Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance

被引：13

作者：

Tosh, Deepak K. ^{[1
]}

Shetty, Sachin ^{[2
]}

Sengupta, Shamik ^{[3
]}

Kesan, Jay P. ^{[4
]}

Kamhoua, Charles A. ^{[5
]}

机构：

[1] Norfolk State Univ, Dept Comp Sci, Norfolk, VA 23504 USA

[2] Old Dominion Univ, Virginia Modeling Anal & Simulat Ctr, Norfolk, VA 23529 USA

[3] Univ Nevada, Dept Comp Sci & Engn, Reno, NV 89557 USA

[4] Univ Illinois, Coll Law, Urbana, IL USA

[5] Air Force Res Lab, Cyber Assurance Branch, Rome, NY USA

来源：

GAME THEORY FOR NETWORKS (GAMENETS 2017) | 2017年 / 212卷

基金：

美国国家科学基金会;

关键词：

Cybersecurity information sharing; Cyber-insurance; Cyber-threat intelligence; Cyber Security Information Sharing Act (CISA);

D O I：

10.1007/978-3-319-67540-4_14

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Critical infrastructure systems spanning from transportation to nuclear operations are vulnerable to cyber attacks. Cyber-insurance and cyber-threat information sharing are two prominent mechanisms to defend cybersecurity issues proactively. However, standardization and realization of these choices have many bottlenecks. In this paper, we discuss the benefits and importance of cybersecurity information sharing and cyber-insurance in the current cyber-warfare situation. We model a standard game theoretic participation model for cybersecurity information exchange (CYBEX) and discuss the applicability of economic tools in addressing important issues related to CYBEX and cyber-insurance. We also pose several open research challenges, which need to be addressed for developing a robust cyber-risk management capability.

引用

页码：154 / 164

页数：11

共 20 条

[1] The economics of information security
Anderson, Ross
Moore, Tyler
[J]. SCIENCE, 2006, 314 (5799) : 610 - 613
[2] [Anonymous], 2003, Journal of Accounting and Public Policy, DOI [10.1016/j.jaccpubpol.2003.09.001, DOI 10.1016/J.JACCPUBPOL.2003.09.001]
[3] Decision-theoretic and game-theoretic approaches to IT security investment
Cavusoglu, Huseyin
Raghunathan, Srinivasan
Yue, Wei T.
[J]. JOURNAL OF MANAGEMENT INFORMATION SYSTEMS, 2008, 25 (02) : 281 - 304
[4] Dandurand L, 2013, INT CONF CYBER CONFL
[5] PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing
de Fuentes, Jose M.
Gonzalez-Manzano, Lorena
Tapiador, Juan
Peris-Lopez, Pedro
[J]. COMPUTERS & SECURITY, 2017, 69 : 127 - 141
[6] diaeresis> B ohme<spacing, 2010, WEIS
[7] Fischer E.A., 2013, The 2013 cybersecurity executive order: Overview and considerations for congress
[8] Gal-Or E, 2004, ADV INF SEC, V12, P95
[9] Grossklags Jens., 2008, PROCEEDING 17 INT C, P209
[10] Hausken Kjell, 2015, JISTEM J.Inf.Syst. Technol. Manag., V12, P245

← 1 2 →