ABSTRACT
Historically, the financial benefits of cyber security investments have not been calculated with the same financial discipline used to evaluate other material investments. This was mainly due to a lack of readily available data on cyber incidents impacts and systematic methodology to support the efficacy of cyber investments. In this paper we propose an innovative, cyber investment management framework named RiSKi that incorporates detection and continuous monitoring of insiders societal behavior, to the extent permitted by the law, to proactively address implied anomalies and threats and their potential business impact and risks. Moreover, it provides access to published security incidents data to enable businesses to advance their understanding of cybersecurity and awareness of the threats and consequences related to cyber breaches, and, eventually, enable faster recovery from an event. RiSKI armed with the above information, employs a methodology, and develops a supporting scenario-based cyber investment tool, for quantifying the benefits of cybersecurity investments against the many ways that potential cyber risks can affect the operation of a business.
- ISTR, Internet Security Threat Report, Symantec, Vol. 22, April 2017.Google Scholar
- ENISA, Cybersecurity as an Economic Enabler, March 2016.Google Scholar
- O.H. Alhazmi, Y.K. Malaiya, and I. Ray. 2007. Measuring, analyzing and predicting security vulnerabilities in software systems. Computer Security, Elsevier, 26, 3, 219--228, 2007. Google ScholarDigital Library
- NIST SP 800-55, "Performance Measurement Guide for Information Security", http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdfGoogle Scholar
- LondonAssembly, Police and Crime Committee, "Tightening the net The Metropolitan Police Service's response to online theft and fraud", March 2015Google Scholar
- Mayer-Schönberger and K. Cukier, "Big Data: A Revolution that Will Transform how We Live, Work, and Think", Houghton Mifflin HarcourtGoogle Scholar
- R. Anderson, C. Barton, R. Böhme, R. Clayton, M.J. Van Eeten, M. Levi, T. Moore, and S. Savage. "Measuring the cost of cybercrime", Econ. Inf. Secur. Priv., Springer, pp. 265--300, 2013Google ScholarCross Ref
- L.A. Gordon and M.P. Loeb, "The economics of information security investment", ACM Transactions on Information System Security, (TISSEC), 5(4), 438--457, 2002. Google ScholarDigital Library
- H. Varian, "Fifth International Conference on Electronic Commerce (ICEC), ACM, 2003, pp. 355--366Google Scholar
- S. Moitra, S. Konda, "The survivability of network systems: An empirical analysis", Carnegie Mellon Software Engineering Institute, Technical Report, CMU/SEI-200-TR-021.Google Scholar
- R. Pal and L. Golubchik, "Analyzing self-defense investments in the internet under cyber-insurance coverage", In IEEE International Conference on Distributed Computing Systems (ICDCS), 2010 Google ScholarDigital Library
- R. Pal, L. Golubchik, and K. Psounis. "Aegis: A novel cyber-insurance model" IEEE/ACM GameSec, 2011. Google ScholarDigital Library
Index Terms
- RiSKi: A Framework for Modeling Cyber Threats to Estimate Risk for Data Breach Insurance
Recommendations
Between a rock and a hard(ening) place: Cyber insurance in the ransomware era
Highlights- A study of the extent to which cyber insurance can mitigate the ransomware threat.
- Ransomware has hardened the market, raising barriers for entry for insureds.
- Cyber insurance offers policyholders significant support in the event ...
AbstractCyber insurance and ransomware are two of the most studied areas within security research and practice to date, and their interplay continues to raise concerns in industry and government. This article offers substantial new insights and analysis ...
Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance
AbstractMalicious external attackers commonly use cyber threats (such as virus attacks, denial-of-service (DoS) attacks, financial fraud, system penetration, and theft of proprietary information), while internal attackers resort to unauthorized access to ...
What Ails Cyber Insurance? An Analysis of Barriers and Drivers Using Fuzzy TOPSIS Method
AbstractThe Cyber Insurance market is very puny compared to the other lines of Insurance. Despite a considerable spate of data breaches and a phenomenal increase in cybercrimes in recent years, cyber insurance does not appear to have grown proportionately,...
Comments