Potential Rating Indicators for Cyberinsurance: An Exploratory Qualitative Study

Innerhofer-Oberperfler, Frank; Breu, Ruth

doi:10.1007/978-1-4419-6967-5_13

Cited by 5 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 3 illustrates what might be additional data ingredients going into the funnel. A vast set of rating indicators for cyber insurance have been identified by Innerhofer-Oberperfler and Breu (Innerhofer-Oberperfler & Breu, 2010), but reference datasets must be made available in order to enrich the generic risk model and create more accurate risk profiles. We share the same positive opinion as Biener et al (Biener, Eling, & Wirfs, 2015), that with increased marked development, we can expect better data sources as risk pools grow larger.…”

Section: Discussionmentioning

confidence: 99%

When to Treat Security Risks with Cyber Insurance

Meland

Seehusen

2018

2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA)

View full text Add to dashboard Cite

Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.

show abstract

Section: Discussionmentioning

confidence: 99%

When to Treat Security Risks with Cyber Insurance

Meland

Seehusen

2018

2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA)

View full text Add to dashboard Cite

show abstract

“…In [35], a model based on the results of an exploratory qualitative study with the participation of experts is proposed. The purpose of the model is to identify potential rating variables that could be used to calculate a premium for insurance against cybersecurity risks.…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

“…The works [34,35] are made by the same author and can be considered as a representation of the same model, but from different points of view. Because of this, in the future they are considered as a single model.…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

Development of the concept for determining the level of critical business processes security

Yevseiev

Milov

Zviertseva

et al. 2023

EEJET

View full text Add to dashboard Cite

The development of technologies and computing resources not only expanded the spectrum of digital services in all areas of human activity, but also defined the spectrum of targeted cyber attacks. The object of the study is the process of ensuring the safety of critical business processes that ensure the continuity of production and/or functioning of the company/organization/enterprise as a whole. Targeted attacks are aimed at destroying not only the business structure, but also its individual components that determine critical business processes. Continuity of such business processes is a critical component of any company, organization or enterprise of any form of government, which critically affects the earning of profits or the organization of production processes. The proposed concept of determining the security level of critical business processes is based on the need to use multi-loop information protection systems. This allows to ensure the continuity of critical business processes through a timely objective assessment of the level of security and the timely formation of preventive measures. This approach is based on the proposed rules for determining the achievement of a given level of security, which are based on assessments of the integrity, availability and confidentiality of information arrays, as well as computer equipment in relation to various points of the organization's business processes. The use of threat integration on the internal and external contours of the protection system allows to ensure the necessary level of security and continuity of the production/technological process of critical business processes. The proposed practical implementation of the system security level assessment system in the declarative programming language Prolog, which allows to form requirements regarding the achievement of a given system security level depending on the state assessments of individual system components

show abstract

“…More quantitative and tool based approaches like CORAS [10], provide customized language for modeling the risks and threats. CORAS is a framework for model-based security risk analysis consisting of a language, a method, and a tool.…”

Section: Risk Assessment and Managementmentioning

confidence: 99%

CyberSure: A Framework for Liability Based Trust

et al. 2020

View full text Add to dashboard Cite

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems. Creating such policies will enhance the trustworthiness of cyber systems and provide a sound basis for liability in cases of security and privacy breaches in them. The framework is supported by a platform of tools enabling an integrated risk cyber system security risk analysis, certification and cyber insurance, based on the analysis of objective evidence during the operation of such systems. CyberSure develops its cyber insurance platform by building upon and integrating state of the art tools, methods and techniques. The development of the CyberSure platform is driven by certification, risk analysis and cyber insurance scenarios for cyber system pilots providing cloud and e-health services. Through these, CyberSure addresses the conditions required for offering effective cyber insurance for interoperable service chains cutting across application domains and jurisdictions. CyberSure platform aims to tackle the challenges of offering cyber insurance for interoperable service chains cutting across application domains and jurisdictions.

show abstract

Potential Rating Indicators for Cyberinsurance: An Exploratory Qualitative Study

Cited by 5 publications

References 22 publications

When to Treat Security Risks with Cyber Insurance

When to Treat Security Risks with Cyber Insurance

Development of the concept for determining the level of critical business processes security

CyberSure: A Framework for Liability Based Trust

Contact Info

Product

Resources

About