SECONDO: A Platform for Cybersecurity Investments and Cyber Insurance Decisions

Farao, Aristeidis; Panda, Sakshyam; Menesidou, Sofia Anna; Veliou, Entso; Episkopos, Nikolaos; Kalatzantonakis, George; Mohammadi, Farnaz; Georgopoulos, Nikolaos; Sirivianos, Michael; Salamanos, Nikos; Loizou, Spyros; Pingos, Michalis; Polley, John W.; Fielder, Andrew; Panaousis, Emmanouil; Xenakis, Christos

doi:10.1007/978-3-030-58986-8_5

Cited by 19 publications

(10 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed ontology will be used between the Insured, the Broker and the Agent. We have to note the cyber insurance ontology is not standalone, but it is part of the SECONDO [4] architecture, which is responsible for providing a holistic security solution as a platform for organizations to fight cyber risks providing them with innovative security controls including risk transfer.…”

Section: System Architecturementioning

confidence: 99%

“…As the cyber-attacks become more sophisticated targeting a broad range of companies and state or private institutions, the cybersecurity is evolving too, together with the cyber-insurance. Cyber insurance is a rapidly developing area and an alternative way to deal with residual risks [4], [13]. Cyber-insurance is a powerful tool to incentivize the market towards protecting online businesses from information technology-related risks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Analyzing Coverages of Cyber Insurance Policies Using Ontology

Charalambous

Farao

Kalantzantonakis³

et al. 2022

Proceedings of the 17th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

In an era where all the transactions, businesses and services are becoming digital and online, the data assets and the services protection are of utmost importance. Cyber-insurance companies are offering a wide range of coverages, but they also have exclusions. Customers of these companies need to be able to understand the terms and conditions of the related contracts and furthermore they need to be able to compare various offerings in order to determine the most appropriate solutions for their needs. The research in the area is very limited while at the same time the related market is growing, giving every potential solution a high value. In this paper, we propose a methodology and a prototype system that will help customers to compare contracts based on a pre-defined ontology that is describing cyber-insurance terms. After a first preliminary analysis and validation, our approach accuracy is averaging at almost 50%, giving a promising initial evaluation. Fine tuning, larger data set assessment and ontology refinement will be our next steps to improve the accuracy of our tool. Real user evaluation will follow, in order to evaluate the tool in real world cases.

show abstract

Section: System Architecturementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Analyzing Coverages of Cyber Insurance Policies Using Ontology

Charalambous

Farao

Kalantzantonakis³

et al. 2022

Proceedings of the 17th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this context, [2] introduces a conceptual framework for cybersecurity investments and cyber insurance decisions. The framework advocates the use of SCs for cyber insurance coverage and premium management as one of its key pillars.…”

Section: Background and Related Workmentioning

confidence: 99%

SaCI: A Blockchain-Based Cyber Insurance Approach for the Deployment and Management of a Contract Coverage

Franco

Berni

Scheid

et al. 2021

Economics of Grids, Clouds, Systems, and Services

View full text Add to dashboard Cite

The cyber insurance market is still in its infancy but growing fast. Novel models and standards for this particular insurance market are essential due to the use of modern IT (Information Technology) and since insurance providers need to create suitable models for customers. In this work, a refreshing approach SaCI for the deployment and management of contract coverage is introduced. SaCI translates relevant information of a cyber insurance contract to Smart Contracts (SC) running on the Blockchain (BC). Thus, SaCI (i) allows for recording agreements in an immutable way, (ii) simplifies interactions between stakeholders (e.g., customers and insurers), and (iii) ensures a trustworthy and transparent process during the life-cycle of the contract. A case study is provided to show evidence of the feasibility of the approach, which is backed by a cost analysis and discussion regarding especially the application of BCs.

show abstract

“…Existing work on cyber risk management has covered specific aspects such as cyber security culture, awareness and training [28,38], the impact and mitigation of cyber-attacks [7,25,33] and the cyber risk management process [5,32]. Organisations must implement effective cyber risk management practices aligned with their business objectives through protection [4,6,24,29,36], mitigation [7,16,28] and insurance [5,26,30] to contain the cyber risk and exposure. Risk management is a continuous process that must acknowledge the changing internal and external environment of the organisation.…”

Section: Introductionmentioning

confidence: 99%

MITRE ATT&CK-driven Cyber Risk Assessment

Ahmed

Panda

Xenakis

et al. 2022

Proceedings of the 17th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Assessing the risk posed by Advanced Cyber Threats (APTs) is challenging without understanding the methods and tactics adversaries use to attack an organisation. The MITRE ATT&CK provides information on the motivation, capabilities, interests and tactics, techniques and procedures (TTPs) used by threat actors. In this paper, we leverage these characteristics of threat actors to support informed cyber risk characterisation and assessment. In particular, we utilise the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack. We further identify attack paths with the highest likelihood of success considering the techniques and procedures of a threat actor. The assessment is supported by a case study of a health care organisation to identify the level of risk against two adversary groups-Lazarus and menuPass.

show abstract

SECONDO: A Platform for Cybersecurity Investments and Cyber Insurance Decisions

Cited by 19 publications

References 12 publications

Analyzing Coverages of Cyber Insurance Policies Using Ontology

Analyzing Coverages of Cyber Insurance Policies Using Ontology

SaCI: A Blockchain-Based Cyber Insurance Approach for the Deployment and Management of a Contract Coverage

MITRE ATT&CK-driven Cyber Risk Assessment

Contact Info

Product

Resources

About