相關主題
商品描述
Tackling the cybersecurity challenge is a matter of survival for society at large. Cyber attacks are rapidly increasing in sophistication and magnitude--and in their destructive potential. New threats emerge regularly, the last few years having seen a ransomware boom and distributed denial-of-service attacks leveraging the Internet of Things.
For organisations, the use of cybersecurity risk management is essential in order to manage these threats. Yet current frameworks have drawbacks which can lead to the suboptimal allocation of cybersecurity resources. Cyber insurance has been touted as part of the solution - based on the idea that insurers can incentivize companies to improve their cybersecurity by offering premium discounts - but cyber insurance levels remain limited. This is because companies have difficulty determining which cyber insurance products to purchase, and insurance companies struggle to accurately assess cyber risk and thus develop cyber insurance products.
To deal with these challenges, this volume presents new models for cybersecurity risk management, partly based on the use of cyber insurance. It contains:
- A set of mathematical models for cybersecurity risk management, including (i) a model to assist companies in determining their optimal budget allocation between security products and cyber insurance and (ii) a model to assist insurers in designing cyber insurance products.
- The models use adversarial risk analysis to account for the behavior of threat actors (as well as the behavior of companies and insurers).
- To inform these models, we draw on psychological and behavioural economics studies of decision-making by individuals regarding cybersecurity and cyber insurance.
- We also draw on organizational decision-making studies involving cybersecurity and cyber insurance.
Its theoretical and methodological findings will appeal to researchers across a wide range of cybersecurity-related disciplines including risk and decision analysis, analytics, technology management, actuarial sciences, behavioural sciences, and economics. The practical findings will help cybersecurity professionals and insurers enhance cybersecurity and cyber insurance, thus benefiting society as a whole.
This book grew out of a two-year European Union-funded project under Horizons 2020, called CYBECO (Supporting Cyber Insurance from a Behavioral Choice Perspective).
商品描述(中文翻譯)
處理網路安全挑戰對整個社會而言是生存的問題。網路攻擊的複雜性和規模正在迅速增加——以及其破壞潛力。新的威脅定期出現,過去幾年見證了勒索病毒的興起和利用物聯網的分散式拒絕服務攻擊。
對於組織而言,使用網路安全風險管理是管理這些威脅的必要措施。然而,當前的框架存在缺陷,可能導致網路安全資源的次優配置。網路保險被視為解決方案的一部分——基於保險公司可以通過提供保費折扣來激勵公司改善其網路安全的想法——但網路保險的覆蓋程度仍然有限。這是因為公司在確定購買哪些網路保險產品時面臨困難,而保險公司則難以準確評估網路風險,從而開發網路保險產品。
為了應對這些挑戰,本書提出了新的網路安全風險管理模型,部分基於網路保險的使用。內容包括:
- 一組用於網路安全風險管理的數學模型,包括 (i) 一個幫助公司確定其在安全產品和網路保險之間的最佳預算分配的模型,以及 (ii) 一個幫助保險公司設計網路保險產品的模型。
- 這些模型使用對抗風險分析來考慮威脅行為者的行為(以及公司和保險公司的行為)。
- 為了支持這些模型,我們借鑒了有關個體在網路安全和網路保險方面的決策的心理學和行為經濟學研究。
- 我們還借鑒了涉及網路安全和網路保險的組織決策研究。
其理論和方法論的發現將吸引廣泛的網路安全相關學科的研究人員,包括風險和決策分析、分析學、技術管理、精算科學、行為科學和經濟學。實踐發現將幫助網路安全專業人士和保險公司增強網路安全和網路保險,從而使整個社會受益。
本書源於一個為期兩年的歐盟資助項目,名為CYBECO(從行為選擇的角度支持網路保險),該項目隸屬於Horizons 2020。
作者簡介
David Ríos Insua is AXA-ICMAT Chair in Adversarial Risk Analysis and a Member of the Spanish Royal Academy of Sciences.
Caroline Baylon is Security Research and Innovation Lead at AXA and a Research Affiliate at the Centre for the Study of Existential Risk, University of Cambridge.
Jose Vila is Scientific Director at DevStat and Associate Professor of Behavioural Economics at the University of Valencia.
作者簡介(中文翻譯)
David Ríos Insua 是 AXA-ICMAT 對抗風險分析的講座教授,也是西班牙皇家科學院的成員。
Caroline Baylon 是 AXA 的安全研究與創新負責人,同時也是劍橋大學存在風險研究中心的研究夥伴。
Jose Vila 是 DevStat 的科學主任,並且是瓦倫西亞大學行為經濟學的副教授。
