Components and challenges of integrated cyber risk management

Baer, W.S., Parkinson, A.: Cyber insurance in IT security management. IEEE. Secur. Priv. 5(3), 50–56 (2007)

Behrends, J.: Cyber-Versicherungen haben eine große Zukunft. Versicherungswirtschaft. 2, 24–25 (2013)

Behrends, J.: (2014): Die Cyber-Versicherung: Unerlässlicher Teil eines effektiven Risikomanagements, I.VW Management-Information, St. Galler Trendmonitor für Risiko- und Finanzmärkte, 01/2014: 13–16

Biener, C., Eling, M., Wirfs, J.H.: Insurability of cyber risk: An empirical analysis. Geneva. Pap. Risk. Ins. 40, 131–158 (2015a)

Biener, C., Eling, M., Matt, A., Wirfs, J.H.: Cyber Risk: Risikomanagement und Versicherbarkeit, I-VW HSG Schriftenreihe, Bd. 54 (2015b)

Böhme, R.: Cyber-Insurance Revisited, Fourth Workshop on the Economics of Information Security (WEIS). Kennedy School of Government, Cambridge (2005)

Böhme, R., Kataria, G.: Models and Measures for Correlation in Cyber-Insurance, Proc. of Workshop on the Economics of Information Security (WEIS), University of Cambridge, UK (2006)

Brenner, M., Gentschen Felde, N., Hommel, W., Metzger, S., Reiser, H., Schaaf, T.: Praxisbuch ISO/IEC 27001. Hanser Verlag, München (2011)

Cabinet Office: The UK cyber security strategy. Protecting and promoting the UK in a digital world. https://www.gov.uk (2011). Accessed 01 July 2014

Campbell, K., Gordon, L.A., Loeb, M.P., Zhou, L.: The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. J. Comput. Secur. 11(3), 431–448 (2003)

Cavusoglu, H., Mishra, B., Raghunathan, S.: A model for evaluating IT security investments. Commun. ACM. 47(7), 87–92 (2004a)

Cavusoglu, H., Mishra, B., Raghunathan, S.: The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. Int. J. Electron. Comm. 9(1), 69–104 (2004b)

Cebula, J.J., Young, L.R.: A Taxonomy of Operational Cyber Security Risks, Software Engineering Institute, Carnegie Mellon University (2010)

Choudhry, U.: Der Cyber-Versicherungsmarkt in Deutschland, Eine Einführung. Springer Gabler Verlag, Wiesbaden (2014)

COBIT: COBIT 5. A business framework for the governance and management of enterprise IT. http://www.isaca.org (2012). Accessed 12 July 2014

Dinger, J., Hartenstein, H.: Netzwerk- und IT-Sicherheitsmanagement. Universitätsverlag Karlsruhe, Karlsruhe (2008)

Dowdy, J.: The Cyber security Threat to U.S. Growth and Prosperity, in: Securing Cyberspace: A New Domain for National Security (eds. Burns, N., and Price, J.), Aspen Strategy Group. http://www.aspeninstitute.org/ (2012). Accessed 02 Feb 2014

European Commission: General data protection regulation. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0011:FIN:EN:PDF (2012). Accessed 10 July 2013

Fernandez, J.D., Fernandez, A.E.: SCADA systems: Vulnerabilities and remediation. Journal. Comput. Sci. Coll. 20(4), 160–168 (2005)

Francis, T.: Managing cyber risk: The Trifecta. Am. Agent. Brok. 85(8), 28 (2013)

German Federal Ministry of the Interior (BMI): http://www.bmi.bund.de (2014). Accessed 03 Sept 2014

German Federal Office for Information Security (BSI): https://www.bsi.bund.de/ (2012). Accessed 07 April 2014

Gibson, D.: Managing Risk in Information Systems. Jones & Bartlett Learning, Sudbury (2010)

Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. 5(4), 438–457 (2002)

Gordon, L.A., Loeb, M.P., Sohail, T.: A framework for using insurance for cyber-risk management. Commun. ACM. 46(3), 81–85 (2003)

