Cyber-insurance survey
Tài liệu tham khảo
World Economic Forum, Global risks 2014. ninth edition, available via http://www.droughtmanagement.info/literature/WEF_global_risks_report_2014.pdf on 03/01/2017 (2014).
Department of Justice, Five indicted in new jersey for largest known data breach conspiracy, available via https://www.justice.gov/opa/pr/five-indicted-new-jersey-largest-known-data-breach-conspiracy 03/01/2017 (2013).
D. Goodin, Meet great cannon, the man-in-the-middle weapon China used on github, available via http://arstechnica.com/security/2015/04/meet-great-cannon-the-man-in-the-middle-weapon-china-used-on-github/ on 03/01/2017 (2015).
D. Murphy, Anonymous’ ‘operation blackout’ goes dark; dns just fine, available via http://www.pcmag.com/article2/0,2817,2402469,00.asp on 03/01/2017 (2012).
N. Gohring, Cyberinsurance may cover damage of computer woes, The Seattle Times, July 2002.
Ponemon Institute LLC, Managing cyber security as a business risk: Cyber insurance in the digital age, available via https://www.experian.com/innovation/thought-leadership/ponemon-study-managing-cyber-security-as-business-risk.jsp?ecd_dbres_cyber_insurance_study_ponemon_referral on 03/01/2017 (August 2013).
H.S.B. Herath, T.C. Herath, Cyber-insurance: Copula pricing framework and implication for risk management, in: WEIS, 2007.
ENISA, Incentives and barriers of the cyber insurance market in Europe, available via http://goo.gl/BtNyj4 on 03/01/2017 (June 2012).
M. Greisiger, Cyber liability & data breach insurance claims, available via https://netdiligence.com/wp-content/uploads/2016/05/CyberClaimsStudy-2013.pdf on 03/01/2017 (2013).
R. Anderson, R. Böhme, R. Claytin, T. Moore, Security economics and the internal market, available via https://www.enisa.europa.eu/publications/archive/economics-sec/at_download/fullReport on 03/01/2017 (January 2008).
Gordon, 2003, A framework for using insurance for cyber-risk management, Commun. ACM, 46, 81, 10.1145/636772.636774
Moore, 2010, The economics of cybersecurity: Principles and policy options, Int. J. Crit. Infrastruct. Prot., 3, 103, 10.1016/j.ijcip.2010.10.002
Geer, 2003, Risk management is still where the money is, Computer, 36, 129, 10.1109/MC.2003.1250894
T. Bandyopadhyay, Organizational adoption of cyber insurance instruments in it security risk management - a modeling approach, in: SAIS 2012 Proceedings, 2012.
Bandyopadhyay, 2011, Towards a managerial decision framework for utilization of cyber insurance instruments in it security
T. Poletti, First-ever insurance against hackers, available http://goo.gl/SSGArI on 03/01/2017 (June 1998).
M.E. Kabay, ICSA White Paper Threats, Vulnerabilities and Real-World Responses: The Foundations of the TruSecure Process, ICSA, Inc. (1998).
Majuca, 2006, The evolution of cyberinsurance, Comput. Res. Repository, 1
Mansfield-Devine, 2016, Security guarantees: building credibility for security vendors, Netw. Secur., 2016, 14, 10.1016/S1353-4858(16)30018-6
EY, Global insurance outlook, available via http://goo.gl/uyFzQ4 on 03/01/2017 (2015).
Vaughan, 2014
Advisen, Cyber insurance underwriting: A high-tech, evolving discipline, available via http://goo.gl/LxoQDq on 03/01/2017 (November 2014).
National Protection and Programs Directorate. Department of Homeland Security, Cybersecurity insurance workshop readout report, available via https://www.dhs.gov/sites/default/files/publications/cybersecurity-insurance-read-out-report.pdf on 03/01/2017 (November 2012).
R.S. Betterley, Cyber/privacy insurance market syurvey - 2015, available via http://betterley.com/samples/cpims15_nt.pdf on 03/01/2017 (June 2015).
S. Jones, Lloyd’s CEO Sees Cyber Insurance to Surge After Attacks, Bloomberg Business, available via http://goo.gl/kN58LV on 03/01/2017 (October 2014).
Toregas, 2014
National Protection and Programs Directorate. Department of Homeland Security, Cyber insurance roundtable readout report. Health care and cyber risk management. cost/benefit apapproach, available via http://www.dhs.gov/sites/default/files/publications/February%202014%20Cyber%20Insurance%20Health%20Care%20Use%20Case%20Roundtable.pdf on 03/01/2017 (February 2014).
