents is based on the set of e-mail addresses of the lists of AIPSI, Reportec, Malabo and the OAD sponsors.
These adresses mainly concern the roles of CIO, CISO, System Administrator, other staff people within the organizational structure that manages informatics systems, third-party managers of providers of hosting/cloud services and their security. For small and very small businesses the respondents are often the owners and / or the person at the top.
The various product sectors and the Central and Local Public Administrations are all represented by the respondents, but only the manufacturing and service sectors, including ICT, have had a strong and significant presence in the past.
For the future, OAD will seek to broaden the respondents' pool significantly, in particular through collaboration and advocacy agreements with the OAD sector, such as lawyers, retailers, notaries, hoteliers and restaurateurs, retailers and high schools. of the Universities.
In addition to e-mails, potential respondents are informed of the questionnaire through conferences, articles, banners and pages on the websites of the Sponsors (as well as AIPSI, Malabo and Reportec) and the various "social networks" concerning ICT and security digital. In some cases CIO and CISO, above all medium and large enterprises on demand and ICT supply, are contacted directly by telephone.
The Questionnaire remains accessible online via the web for about three months and in this time the potential respondents receive, on the various kennels listed above, prompt to fill out the questions on the online questionnaire with predefined answers to choose from.
The questionnaire is completely anonymous: no personal and / or identifying information of the compiler and his / her company / organization is requested, nor is his IP address registered, the date of compilation is not specified on the database of the answers .
All the data provided are used only for the purposes of overall analysis and in any case the level of detail on the technical characteristics of the ICT systems does not allow in any way to be able to trace back to the responding company / entity.
To guarantee an additional level of protection and avoid the submission of multiple questionnaires completed by the same person, the questionnaire, once completed and saved, can no longer be changed, and from the same workplace it is no longer possible to fill in a second time. survey.
AIPSI, Malabo and Reportec guarantee total confidentiality on the answers collected, used only for OAD investigations, the production of reports and the eventual presentation of results in events.