Abstract
CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems. Creating such policies will enhance the trustworthiness of cyber systems and provide a sound basis for liability in cases of security and privacy breaches in them. The framework is supported by a platform of tools enabling an integrated risk cyber system security risk analysis, certification and cyber insurance, based on the analysis of objective evidence during the operation of such systems. CyberSure develops its cyber insurance platform by building upon and integrating state of the art tools, methods and techniques. The development of the CyberSure platform is driven by certification, risk analysis and cyber insurance scenarios for cyber system pilots providing cloud and e-health services. Through these, CyberSure addresses the conditions required for offering effective cyber insurance for interoperable service chains cutting across application domains and jurisdictions. CyberSure platform aims to tackle the challenges of offering cyber insurance for interoperable service chains cutting across application domains and jurisdictions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Mehari 2010: risk analysis and treatment guide. club de la securite de l’information francias, August 2010. [cm03] C. Copeland J. Moteff, Science John Fischer Resources, and Industry Division
Amutio, M., Candau, J., Mañas, J.: Magerit-version 3, methodology for information systems risk analysis and management, book I-the method. Ministerio de Administraciones Públicas (2014)
Anisetti, M., Ardagna, C.A., Damiani, E.: A certification-based trust model for autonomic cloud computing systems. In: 2014 International Conference on Cloud and Autonomic Computing, pp. 212–219 (September 2014). https://doi.org/10.1109/ICCAC.2014.8
Böhme, R., Schwartz, G., et al.: Modeling cyber-insurance: towards a unifying framework. In: WEIS (2010)
Bolot, J., Lelarge, M.: Cyber insurance as an incentivefor internet security. In: Johnson, M.E. (ed.) Managing Information Risk and the Economics of Security, pp. 269–290. Springer, Boston (2009). https://doi.org/10.1007/978-0-387-09762-6_13
Calder, A., Watkins, S.: IT Governance: An International Guide to Data Security and ISO27001/ISO27002. Kogan Page Publishers, London (2012)
Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro: improving the information security risk assessment process. Technical report, Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst (2007)
CyberSure: Deliverable D2.2: CyberSurevalidation framework. http://www.cybersure.eu/m/filer_public/15/e4/15e47988-2b90-4828-ae63-4a4c4c9ccef3/cybersure_-_d22_final.pdf. Accessed 05 July 2019
Enisa: Incentives and barriers of the cyber insurance market in Europe. https://www.enisa.europa.eu/publications/incentives-and-barriers-of-the-cyber-insurance-market-in-europe. Accessed 05 June 2019
Fredriksen, R., Kristiansen, M., Gran, B.A., Stølen, K., Opperud, T.A., Dimitrakos, T.: The CORAS framework for a model-based risk management process. In: Anderson, S., Felici, M., Bologna, S. (eds.) SAFECOMP 2002. LNCS, vol. 2434, pp. 94–105. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45732-1_11
Innerhofer-Oberperfler, F., Breu, R.: Potential rating indicators for cyberinsurance: an exploratory qualitative study. In: Moore, T., Pym, D., Ioannidis, C. (eds.) Economics of Information Security and Privacy, pp. 249–278. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-6967-5_13
Katopodis, S., Spanoudakis, G., Mahbub, K.: Towards hybrid cloud service certification models. In: 2014 IEEE International Conference on Services Computing, pp. 394–399, June 2014. https://doi.org/10.1109/SCC.2014.59
Kruger, R., Eloff, J.H.P.: A Common Criteria framework for the evaluation of information technology systems security. In: Yngström, L., Carlsen, J. (eds.) Information Security in Research and Business. ITIFIP, pp. 197–209. Springer, Boston (1997). https://doi.org/10.1007/978-0-387-35259-6_16
Lagazio, M., Barnard-Wills, D., Rodrigues, R., Wright, D.: Certification schemes for cloud computing. EU Commission report (2014)
Marotta, A., Martinelli, F., Nanni, S., Orlando, A., Yautsiukhin, A.: Cyber-insurance survey. Comput. Sci. Rev. 24, 35–61 (2017). https://doi.org/10.1016/j.cosrev.2017.01.001. http://www.sciencedirect.com/science/article/pii/S1574013716301137
Nikolopoulou, A.: The directive on security of networks and information systems (NIS Directive) from a practical view (2019)
Podolak, G.D.: Insurance for cyber risks: a comprehensive analysis of the evolving exposure, today’s litigation, and tomorrow’s challenges. Quinnipiac L. Rev. 33, 369 (2014)
Romanosky, S., Ablon, L., Kuehn, A., Jones, T.: Content analysis of cyber insurance policies: how do carriers price cyber risk? J. Cybersecur. 5(1) (2019). https://doi.org/10.1093/cybsec/tyz002
Spanoudakis, G., Damiani, E., Mana, A.: Certifying services in cloud: the case for a hybrid, incremental and multi-layer approach. In: 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering, pp. 175–176. IEEE (2012)
Acknowledgements
This work was supported by the European Commission through the project CONCORDIA Horizon 2020 Research and Innovation program under Grant Agreement No. 830927 and CYBERSURE Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie Grant Agreement No. 734815.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Christou, G., Papadogiannaki, E., Diamantaris, M., Torterolo, L., Chatziadam, P. (2020). CyberSure: A Framework for Liability Based Trust. In: Fournaris, A., et al. Computer Security. IOSEC MSTEC FINSEC 2019 2019 2019. Lecture Notes in Computer Science(), vol 11981. Springer, Cham. https://doi.org/10.1007/978-3-030-42051-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-42051-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42050-5
Online ISBN: 978-3-030-42051-2
eBook Packages: Computer ScienceComputer Science (R0)