Schneider, 2000, Enforceable security policies, ACM Trans. Inf. Syst. Secur., 3, 30, 10.1145/353323.353382
Baer, 2003, Rewarding it security in the marketplace, Contemp. Secur. Policy, 24, 190, 10.1080/13523260312331271869
L. Clinton, D. Reddy, Can cyber insurance be linked to assurance?, 2015, available via https://www.rsaconference.com/writable/presentations/file_upload/cxo-w03-can-cyber-insurance-be-linked-to-assurance.pdf on 03/01/2017.
Anderson, 2006, The economics of information security: A survey and open questions, Science, 314, 610, 10.1126/science.1130992
Anderson, 2007, 633
R. Böhme, Cyber-insurance revisited, in: Proceedings of the 4th Workshop on the Economics of Information Security, 2005.
X. Zhao, L. Xue, A.B. Whinston, Managing interdependent information security risks: A study of cyberinsurance, managed security service and risk pooling, in: Proceedings of the International Conference on Information Systems, ICIS 2009, Phoenix, Arizona, USA, December 15–18, 2009, 2009, p. 49.
H. Ogut, N. Menon, S. Raghunathan, Cyber insurance and it security investment: Impact of interdependent risk, in: Proceedings of the 4th Workshop on the Economics of Information Security, 2005.
M. Lelarge, J. Bolot, Economic incentives to increase security in the Internet: The case for insurance, in: Proceedings of the 28th IEEE International Conference on Computer Communications, Rio de Janeiro, Brazil, 2009, pp. 1494–1502.
Shetty, 2010, Can competitive insurers improve network security?, vol. 6101, 308
G. Schwartz, N. Shetty, J. Walrand, Cyber-insurance: Missing market driven by user heterogeneity, in: WEIS, 2010.
Pal, 2014, Will cyber-insurance improve network security? A market analysis, 235
P. Naghizadeh, M. Liu, Voluntary participation in cyber-insurance markets, in: Proceedings of the 2014 Annual Workshop on Economics in Information Security, 2014.
Radosavac, 2008, Using insurance to increase Internet security, 43
R. Böhme, G. Schwartz, Modeling cyber-insurance: Towards a unifying framework, in: Proceedings of the 9th Workshop on the Economics in Information Security, 2010.
B. Filkins, Quantifying risk: Closing the chasm between cybersecurity and cyber insurance, SANS Institute, available via https://www.sans.org/reading-room/whitepapers/leadership/quantifying-risk-closing-chasm-cybersecurity-cyber-insurance-36770 on 03/01/2017 (2016).
A. Harrison, Counterpane offers Internet security insurance, COMPUTERWORLD, July 2000.
C. Hemenway, Broker beat: Fierce competition for more cyber buyers, ADVISEN NEWS, available via http://www.advisenltd.com/insurance-news/2014/03/21/broker-beat-fierce-competition-cyber-buyers/ on 03/01/2017 (March 2014).
C. State, Senate bill no. 1386 chapter 915, available http://goo.gl/W8qhb8 on 03/01/2017 (2002).
Risk Management Solutions, Inc., Managing Cyber Insurance Accumulation Risk, available via on 03/01/2017 (2016).
Australian Law Reform Commission, Data breach notification, available via http://goo.gl/ZZzanO on 01/03/2017.
E. Parliament, European parliament legislative resolution of 12 March 2014 on general data protection regulation, October 2014.
D. Heywood, Data breaches–what can we expect from the EU?, available via http://goo.gl/6Sa38Z on 03/01/2017 (January 2015).
ACE group, ACE European risk briefing 2012. It and cyber risk, available via http://www.acegroup.com/global-assets/documents/Europe-Corporate/Risk-Briefing/European-Risk-Briefing–05.pdf on 03/01/2017.
R.S. Betterley, Cyber/privacy insurance market survey - 2014, available via http://betterley.com/samples/cpims14_nt.pdf on 03/01/2017 (June 2014).
Chubb, Cybersecurity for health care organizations, Available via http://www.chubb.com/businesses/csi/chubb15316.pdf on 03/01/2017.
Advisen, 2016 survey of cyber insurance market trends, available via http://www.partnerre.com/assets/uploads/docs/PartnerRe_Cyber_Liability_Trends_Survey_2016.pdf on 03/01/2017 (October 2016).
Allianz, Allianz cyber protect, available via http://www.agcs.allianz.com/services/financial-lines/allianz-cyber-protect/ on 13/07/2015.
