何时用网络保险来处理安全风险

2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI:10.1109/CyberSA.2018.8551456

P. H. Meland, Fredrik Seehusen

{"title":"何时用网络保险来处理安全风险","authors":"P. H. Meland, Fredrik Seehusen","doi":"10.1109/CyberSA.2018.8551456","DOIUrl":null,"url":null,"abstract":"Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"When to Treat Security Risks with Cyber Insurance\",\"authors\":\"P. H. Meland, Fredrik Seehusen\",\"doi\":\"10.1109/CyberSA.2018.8551456\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.\",\"PeriodicalId\":352813,\"journal\":{\"name\":\"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2018.8551456\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2018.8551456","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

对于许多组织来说，通过网络保险将安全风险转移给第三方是一个陌生的竞争环境，因此许多组织对进行此类投资犹豫不决。事实上，在确定风险处理方案时，普遍需要负担得起和实用的方法来进行风险量化。为了解决这一问题，我们提出了一种轻量级的、数据驱动的方法，供组织评估自己对网络保险的需求。使用一个通用的风险模型，填充可用的行业平均值，作为起点。单个组织可以实例化此模型，以获得与相关网络威胁相关的自身风险概况。然后将风险概况与网络保险概况一起使用，以估计收益，并作为比较不同保险提供商报价的基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

When to Treat Security Risks with Cyber Insurance

Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)

自引率

0.00%

发文量