Losses due to cyber security incidents could be very significant for organisations. This fact forces managers to consider cyber security risks at the highest management level. Cyber risks are usually either mitigated by technical means (countermeasures) or transferred to another party (i.e., insurer). Both options require significant investments and organisations face the problem of optimal distribution of cyber security budget between these risk treatment options. In this paper, we propose an approach for optimal distribution of investments between self-protection and cyber insurance. The key difference of our paper with respect to others in the field is that our model helps to identify the required security controls, rather than implicitly assuming a relation between security investments, security configuration and expected probability of attack. Our approach exploits a discrete model of investment in self-protection, which is more challenging for analysis but is more realistic and convenient for the application. Our model further considers several threats and allows threats to occur more than once.

Optimal security configuration for cyber insurance / Martinelli, F.; Uuganbayar, Ganbayar; Yautsiukhin, A.. - 529:(2018), pp. 187-200. ((Intervento presentato al convegno IFIP SEC tenutosi a Poland nel Sep-2019 [10.1007/978-3-319-99828-2_14].

Optimal security configuration for cyber insurance

Uuganbayar G.;Yautsiukhin A.
2018

Abstract

Losses due to cyber security incidents could be very significant for organisations. This fact forces managers to consider cyber security risks at the highest management level. Cyber risks are usually either mitigated by technical means (countermeasures) or transferred to another party (i.e., insurer). Both options require significant investments and organisations face the problem of optimal distribution of cyber security budget between these risk treatment options. In this paper, we propose an approach for optimal distribution of investments between self-protection and cyber insurance. The key difference of our paper with respect to others in the field is that our model helps to identify the required security controls, rather than implicitly assuming a relation between security investments, security configuration and expected probability of attack. Our approach exploits a discrete model of investment in self-protection, which is more challenging for analysis but is more realistic and convenient for the application. Our model further considers several threats and allows threats to occur more than once.
IFIP Advances in Information and Communication Technology
Poland
Springer
978-3-319-99827-5
978-3-319-99828-2
Martinelli, F.; Uuganbayar, Ganbayar; Yautsiukhin, A.
Optimal security configuration for cyber insurance / Martinelli, F.; Uuganbayar, Ganbayar; Yautsiukhin, A.. - 529:(2018), pp. 187-200. ((Intervento presentato al convegno IFIP SEC tenutosi a Poland nel Sep-2019 [10.1007/978-3-319-99828-2_14].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11572/295870
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? ND
social impact