Post-incident audits on cyber insurance discounts

Panda, Sakshyam; Woods, Daniel; Lászka, Áron; Fielder, Andrew; Panaousis, Emmanouil

doi:10.1016/j.cose.2019.101593

Cited by 13 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is evident from the results that the risk to occupants increases with an increase in several smart devices in the home. Such insights on the level of risk could assist cyber insurers inappropriately profiling home occupants and designing custom insurance policy packages [36]- [38] with premium discounts [39]. To understand the impact of knowledge and time required to implement controls on a user group, we extend our analysis by considering the budget required to improve a level of time or knowledge i.e, from low to medium and medium to a high level.…”

Section: Discussionmentioning

confidence: 99%

Optimising user security recommendations for AI-powered smart-homes

Scott

Panda

Loukas

et al. 2022

2022 IEEE Conference on Dependable and Secure Computing (DSC)

View full text Add to dashboard Cite

Research in the context of user awareness has shown that smart-home occupants often lack cybersecurity awareness even when it comes to frequently used technologies such as online social networks and email. To cope with the risks, smart-homes must be equipped with adequate cybersecurity measures besides the knowledge and time required by smarthome occupants to implement security measures. In this paper, we explore potential threats in AI-powered smart-homes and identify a list of cybersecurity controls required to mitigate their potential impact considering attack vectors, as well as the time and knowledge required to implement a control. We use optimisation to identify the best set of controls to minimise the risk exposure considering these metrics. Our comparative analysis against a random selection approach highlight that our approach is at least 25% better at minimising risk. Finally, we show how improved knowledge or time impacts the risk.

show abstract

Section: Discussionmentioning

confidence: 99%

Optimising user security recommendations for AI-powered smart-homes

Scott

Panda

Loukas

et al. 2022

2022 IEEE Conference on Dependable and Secure Computing (DSC)

View full text Add to dashboard Cite

show abstract

“…Existing work on cyber risk management has covered specific aspects such as cyber security culture, awareness and training [28,38], the impact and mitigation of cyber-attacks [7,25,33] and the cyber risk management process [5,32]. Organisations must implement effective cyber risk management practices aligned with their business objectives through protection [4,6,24,29,36], mitigation [7,16,28] and insurance [5,26,30] to contain the cyber risk and exposure. Risk management is a continuous process that must acknowledge the changing internal and external environment of the organisation.…”

Section: Introductionmentioning

confidence: 99%

MITRE ATT&CK-driven Cyber Risk Assessment

Ahmed

Panda

Xenakis

et al. 2022

Proceedings of the 17th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Assessing the risk posed by Advanced Cyber Threats (APTs) is challenging without understanding the methods and tactics adversaries use to attack an organisation. The MITRE ATT&CK provides information on the motivation, capabilities, interests and tactics, techniques and procedures (TTPs) used by threat actors. In this paper, we leverage these characteristics of threat actors to support informed cyber risk characterisation and assessment. In particular, we utilise the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack. We further identify attack paths with the highest likelihood of success considering the techniques and procedures of a threat actor. The assessment is supported by a case study of a health care organisation to identify the level of risk against two adversary groups-Lazarus and menuPass.

show abstract

“…On the other hand, one of the most pressing issues that organizations face nowadays is to manage cyber risks, which involves protection [2,3,11,17,27,34], mitigation [4,12,26,30] and insurance [10,24,28]. The most common reason that hinders this process is the limited budget.…”

Section: Introductionmentioning

confidence: 99%

GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments

Kalderemidis

Farao

Bountakas

et al. 2022

Proceedings of the 17th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Investments on cybersecurity are essential for organizations to protect operational activities, develop trust relationships with clients, and maintain financial stability. A cybersecurity breach can lead to financial losses as well as to damage the reputation of an organization. Protecting an organization from cyber attacks demands considerable investments; however, it is known that organisations unequally divide their budget between cybersecurity and other technological needs. Organizations must consider cybersecurity measures, including but not limited to security controls, in their cybersecurity investment plans. Nevertheless, designing an effective cybersecurity investment plan to optimally distribute the cybersecurity budget is a primary concern.This paper presents GTM, a methodology depicted as a tool dedicated to providing optimal cybersecurity defense strategies and investment plans. GTM utilizes attack graphs to predict all possible cyber attacks, game theory to simulate the cyber attacks and 0-1 Knapsack to optimally allocate the budget. The output of GTM is an optimal cybersecurity strategy that includes security controls to protect the organisation against potential cyber attacks and enhance its cyber defenses. Furthermore, GTM's effectiveness is evaluated against three use cases and compared against different attacker types under various scenarios.

show abstract

Post-incident audits on cyber insurance discounts

Cited by 13 publications

References 22 publications

Optimising user security recommendations for AI-powered smart-homes

Optimising user security recommendations for AI-powered smart-homes

MITRE ATT&CK-driven Cyber Risk Assessment

GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments

Contact Info

Product

Resources

About