AUTHORS: Lukáš Pavlík

Download as PDF

ABSTRACT: Many small and medium-sized organizations face very frequent attacks on their information systems and valuable assets. One of the ways to face and prevent the occurrence of damage from these undesirable events is to insure information systems against cyber-risk. This paper presents the possibilities of modeling the impact of cyber threats on selected organizational parameters. The main results, which are based on the interaction of cyber threats and identified parameters, can then be intercepted in the context of cyber-risk insurance. The main findings can be used as a platform for setting optimal insurance coverage for the organization.

KEYWORDS: information system, risk, cyber threat, parameter, modeling, impact, costs

REFERENCES:

[1] T. Bandyopadhyay, Organizational Adoption of Cyber Insurance Instruments in it Security Risk Management, in: SAIS 2012 Proceedings, pp. 348 – 361.

[2] S. Mansfield-Devine, Security guarantees: building credibility for security vendors, Netw. Secur. 2016, Vol. 2, pp. 14–18.

[3] P. Naghizadeh, M. Liu, Voluntary participation in cyber-insurance markets, in: Proceedings of the 2014 Annual Workshop on Economics in Information Security, 2014, pp. 251 – 262.

[4] D.K. Saini, I. Azad, N.B. Raut, L.A. Hadimani, Utility implementation for cyber risk insurance modeling, in: Proceedings of the World Congress on Engineering, Vol. 1, 2011, pp. 346 – 358.

[5] G. Schwartz, N. Shetty, J.C. Walrand, Why cyber-insurance contracts fail to reflect cyber-risks, in: Proceeding Sof the 51st Annual Allerton Conference, 2013, pp. 781–787.

[6] S. Chaisiri, R.K.L. Ko, D. Niyato, A joint optimization approach to security-asaservice allocation and cyber insurance management, in: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1, 2015, pp. 426–433.

[7] F. Martinelli, A. Yautsiukhin, Security by insurance for services, in: Proceedings of the 1st International Workshop on Cyber Resilience Economics, 2016, pp. 25 – 36.

[8] B. Johnson, A. Laszka, J. Grossklags, The complexity of estimating systematic risk in networks, in: Proceedings of the 27th IEEE Computer Security Foundations Symposium, CSF, 2014.

[9] L. Krautsevich, F. Martinelli, A. Yautsiukhin, Formal analysis of security metrics and risk, in: Proceedings of the IFIP Workshop on Information Security Theory and Practice, in: Lecture Notes in Computer Science, vol. 6633, 2011, pp. 304–319.

[10] A. Mukhopadhyay, G.K. Shukla, P. Kirs, K.K. Bagchi, Quntifying e-risk for cyber-insurance using logit anf probit models, in: Proceedings of the 8th Annual Symposium on Information Assurance, 2013, pp. 425 – 436.

[11] B. Johnson, J. Grossklags, N. Christin, J. Chuang, Are security experts useful? Bayesian nash equilibria for network security games with limited information, in: D. Gritzalis, B. Preneel, M. Theoharidou (Eds.), Proceedings of the 15th European Symposium on Research in Computer Security, Springer, 2010, pp. 588–606.

[12] G.E. Rejda, Principles of Risk Management and Insurance, 10th edition Pearson Publication, 2010.

[13] J. Yan, G.K. Tayi, Allocation of resources to cyber-security: the effect of misalignment of interest between managers and investors, Decis. Support. Syst. 75, (2015) pp. 49–62.

WSEAS Transactions on Business and Economics, ISSN / E-ISSN: 1109-9526 / 2224-2899, Volume 15, 2018, Art. #53, pp. 522-528


Copyright Β© 2018 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution License 4.0