Towards the Insurance of Healthcare Systems

Autor: Michail Smyrlis, Michalis Antoniou, Panos Chatziadam, Eftychia Lakka, George Hatzivasilis, Sotiris Ioannidis, Alessia Alessio, Andreas Miaoudakis, George Spanoudakis, Nikos Stathiakis, Artsiom Yautsiukhin
Jazyk: angličtina
Rok vydání: 2020
Předmět:
Zdroj: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, pp. 185–198, Luxembourg, 26/09/2019
info:cnr-pdr/source/autori:Hatzivasilis G. (1); Chatziadam P. (1); Miaoudakis A. (1); Lakka E. (1); Ioannidis S. (1); Alessio A. (2); Smyrlis M. (3); Spanoudakis G. (3); Yautsiukhin A. (4); Antoniou M. (5); Stathiakis N. (6)/congresso_nome:ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC/congresso_luogo:Luxembourg/congresso_data:26%2F09%2F2019/anno:2020/pagina_da:185/pagina_a:198/intervallo_pagine:185–198
Computer Security ISBN: 9783030420505
IOSec/MSTEC/FINSEC@ESORICS
Lecture Notes in Computer Science
Lecture Notes in Computer Science-Computer Security
Computer Security-ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26–27, 2019, Revised Selected Papers
ISSN: 0302-9743
1611-3349
DOI: 10.1007/978-3-030-42051-2_13
Popis: Insurance of digital assets is becoming an important aspect nowadays, in order to reduce the investment risks in modern businesses. GDPR and other legal initiatives makes this necessity even more demanding as an organization is now accountable for the usage of its client data. In this paper, we present a cyber insurance framework, called CyberSure. The main contribution is the runtime integration of certification, risk management, and cyber insurance of cyber systems. Thus, the framework determines the current level of compliance with the acquired policies and provide early notifications for potential violations of them. CyberSure develops CUMULUS certification models for this purpose and, based on automated (or semi-automated) certification carried out using them, it develops ways of dynamically adjusting risk estimates, insurance policies and premiums. In particular, it considers the case of dynamic certification, based on continuous monitoring, dynamic testing and hybrid combinations of them, to adapt cyber insurance policies as the conditions of cyber system operation evolve and new data become available for adjusting to the associated risk. The applicability of the whole approach is demonstrated in the healthcare sector, for insuring an e-health software suite that is provided by an IT company to public and private hospitals in Greece. The overall approach can reduce the potential security incidents and the related economic loss, as the beneficiary deploys adequate protection mechanisms, whose proper operation is continually assessed, benefiting both the insured and the insurer.
Databáze: OpenAIRE