QBE European Operations, QBE Cyber and Data Security, available via http://goo.gl/zaZf9E on 17/03/2016.
AEGIS, Cyber coverage & services, available via https://www.aegislink.com/aegislink/services/underwriting/products/cyber-coverage-and-services.html on 17/03/2016.
CNA, Cyber liability, available via https://goo.gl/dtfTUU on 17/03/2016.
InsureTrust, Cyber liability, available via http://www.insuretrust.com/cyber-liability/liability-package/cyber-liability on 17/03/2016.
CDRM LLC, CDRM background and value proposition:, available via https://databreachinsurancequote.com/about-cyber-data-risk-managers/ 05/04/2016.
Travelers, Lawyers professional liability coverage declarations, available via http://goo.gl/r2CXtB 17/03/2016.
Zurich, Security and privacy, available via https://www.zurichna.com/en/industries/technology/secpriv on 17/03/2016.
ACE, Privacy and network security, available via http://goo.gl/eq1Ll2 on 17/03/2016 (2015).
Hiscox, E-risks insurance- summary of cover, avaliable via https://www.hiscox.co.uk/shared-documents/E-risks-insurance-summary-of-cover.pdf on 17/03/2016.
Insureon, Cyber liability insurance, available via http://www.insureon.com/products/cyber-liability/ on 17/03/2016.
Marsh, Cyber insurance, available via http://goo.gl/L2aFz5 on 17/03/2016 (2012).
Chubb, Worth the risk? Finding from the chubb 2013 private company risk survey. (Chapter 7), available via http://www.chubb.com/businesses/csi/chubb12192.pdf on 17/03/2016 (2013).
AIG, Cyberedge cyber liability insurance - policy wording, available via http://www.aig.com/content/dam/aig/america-canada/us/documents/business/cyber/cyberedge-pc-policy-brochure.pdf on 17/03/2016.
J. Bradford, 2015 network security & cyber risk management: The fourth annual survey of enterprise-wide cyber risk management practices in Europe, Advisen Ltd., February 2015.
R.S. Betterley, Understanding the cyber risk insurance and remediation services marketplace, available via http://www.casact.org/community/affiliates/CANE/0412/Betterley2.pdf on 03/01/2017 (2010).
Kesan, 2004
Alberts, 2001
Verdon, 2004, Risk analysis in software design, IEEE Secur. Priv., 2, 79, 10.1109/MSP.2004.55
NIST, 2012
Caralli, 2007
Amutio, 2014
Kirkpatrick, 2015, Cyber policies on the rise, Commun. ACM, 58, 21, 10.1145/2811290
E. Chabrow, 10 concerns when buying cyber insurance, BankInfoSecurity, available via http://goo.gl/TT3Dqf on 03/01/2017 (June 2012).
P.K. Rosen, B. Steinberg, M.K. Kearney, M.L. O’Connor, N.A. Rubin, Cyber insurance: A last line of defence when technology fails, avilavle via http://goo.gl/0NwDhO on 03/01/2017 (April 2014).
I.A. Tondel, P.H. Meland, A. Omerovic, E.A. Gjaere, B. Solhaug, Using cyber-insurance as a risk management strategy: Knowledge gaps and recommendations for further research, available via https://goo.gl/wMesrj on 03/01/2017 (November 2015).
Böhme, 2010, Security metrics and security investment models, 10
C. Biener, M. Eling, J. Wirfs, Insurability of cyber risk: an empirical analysis, available via http://www.ivw.unisg.ch/~/media/internet/content/dateien/instituteundcenters/ivw/wps/wp151.pdf on 03/01/2017 (2014).
Hedrick, 2007, Cyberinsurance: A risk management tool?, 20:1
Bailey, 2014, Mitigating moral hazard in cyber-risk insurance, JL Cyber Warfare, 3, 1
T. Bandyopadhyay, V.S. Mookerjee, R.C. Rao, A model to analyze the unfulfilled promise of cyber insurance: The impact of secondary loss, Working Paper, 2010.
Jaquith, 2007
Krautsevich, 2010, Formal approach to security metrics. What does “more secure” mean for you?
W. Yurcik, D. Doss, Cyberinsurance: A market solution to the Internet security market failure, in: Proceedings of the 1-st Workshop on the Economics of Information Security, 2002.
Armic, 2012
PwC, Top issues. The promise and prifalls of cyber insurance, availavle via https://www.pwc.com/us/en/insurance/publications/assets/pwc-insurance-top-issues-cyber-insurance.pdf on 03/01/2017.
