Nowadays, cyber threats are considered among the most dangerous risks by top management of enterprises. One way to deal with these risks is to insure them, but cyber insurance is still quite expensive. The insurance fee can be reduced if organisations improve their cyber security protection, i.e., reducing the insured risk. In other words, organisations need an investment strategy to decide the optimal amount of investments into cyber insurance and self-protection. In this work, we propose an approach to help a risk-averse organisation to distribute its cyber security investments in a cost-efficient way. What makes our approach unique is that next to defining the amount of investments in cyber insurance and self-protection, our proposal also explicitly defines how these investments should be spent by selecting the most cost-efficient security controls. Moreover, we provide an exact algorithm for the control selection problem considering several threats at the same time and compare this algorithm with other approximate algorithmic solutions.

Optimisation of cyber insurance coverage with selection of cost effective security controls / Uuganbayar, Ganbayar; Yautsiukhin, A.; Martinelli, F.; Massacci, F.. - In: COMPUTERS & SECURITY. - ISSN 0167-4048. - 101:(2021), pp. 10212101-10212121. [10.1016/j.cose.2020.102121]

Optimisation of cyber insurance coverage with selection of cost effective security controls

Uuganbayar G.;Yautsiukhin A.;Massacci F.
2021-01-01

Abstract

Nowadays, cyber threats are considered among the most dangerous risks by top management of enterprises. One way to deal with these risks is to insure them, but cyber insurance is still quite expensive. The insurance fee can be reduced if organisations improve their cyber security protection, i.e., reducing the insured risk. In other words, organisations need an investment strategy to decide the optimal amount of investments into cyber insurance and self-protection. In this work, we propose an approach to help a risk-averse organisation to distribute its cyber security investments in a cost-efficient way. What makes our approach unique is that next to defining the amount of investments in cyber insurance and self-protection, our proposal also explicitly defines how these investments should be spent by selecting the most cost-efficient security controls. Moreover, we provide an exact algorithm for the control selection problem considering several threats at the same time and compare this algorithm with other approximate algorithmic solutions.
2021
Uuganbayar, Ganbayar; Yautsiukhin, A.; Martinelli, F.; Massacci, F.
Optimisation of cyber insurance coverage with selection of cost effective security controls / Uuganbayar, Ganbayar; Yautsiukhin, A.; Martinelli, F.; Massacci, F.. - In: COMPUTERS & SECURITY. - ISSN 0167-4048. - 101:(2021), pp. 10212101-10212121. [10.1016/j.cose.2020.102121]
File in questo prodotto:
File Dimensione Formato  
1-s2.0-S0167404820303941-main.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.66 MB
Formato Adobe PDF
1.66 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/342526
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 14
  • ???jsp.display-item.citation.isi??? 10
social impact