A Comprehensive Model for Cyber Risk Based on Marked Point Processes and Its Application to Insurance

Zeller, Gabriela; Scherer, Matthias

doi:10.2139/ssrn.3668228

Cited by 3 publications

(2 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For his part, proposes a modeling of the cybersecurity system for the rapid development of the computerization process and refers to a comprehensive model for cyber risk by proposing a new approach to model cyber risk using marked point processes [76]. By this, the key co-variable is identified, resulting in the ability to detect non-redirected and targeted malicious attacks, as well as accidents and failures.…”

Section: Rq3: What Kind Of It Security Policies Are Applied In the Bu...mentioning

confidence: 99%

Enterprise information security risks: a systematic review of the literature

Sandoval¹,

Celis

Cabanillas-Carbonell

2023

IJEECS

View full text Add to dashboard Cite

Currently, computer security or cybersecurity is a relevant aspect in the area of networks and communications of a company, therefore, it is important to know the risks and computer security policies that allow a unified management of cyber threats that only seek to affect the reputation or profit from the confidential information of organizations in the business sector. The objective of the research is to conduct a systematic review of the literature through articles published in databases such as Scopus and Dimension. Thus, in order to perform a complete documentary analysis, inclusion and exclusion criteria were applied to evaluate the quality of each article. Then, using a quantitative scale, articles were filtered according to author, period and country of publication, leaving a total of 86 articles from both databases. The methodology used was the one proposed by Kitchenham, and the conclusion reached was that the vast majority of companies do not make a major investment in the purchase of equipment and improvement of information technology (IT) infrastructure, exposing themselves to cyber-attacks that continue to grow every day. This research provides an opportunity for researchers, companies and entrepreneurs to consult so that they can protect their organization's most important assets.

show abstract

Section: Rq3: What Kind Of It Security Policies Are Applied In the Bu...mentioning

confidence: 99%

Enterprise information security risks: a systematic review of the literature

Sandoval¹,

Celis

Cabanillas-Carbonell

2023

IJEECS

View full text Add to dashboard Cite

show abstract

“…Given the negative externality known from other real life situations, Öğüt et al (2011) show that this desired interaction in a “cybersecurity risk management” process breaks down under these conditions resulting in firms investing less than socially optimal in risk mitigation and insurance. Even after decades of calls for computer security to move beyond just technical measures (Madnick, 1978), the technical side still dominates the management aspect and lacks an economic view of information security (Alshaikh et al, 2014; Cannoy et al, 2006; Ganin et al, 2020; Siponen & Willison, 2007; Zeller & Scherer, 2020).…”

Section: Cyber Risk Management: Origins and Historical Developmentmentioning

confidence: 99%

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

View full text Add to dashboard Cite

Cybersecurity research started in the late 1960s and has continuously evolved under different names such as computer security and information security. This article briefly covers that history but will especially focus on the latest incarnation known as "cyber risk management," which includes both technical and economic/management dimensions. The main focus of the article is to review research on individual steps of the cyber risk management process and on the overall process to highlight gaps and determine research directions. Two main findings are that cyber risk is difficult to include in the overall enterprise risk management process and that a move toward cyber resilience is necessary to deal with such a complex risk. Both findings require a level of interdisciplinary collaboration that is currently lacking.

show abstract