Daniel Woods scite author profile

Policy discussions often assume that wider adoption of cyber insurance will promote information security best practice. However, this depends on the process that applicants need to go through to apply for cyber insurance. A typical process would require an applicant to fill out a proposal form, which is a self-assessed questionnaire. In this paper, we examine 24 proposal forms, offered by insurers based in the UK and the US, to determine which security controls are present in the forms. Our aim is to establish whether the collection of security controls mentioned in the analysed forms corresponds to the controls defined in ISO/IEC 27002 and the CIS Critical Security Controls; these two control sets are generally held to be best practice. This work contains a novel research direction as we are the first to systematically analyse cyber insurance proposal forms. Our contributions include evidence regarding the assumption that the insurance industry will promote security best practice. To address the problem of adverse selection, we suggest the number of controls that proposal forms should include to be in alignment with the two information security frameworks. Finally, we discuss the incentives that could lead to this disparity between insurance practice and information security best practice, emphasising the importance of information security economics in studying cyber insurance.

show abstract

Policy measures and cyber insurance: a framework

Woods

Simpson

2017

Journal of Cyber Policy

View full text Add to dashboard Cite

The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there has been no consideration of the roles governments and the insurance industry should pursue in support of this public-private partnership. This paper rectifies this omission and presents a framework to help underpin such a partnership, giving particular consideration to possible government interventions that might affect the cyber insurance market. We have undertaken a qualitative analysis of reports published by policy-making institutions and organisations working in the cyber insurance domain; we have also conducted interviews with cyber insurance professionals. Together, these constitute a stakeholder analysis upon which we build our framework. In addition, we present a research roadmap to demonstrate how the ideas described might be taken forward.

show abstract

On the use of evanescent plane waves for low-frequency energy transmission across material interfaces

Woods

Bolton

Rhoads

2015

View full text Add to dashboard Cite

The transmission of airborne sound into high-impedance media is of interest in several applications. For example, sonic booms in the atmosphere may impact marine life when incident on the ocean surface, or affect the integrity of existing structures when incident on the ground. Transmission across high impedance-difference interfaces is generally limited by reflection and refraction at the surface, and by the critical angle criterion. However, spatially decaying incident waves, i.e., inhomogeneous or evanescent plane waves, may transmit energy above the critical angle, unlike homogeneous plane waves. The introduction of a decaying component to the incident trace wavenumber creates a nonzero propagating component of the transmitted normal wavenumber, so energy can be transmitted across the interface. A model of evanescent plane waves and their transmission across fluid-fluid and fluid-solid interfaces is developed here. Results are presented for both air-water and air-solid interfaces. The effects of the incident wave parameters (including the frequency, decay rate, and incidence angle) and the interfacial properties are investigated. Conditions for which there is no reflection at the air-solid interface, due to impedance matching between the incident and transmitted waves, are also considered and are found to yield substantial transmission increases over homogeneous incident waves.

show abstract

Incident Response as a Lawyers’ Service

Woods

Böhme

2022

IEEE Secur. Privacy

View full text Add to dashboard Cite

show abstract

SoK: Quantifying Cyber Risk

Woods

Böhme

2021

View full text Add to dashboard Cite

Does Insurance Have a Future in Governing Cybersecurity?

Woods

Moore

2020

IEEE Secur. Privacy

View full text Add to dashboard Cite

show abstract

Studies on the strength of adhesion of some common marine fouling diatoms

Woods

Fletcher

1991

Biofouling

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Daniel Woods

Measuring the Emergence of Consent Management on the Web

Mapping the coverage of security controls in cyber insurance proposal forms

Policy measures and cyber insurance: a framework

On the use of evanescent plane waves for low-frequency energy transmission across material interfaces

Incident Response as a Lawyers’ Service

SoK: Quantifying Cyber Risk

Does Insurance Have a Future in Governing Cybersecurity?

Studies on the strength of adhesion of some common marine fouling diatoms

Contact Info

Product

Resources

About