Abstract
In the current globalisation framework where electronic transactions and data sharing is a common activity, cyber-risks analysis, protection and avoidance have become a key aspect which must be book and prioritised on the business agenda in companies. Nevertheless, this issue is difficult to analyse given the dimension of the problem and the company units and individuals and infrastructures which are involved. In consequence, cyber-insurance is considered as the appropriate mean to avoid financial losses caused by information technologies infrastructures and procedures security breaches. This paper analyses and describes how costumers and their cyber-risks should be assessed by an insurance company in order to establish the company status and implement the required actions to fix the issue. This work describes the three phases required to complete a full cyber-risk assessment and the risks evaluation. Furthermore, the paper highlights the resources that the insurer should keep in its road-map to implement the risk assessment and, thus, to determine the company insurability, and the requirements to reach such condition. After the risk analysis completion at the customer’s premises, it must be evaluated subsequently at all levels. Among other factors, this evaluation is based on 63 question criteria. In the risk assessment criteria weights are not uniformly distributed and weighting is applied according to the relevance. In particular, criteria that should receive a special attention are referred to as showstoppers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aguilar, L.A.: Boards of directors, corporate governance and cyber-risks: sharpening the focus (2014). https://www.sec.gov/news/speech/2014-spch061014laa
Anderson, R.: Why information security is hard - an economic perspective. In: Seventeenth Annual Computer Security Applications Conference, pp. 358–365 (2001). https://doi.org/10.1109/ACSAC.2001.991552
BSI: Bundesamt für sicherheit in der informationstechnik (BSI), 2017. leitfaden zur basis-absicherung nach IT-Grundschutz (2017). https://www.bsi.bund.de
Allianz Global Corporate & Specialty: Allianz risk barometer (2016). http://www.agcs.allianz.com/insights/white-papers-and-case-studies/allianz-risk-barometer-2016
COSO: The committee of sponsoring organizations of the treadway commission (1992). https://www.coso.org/Pages/erm-integratedframework.aspx
Eckert, C.: Concepts, Procedures and Protocols, DE GRUYTER OLDENBOURG (2014)
Foreman, P.: Vulnerability Management. CRC Press, Boca Raton (2009)
ISACA: Cobit 5 framework (2012). https://www.isaca.org/COBIT/Pages/COBIT-5-Framework-product-page.aspx
ISO: ISO/IEC 20000–1. Information technology – service management (2011). https://www.iso.org/standard/51986.html
ISO: ISO/IEC 27001: Information technology - security techniques - information security management systems – requirements (2013). https://www.iso.org/standard/54534.html
NIST: NIST 800–45: Guideline on electronic mail security (2007). https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-45ver2.pdf
NIST: NIST 800–123: Guide to general server security (2008). https://nvlpubs.nist.gov/ nistpubs/ legacy/sp/nistspecialpublication800-123.pdf
NIST: NIST 500–291: NIST cloud computing standards roadmap (2013). https://www.nist.gov/publications/nist-sp-500-291-nist-cloud-computing-standards-roadmap
NIST: NIST 800–40: Guide to enterprise patch management technologies (2013). https://csrc.nist.gov/publications/detail/sp/800-40/rev-3/final
NIST: NIST 800–53: Security and privacy controls for federal information systems and organizations (2013). https://nvd.nist.gov/800-53
PCI Security Standards Council: Data security standard (2016). https://cayan.com/getattachment/Developers/Knowledge-Base/Documents-Samples/PCI-Documents/PCI-DSS-v3-2-AOC-Cayan-FINAL2.pdf
Rausand, M., Høyland, A.: System Reliability Theory: Models, Statistical Methods, and Applications, Second Edition. Wiley, Hoboken (2004). https://doi.org/10.1002/9780470316900
Rausand, M.: Risk Assessment: Theory, Methods, and Applications. Wiley, New York (2011)
Rolski, T., Schmidli, H., Schmidt, V., Teugels, J.: Stochastic processes for insurance and finance, p. 68 (2001)
Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodolgy. In: Proceedings of the 1998 Workshop on New Security Paradigms, NSPW 1998, pp. 2–10. ACM, New York (1998). https://doi.org/10.1145/310889.310900
Turner II, B.L., et al.: Science and technology for sustainable development special feature: a framework for vulnerability analysis in sustainability science. Proc. Natl. Acad Sci. 100, 8074–8079 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Bartolini, D.N., Benavente-Peces, C., Ahrens, A. (2019). Using Risk Assessments to Assess Insurability in the Context of Cyber Insurance. In: Obaidat, M., Cabello, E. (eds) E-Business and Telecommunications. ICETE 2017. Communications in Computer and Information Science, vol 990. Springer, Cham. https://doi.org/10.1007/978-3-030-11039-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-11039-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11038-3
Online ISBN: 978-3-030-11039-0
eBook Packages: Computer ScienceComputer Science (R0)