SEConomy: A Framework for the Economic Assessment of Cybersecurity

Rodrigues, Bruno; Franco, Muriel Figueredo; Parangi, Geetha; Stiller, Burkhard

doi:10.1007/978-3-030-36027-6_13

Cited by 11 publications

(7 citation statements)

References 15 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Initially, a literature review was conducted to identify the most common threats and challenges for SMEs. Next, an analysis of each of these threats' economic impacts has been conducted using the steps defined by the SEConomy framework, as proposed by Rodrigues et al (2019). Finally, state-of-the-art approaches, as mapped in Section 2, and key steps to reduce the risks and costs of executing cybersecurity projects (acquisition, training, operation) have been investigated.…”

Section: Methodsmentioning

confidence: 99%

A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises

Franco¹,

Lacerda

Stiller

2022

GeP

View full text Add to dashboard Cite

Investimentos adequados em cibersegurança continuam sendo um dos principais pilares para empresas que necessitam proteger seus negócios em uma era digital. Para isto, é essencial compreender os diferentes passos necessários para implementar uma estratégia adequada de cibersegurança, que pode ser vista como um projeto de cibersegurança a ser desenvolvido, implementado e operado por uma empresa. Este artigo propõe o SECProject, um framework que define e organiza as etapas técnicas e econômicas necessárias para o planejamento e implementação de uma estratégia de segurança cibernética econômica em Pequenas e Médias Empresas (PMEs). Como resultado, as etapas do SECProject permitem um planejamento guiado e organizado de cibersegurança que considera tanto elementos técnicos quanto econômicos necessários para uma proteção adequada. Isto ajuda até mesmo empresas sem experiência técnica a otimizar seus investimentos em segurança cibernética enquanto reduzem seus riscos comerciais devido a ciberataques. A fim de mostrar a viabilidade do framework proposta, foi realizado um estudo de caso dentro de uma PME suíça do setor farmacêutico, destacando as informações e artefatos necessários para o planejamento e implantação de estratégias de cibersegurança. Os resultados mostram os benefícios e a eficácia da gestão de riscos e custos como um elemento-chave durante o planejamento de projetos de cibersegurança, utilizando o framework SECProject como diretriz.

show abstract

Section: Methodsmentioning

confidence: 99%

A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises

Franco¹,

Lacerda

Stiller

2022

GeP

View full text Add to dashboard Cite

show abstract

“…A cyber insurance is offered for companies, governments, or individuals, who want to reduce or share financial risks of an attack and which shall cover costs for recovering from an incident [7]. Typically, the process of cyber insurance contract creation involves three main steps: (i) Risk identification, which is based on the identification of assets that can be affected by different threats [14], (ii) Risk analysis, which determines the likelihood of a threat and also its impact, and (iii) Contract establishment with a focus on coverage specifications and premium definition. With the increase of cyberattacks and their actual impacts, the cyber insurance market also has to evolve to handle different aspects, such as incomplete, asymmetric, or even insufficient data for pricing premiums and coverage, lack of regulations and standards, and the gap between cybersecurity and risk transfer [5].…”

Section: Background and Related Workmentioning

confidence: 99%

“…Predictions state that cybercrime will cost the world 10.5 trillion US$ annually by 2025, up from 3 trillion US$ in 2015, which represents the most significant transfer of economic wealth in history [9]. In this sense, to reduce the impact of successful attacks and to enable companies to recover faster and with less costs, different cybersecurity investment strategies have been investigated [14], in which one of the most prominent strategies includes cyber insurance coverage models [12]. Although the cyber insurance market is fast-paced and is under strong development [6], [7], cyber insurance approaches still have room to advance from a rarely used risk transfer tool to a critical requirement for companies risk management.…”

Section: Introductionmentioning

confidence: 99%

SaCI: A Blockchain-Based Cyber Insurance Approach for the Deployment and Management of a Contract Coverage

Franco

Berni

Scheid

et al. 2021

Economics of Grids, Clouds, Systems, and Services

Self Cite

View full text Add to dashboard Cite

The cyber insurance market is still in its infancy but growing fast. Novel models and standards for this particular insurance market are essential due to the use of modern IT (Information Technology) and since insurance providers need to create suitable models for customers. In this work, a refreshing approach SaCI for the deployment and management of contract coverage is introduced. SaCI translates relevant information of a cyber insurance contract to Smart Contracts (SC) running on the Blockchain (BC). Thus, SaCI (i) allows for recording agreements in an immutable way, (ii) simplifies interactions between stakeholders (e.g., customers and insurers), and (iii) ensures a trustworthy and transparent process during the life-cycle of the contract. A case study is provided to show evidence of the feasibility of the approach, which is backed by a cost analysis and discussion regarding especially the application of BCs.

show abstract

“…The adoption of efficient cybersecurity strategies in SMEs is challenging because of constraints mainly associated with the lack of a cybersecurity budget, unskilled human resources, and limited time allocated to cybersecurity planning [12]. This can lead to disastrous impacts on business, including financial losses due to cyberattacks, mitigation of costs, and inefficient management of protections [23]. From a humancentric perspective, simplifying the cybersecurity decisionmaking process requires clear and straightforward approaches for SMEs [22].…”

Section: Introductionmentioning

confidence: 99%

SecBot: a Business-Driven Conversational Agent for Cybersecurity Planning and Management

Franco

Rodrigues

Scheid

et al. 2020

2020 16th International Conference on Network and Service Management (CNSM)

Self Cite

View full text Add to dashboard Cite

Businesses were moving during the past decades to-ward full digital models, which made companies face new threatsand cyberattacks affecting their services and, consequently, theirprofits. To avoid negative impacts, companies' investments incybersecurity are increasing considerably. However, Small andMedium-sized Enterprises (SMEs) operate on small budgets,minimal technical expertise, and few personnel to address cy-bersecurity threats. In order to address such challenges, it isessential to promote novel approaches that can intuitively presentcybersecurity-related technical information.This paper introduces SecBot, a cybersecurity-driven conver-sational agent (i.e., chatbot) for the support of cybersecurityplanning and management. SecBot applies concepts of neuralnetworks and Natural Language Processing (NLP), to interactand extract information from a conversation. SecBot can(a)identify cyberattacks based on related symptoms,(b)indicatesolutions and configurations according to business demands,and(c)provide insightful information for the decision on cy-bersecurity investments and risks. A formal description hadbeen developed to describe states, transitions, a language, anda Proof-of-Concept (PoC) implementation. A case study and aperformance evaluation were conducted to provide evidence ofthe proposed solution's feasibility and accuracy

show abstract

SEConomy: A Framework for the Economic Assessment of Cybersecurity

Cited by 11 publications

References 15 publications

A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises

A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises

SaCI: A Blockchain-Based Cyber Insurance Approach for the Deployment and Management of a Contract Coverage

SecBot: a Business-Driven Conversational Agent for Cybersecurity Planning and Management

Contact Info

Product

Resources

About