Modeling Privacy Insurance Contracts and Their Utilization in Risk Management for ICT Firms

Yannacopoulos, A. N.; Lambrinoudakis, Costas; Gritzalis, Stefanos; Xanthopoulos, S. Z.; Katsikas, Sokratis

doi:10.1007/978-3-540-88313-5_14

Cited by 8 publications

(5 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A typical period of non-life insurance is one year [80,111,112]. Thus, in case of life insurance, it is enough to consider only the probability of occurrence (e.g., pr i ), while for non-life insurance it is required to nd a rate of occurrences RO i , i.e., a number of incident occurrences in a considered period of time t. Although, cyber-insurance is clearly a non-life insurance the available state of the art literature on the topic considers only a single event in an observed period, i.e., using pr i instead of RO i (with few exceptions, e.g., [113,114,115]). Instead, for complete non-life insurance fair premium estimation the following formula should be used:…”

Section: Life Vs Non-life Insurancementioning

confidence: 99%

“…The main problem studied was the optimal allocation of expenditures by the customer to secure or/and insure arrived packets. A. Yannacopoulos et al,[115] used the random utility model for assessing the possible claimed compensation of one individual and several models for estimating the number of claims (using Poisson distribution, renewal process, mixed Poisson distribution, etc.). The union of these models allowed the authors to compute how much would an individual claim as compensation.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Cyber-insurance survey

Marotta

Martinelli

Nanni³

et al. 2017

Computer Science Review

172

125

View full text Add to dashboard Cite

Section: Life Vs Non-life Insurancementioning

confidence: 99%

mentioning

confidence: 99%

Cyber-insurance survey

Marotta

Martinelli

Nanni³

et al. 2017

Computer Science Review

172

125

View full text Add to dashboard Cite

“…SMTP (25), FTP commands (21) and FTP responses (22) all have relatively high entropy. The reason for this may be that compressed binaries or email attachments influence the data.…”

Section: Methodsmentioning

confidence: 99%

“…A third possibility is to manually define opinions about privacy sensitivity based on expert knowledge. Other potential indicators may be based on actuarial risk models for evaluating the economical risk involved in privacy leakages that can be transformed into Subjective Logic based privacy risk opinions [25]. Subjective Logic based opinions could also be derived from legal requirements or evidential reasoning [10].…”

Section: A Brief Introduction To Subjective Logicmentioning

confidence: 99%

A Composite Privacy Leakage Indicator

Ulltveit-Moe

Oleshchuk

2011

Wireless Pers Commun

View full text Add to dashboard Cite

This paper proposes a Subjective Logic based composite privacy leakage metric that both takes into account the amount of information leakage and also that information with high entropy in some cases may be considered encrypted. It is furthermore shown both analytically and experimentally that Min-entropy is considered better than Shannon, Rényi or Max entropy for identifying encrypted content for the composite metric. This is in particular useful for implementing privacy-enhanced Intrusion Detection Systems (IDS), where sampled encrypted traffic can be considered to have low risk of revealing sensitive information. The combined metric can be used in a Policy Enforcement Point that acts as a proxy/anonymiser in order to to reduce the leakage of private or sensitive information from the IDS sensors to an outsourced Managed Security Service provider. Although the composite privacy indicator is IDS specific, the authorisation architecture is general, and may also be useful for anonymising or pseusonymising sensitive information from or to other types of sensors that need to be exposed to the Internet. The solution is based on the eXtensible Access Control Markup Language policy language extended with support for Subjective Logic, in order to provide a method for expressing fine-grained access control policies that are based on uncertain evidences.

show abstract

“…For instance, Gordon et al (Gordon, Loeb, & Sohail, 2003) and Wang (Wang, 2017) provide frameworks for cyber risk management, where insurance is one of the means for risk reduction. Yannacopoulos et al (Yannacopoulos, Lambrinoudakis, Gritzalis, Xanthopoulos, & Katsikas, 2008) discuss the level of coverage a firm should consider for privacy breaches given that the premium levels are set. Grossklags et al (Grossklags, Christin, & Chuang, 2008) use gametheoretic models for shifting between investments in protection and selfinsurance.…”

Section: Introductionmentioning

confidence: 99%

When to Treat Security Risks with Cyber Insurance

Meland¹,

Seehusen²

2018

IJCSA

View full text Add to dashboard Cite

Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.

show abstract

Modeling Privacy Insurance Contracts and Their Utilization in Risk Management for ICT Firms

Cited by 8 publications

References 14 publications

Cyber-insurance survey

Cyber-insurance survey

A Composite Privacy Leakage Indicator

When to Treat Security Risks with Cyber Insurance

Contact Info

Product

Resources

About