Haas, A., Hofmann, A.: Risiken aus der Nutzung von Cloud-Computing-Diensten: Fragen des Risikomanagements und Aspekte der Versicherbarkeit. Zeitschrift für die gesamte Versicherungswissenschaft. 103(4), 377–407 (2014)

Herath, H.S.B., Herath, T.C.: Copula-based actuarial model for pricing cyber-insurance policies. Insur. Mark. Co.: Anal. Actuar. Comput. 2(1), 7–20 (2011)

Hovay, A., D’Arcy, J.: The impact of denial-of-service attack announcements on the market value of firms. Risk. Manage.Insur. Rev. 6(2), 97–121 (2003)

Hult, F., Sivanesan, G.: Introducing cyber. J. Bus. Contin. Emer. Plan. 7(2), 97–102 (2013)

Kersten, H., Reuter, J., Schröder, K.-W.: IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz, 4th edn. Springer Vieweg Verlag, Wiesbaden (2013)

Lenz, S.: Vulnerabilität Kritischer Infrastrukturen. Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (2009)

Luzwick, P.: If most of your revenue is from e-commerce, then cyber-insurance makes sense. Comput. Fraud. Secur. 2001(3), 16–17 (2001)

Marsh: Cyber-Risiken. Marktentwicklung & Risikomanagement, Frankfurt. http://www.lloyds.com (2014). Accessed 05 July 2014

Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A., Sadhukhan, S.K.: Cyber-risk decision models: To insure IT or not? Decis. Support. Syst. (2013) (forthcoming)

Munich Re: (2012): Cyberrisiken. Herausforderungen, Strategien und Lösungen für Versicherer, Knowledge Series. Technology, Engineering and Risks

National Institute of Standards and Technology (NIST): Glossary of key information security terms. http://www.nist.gov (2013). Accessed 05 July 2014

Öğüt, H., Raghunathan, S., Menon, N.: Cyber security risk management: Public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection. Risk. Anal. 31(3), 497–512 (2011)

Posthumus, S., von Solms, R.: A Framework for the governance of information security. Comput. Secur.. 23, 638–646 (2004)

Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, understanding, and analyzing critical infrastructure interdependencies. Control. Syst. IEEE. 21(6), 11–25 (2001)

Romeike, F., Hager, P.: Erfolgsfaktor Risiko-Management 2.0, 2nd edn. Gabler Verlag, Wiesbaden (2009)

Shackelford, S.J.: Should your firm invest in cyber risk insurance? Bus. Horiz. (2012) (forthcoming)

Siegel, C.A., Sagalow, T.R., Serritella, P.: Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security. Information Systems Security - Security Management Practices (2002)

Sinanaj, G., Muntermann, J.: Assessing Corporate Reputational Damage of Data Breaches: An Empirical Analysis, in: Proceedings of the 26th International Bled eConference, pp. 78–89. Bled, Slovenia, June 9–13 2013

Slay, J., Miller, M.: Lessons learned from the maroochy water breach. In: Goetz, E., Shenoi, S. (eds.) IFIP International Federation for Information Processing, vol. 253, Critical Infrastructure Protection, pp. 73–82. Springer, Boston (2008)

Smith, G.S.: Recognizing and preparing loss estimates from cyber-attacks. Inf. Syst. Secur. 12(6), 46–58 (2004)

Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for Information Technology systems, National Institute of Standards and Technology. Special Publication 800(30) (2002)

Von Solms, R., van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)

Wang, J., Chaudhury, A., Rao, H.R.: A value-at-risk approach to information security investments. Inf. Syst. Res. 19(1), 106–120 (2008)

Wang, Q.-H., Kim, S.-H.: Cyber Attacks: Cross-Country Interdependence and Enforcement, Working Paper. National University of Singapore, 2009

Zurich: (2014): Risk Nexus, Beyond Data Breaches: Global Interconnections of Cyber Risk. www.zurich.com . Accessed 21 Nov 2014