Ir al contenido

Documat

Some Risk Analysis Problems in Cyber Insurance Economics

  • David Ríos Insua [1] ; Aitor Couce-Vieira [1] ; Kreshnik Musaraj [2]
    1. [1] Consejo Superior de Investigaciones Científicas

      Consejo Superior de Investigaciones Científicas

      Madrid, España

    2. [2] AXA Technology Services, La Défense. 92400 Courbevoie, France.
  • Localización: Estudios de economía aplicada, ISSN 1133-3197, ISSN-e 1697-5731, Vol. 36, Nº 1 (Volumen Conmemorativo XXV Aniversario), 2018 (Ejemplar dedicado a: Retos futuros en Economía Aplicada), págs. 181-194
  • Idioma: inglés
  • DOI: 10.25115/eea.v36i1.2523
  • Títulos paralelos:
    • Algunos problemas de análisis de riesgos en Economía de los ciberseguros
  • Enlaces
  • Resumen
    • español

      Las ciber amenazas afectan a todo tipo de organizaciones, causando frecuentes y costosos impactos globalmente. Recientemente, han surgido productos de ciberseguro con el potencial de reducir el impacto de los riesgos en el ciberespacio. Sin embargo, aún tienen que madurar. En este artículo presentamos varios modelos de análisis de riesgos que podrían facilitar la implantación y adopción de ciberseguros. Estos modelos, descritos como diagramas de influencia y diagramas de influencia bi-agente, aportan un marco para estimar el impacto económico de los ciber riesgos a los que se enfrentan aseguradores y asegurados, así como también para calcular sus estrategias óptimas de mitigación y transferencia del riesgo.

    • English

      Cyber threats affect all kinds of organisations with frequent and costly impacts worldwide. Cyber insurance products have recently emerged with the potential of lowering the impact of cyberspace risks. However, they have yet to mature. In this paper we present several risk analysis models that may facilitate the implementation and adoption of cyber insurance. These models, described in terms of influence diagrams and bi-agent influence diagrams, provide a framework for estimating the economic impact of cyber risks that may face insurers and insurees as well as calculating their optimal risk mitigation and transfer strategies.

  • Referencias bibliográficas
    • ANDERSON, R. and FULORIA, S. (2010). “Security Economics and Critical National Infrastructure”. In MOORE, T., PYM, D. and IONNIADIS, C. (ed.):...
    • ANDRESS, J. AND WINTERFELD, S., (2013). Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners. Waltham, MA (USA): Syngress.
    • BALCHANOS, M.G. (2012). A Probabilistic Technique for the Assessment of Complex Dynamic System Resilience. Ph.D. Thesis, Georgia Institute...
    • BANKS, D., RÍOS INSUA, D. and RÍOS, J. (2015). Adversarial Risk Analysis. New York (USA): Chapman and Hall/CRC.
    • BRENNER, J.F. (2013). “Eyes Wide Shut: The Growing Threat of Cyber Attacks on Industrial Control Systems”. Bulletin of the Atomic Scientists,...
    • CARDENAS, A., AMIN, S., SINOPOLI, B., GIANI, A., PERRIG, A. and SASTRY, S. (2009). “Challenges for Securing Cyber Physical Systems”. Workshop...
    • CLEMEN, R. T. and REILLY, T. (2013). Making Hard Decisions with Decision Tools. Independence. KY (USA): Cengage Learning.
    • COMMAND FIVE PTY LTD, Australia (2011). Advanced Persistent Threats: A Decade in Review.
    • COOKE, R. and BEDFORD., T. (2001). Probabilistic Risk Analysis: Foundations and Methods. Cambridge (UK): Cambridge University Press.
    • COX, L. A. (2008). “What’s Wrong with Risk Matrices?”. Risk Analysis, Vol. 28, No. 2, pp. 497–512.
    • DANTU, R., KOLAN, P., AKL, R. and LOPER, K. (2007). “Classification of Attributes and Behavior in Risk Management Using Bayesian Networks”....
    • DENARDIS, L. (2015). “Five Destabilizing Trends in Internet Governance”. I/S: A Journal of Law and Policy for the Information Society, Vol....
    • DEFENSE SCIENCE BOARD, DEPARTMENT OF DEFENSE, USA (2013). Task Force Report: Resilient Military Systems and the Advanced Cyber Threat.
    • HERLEY, C. and FLORÊNCIO, D. (2010). “Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy”. In...
    • NATIONAL TECHNICAL AUTHORITY FOR INFORMATION ASSURANCE, UK (2012). HMG IA Standard Number 1.
    • INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (2013). ISO/IEC 27001:2013, Information Technology - Security Techniques - Information Security...
    • INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (2011). ISO/IEC 27005:2011, Information Technology - Security Techniques - Information Security...
    • LEE, R. M., ASSANTE, J. and CONWAY, T. (2014). ICS Defense Use Case Dec 301, 2014 - German Steel Mill Cyber Attack. SANS Institute, USA.
    • LI, Z., LIAO, Q. and STRIEGEL, A. (2009). “Botnet Economics: Uncertainty Matters”. In Johnson, M.E. (ed.): Managing Information Risk and the...
    • LOW, P. (2017). “Insuring Against Cyber-Attacks”. Computer Fraud & Security, Vol. 2017, No. 4, pp. 18-20.
    • LLOYD’S, UK (2017). Counting the Cost - Cyber Exposure Decoded.
    • LUND, M.S., SOLHAUG, B. and STØLEN, K. (2010). Model-Driven Risk Analysis: The CORAS Approach. Heidelberg (Germany): Springer.
    • MANIMARAN, C.-C., TEN, G., and LIU, C.-W. (2008). “Vulnerability Assessment of Cybersecurity for SCADA Systems”. IEEE Transactions on Power...
    • MAROTTA, A., MARTINELLY, F., NANNI, S., ORLANDO, A., and YAUTSIUKHIN, A. (2017). “Cyber-Insurance Survey”. Computer Science Review, Vol. 24,...
    • MCAFFE (USA) (2014). Net Losses: Estimating the Global Cost of Cybercrime.
    • NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY, USA (2012). NIST Special Publication 800-30 Rev. 1 - Guide for Conducting Risk Assessments.
    • ORTEGA, J., RIOS INSUA, D., and CANO, J. (2017). “Adversarial Risk Analysis for Bi-agent Influence Diagrams”. XXXVI Congreso Nacional de Estadística...
    • SASTRY, S., CARDENAS, S., and AMIN, A.A. (2008). “Research Challenges for the Security of Control Systems”. Proceedings of the 3rd Conference...
    • SHACHTER, R.D. (1986). “Evaluating Influence Diagrams”. Operations Research Vol. 34, No. 6, pp 871-882.
    • THE COMMON CRITERIA RECOGNITION AGREEMENT MEMBERS (2009). Common Criteria for Information Technology Security Evaluation, Version 3.1 Release...
    • ZHUGE, J., HOLZ, T., SONG, C., GUO, J., HAN, X., and ZOU, W. (2009). “Studying Malicious Websites and the Underground Economy on the Chinese...
    • YAQOOB, I., AHMED, E., UR REHMAN, M.H., AHMED, A.I.A., AL-GARADI, M.A., IMRAN, M., and GUIZANI, M. (2017). “The Rise of Ransomware and Emerging...
    • WORLD ECONOMIC FORUM (2017). The Global Risks Report 2017. Geneva (Switzerland): World Economic Forum.
Fundación Dialnet

Mi Documat

Opciones de artículo

Opciones de compartir

Opciones de entorno