Forewarned is Forearmed: Indicators for Evaluating Information Security Incident Management

Bernsmed, Karin; Tøndel, Inger Anne

doi:10.1109/imf.2013.14

Cited by 6 publications

(1 citation statement)

References 4 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the capability of recognizing, adapting to and coping with the unexpected [42] is relevant for this. In the safety domain, research has progressed on measuring organisational resilience through risk awareness, response capacity and support [32], and such a measurement framework has been adapted to the ICT domain [7]. Rapid changes are additionally a challenge for collecting reliable actuarial data, as changes in technology and attacker profiles can cause empirical information on incidents to quickly become outdated [8,24,26].…”

Section: Control Identificationmentioning

confidence: 99%

Differentiating Cyber Risk of Insurance Customers: The Insurance Company Perspective

Tøndel¹,

Seehusen²,

Gjære³

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Part 1: The International Cross Domain Conference (CD-ARES 2016)International audienceAs a basis for offering policy and setting tariffs, cyber-insurance carriers need to assess the cyber risk of companies. This paper explores the challenges insurance companies face in assessing cyber risk, based on literature and interviews with representatives from insurers. The interview subjects represent insurance companies offering cyber-insurance in a market where this is a new and unknown product. They have limited historical data, with few examples of incidents leading to payout. This lack of experience and data, together with the need for an efficient sales process, highly impacts their approach to risk assessment. Two options for improving the ability to perform thorough yet efficient assessments of cyber risk are explored in this paper: basing analysis on reusable sector-specific risk models, and including managed security service providers (MSSPs) in the value chain

show abstract

Section: Control Identificationmentioning

confidence: 99%

Differentiating Cyber Risk of Insurance Customers: The Insurance Company Perspective

Tøndel¹,

Seehusen²,

Gjære³

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Metrics and Indicators of Information Security Incident Management: A Systematic Mapping Study

Cadena

Gualoto

Fuertes

et al. 2019

Smart Innovation, Systems and Technologies

View full text Add to dashboard Cite

Learning from cyber security incidents: A systematic review and future research agenda

Patterson

Nurse

Franqueira

2023

Computers & Security

View full text Add to dashboard Cite

Forewarned is Forearmed: Indicators for Evaluating Information Security Incident Management

Abstract: This paper presents a method for evaluating an organization's ability to manage security incidents. The method is based on resilient thinking, and describes how to identify, select and implement early-warning indicators for information security incident management.

Cited by 6 publications

References 4 publications

Differentiating Cyber Risk of Insurance Customers: The Insurance Company Perspective

Differentiating Cyber Risk of Insurance Customers: The Insurance Company Perspective

Metrics and Indicators of Information Security Incident Management: A Systematic Mapping Study

Learning from cyber security incidents: A systematic review and future research agenda

Contact Info

Product

Resources

About