Reducing Informational Disadvantages to Improve Cyber Risk Management†
| Autor: | Kevin Kwiat, Laurent Njilla, Michael K. McShane, Jay P. Kesan, Charles A. Kamhoua, Linfeng Zhang, Sachin Shetty |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
021110 strategic
defence & security studies Economics and Econometrics business.industry 0211 other engineering and technologies Bayesian network 02 engineering and technology Attack graph General Business Management and Accounting Incentive Information asymmetry Risk analysis (engineering) Vulnerability assessment 020204 information systems Accounting 0202 electrical engineering electronic engineering information engineering Cyber-Insurance business Finance Risk management Interdependent security |
| Zdroj: | The Geneva Papers on Risk and Insurance - Issues and Practice. 43:224-238 |
| ISSN: | 1468-0440 1018-5895 |
| DOI: | 10.1057/s41288-018-0078-3 |
| Popis: | Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. To address this problem, this paper proposes the Cyber Risk Scoring and Mitigation (CRISM) tool, which estimates cyberattack probabilities by directly monitoring and scoring cyber risk based on assets at risk and continuously updated software vulnerabilities. CRISM also produces risk scores that allow organisations to optimally choose mitigation policies that can potentially reduce insurance premiums. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full text from SpringerLink