Crane, 2001, International liability in cyberspace, Duke Law Technol. Rev., 1, 23
Baer, 2007, Cyberinsurance in it security management, IEEE Secur. Priv., 5, 50, 10.1109/MSP.2007.57
PwC, Managing cyber risks with insurance, PricewaterhouseCoopers LLP, available via http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/pwc-managing-cyber-risks-with-insurance.pdf on 03/01/2017 (2014).
Shackelford, 2012, Should your firm invest in cyber risk insurance?, Bus. Horiz., 55, 349, 10.1016/j.bushor.2012.02.004
National Protection and Programs Directorate. Department of Homeland Security, Insurance industry working session readout report. Insurance for cyber-related critical infrastructure loss: Key issues, available via http://www.dhs.gov/sites/default/files/publications/July%202014%20Insurance%20Industry%20Working%20Session_1.pdf on 03/01/2017 (July 2014).
Luzwick, 2001, If most of your revenue is from e-commerce, then cyber-insurance makes sense, Comput. Fraud Secur., 3, 16
J. Crowther, D. Dabbs, S. Dakin, A.M. Freed, R. Herold, R. Kam, C. Kallenbach, C. Marciano, A.I. Messing, E. Michel-Kerjan, M. Negus, W. Oravecz, L. Ponemon, R. Santalesa, H. Schneider, B. Schneier, J. Westby, Data privacy, information security and cyber insurance trend, available via http://goo.gl/MnbIUt on 03/01/2017 (2013).
D.K. Saini, I. Azad, N.B. Raut, L.A. Hadimani, Utility implementation for cyber risk insurance modeling, in: Proceedings of the World Congress on Engineering, Vol. 1, 2011.
Willis, 2010, Business insurance: First-party commercial property insurance and the physical damage requirement in a computer-dominated world, Florida State Univ. Law Rev., 37, 1
Meland, 2015, Mitigating risk with cyberinsurance, IEEE Secur. Privacy, 13, 38, 10.1109/MSP.2015.137
Bandyopadhyay, 2009, Why it managers don’t go for cyber-insurance products, Commun. ACM, 52, 68, 10.1145/1592761.1592780
G. Schwartz, N. Shetty, J.C. Walrand, Why cyber-insurance contracts fail to reflect cyber-risks, in: Proceeding Sof the 51st Annual Allerton Conference, 2013, pp. 781–787.
Schwartz, 2014, Cyber-insurance framework for large scale interdependent networks, 14
Lelarge, 2008, Network externalities and the deployment of security features and protocols in the Internet, SIGMETRICS Perform. Eval. Rev., 36, 37, 10.1145/1384529.1375463
Mehr, 1961
Berliner, 1985, Large risks and limits of insurability, Geneva Pap. Risk Insur., 10, 313, 10.1057/gpp.1985.22
Biener, 2014, Insurability of cyber risk, Newslett. Insur. Financ., 1
von Neumann, 1953
Rudin, 1987
Yang, 2014, Security adoption and influence of cyber-insurance markets in heterogeneous networks, Perform. Eval., 74, 1, 10.1016/j.peva.2013.10.003
American Insurance Association, Property-casualty insurance basics, available via http://goo.gl/M06lRg on 03/01/2017.
Mikosch, 2009
Barracchini, 2014, Cyber risk and insurance coverage: An actuarial multistate approach, Rev. Econ. Finanac., 4, 57
S. Chaisiri, R.K.L. Ko, D. Niyato, A joint optimization approach to security-as-a-service allocation and cyber insurance management, in: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1, 2015, pp. 426–433.
Yannacopoulos, 2008, Modeling privacy insurance contracts and their utilization in risk management for ict firms, 207
Hofmann, 2007, Internalizing externalities of loss prevention through insurance monopoly: an analysis of interdependent risks, Geneva Risk Insur. Rev., 32, 91, 10.1007/s10713-007-0004-2
R. Pal, L. Golubchik, On economics of information security: The problem of designing optimal cyber-insurance contracts, in: Proceedings of ACM SIGMETRICS Workshop, 2010.
Pal, 2011, Aegis a novel cyber-insurance model, vol. 7037, 131
Bolot, 2007
J. Bolot, M. Lelarge, A new perspective on Internet security using insurance, in: Proceedings of the 27th IEEE International Conference on Computer Communications, Phoenix, AZ, USA, 2008, pp. 1948–1956.
Shetty, 2010, Competitive cyber-insurance and internet security, 229
Grossklags, 2008, Secure or insure?: A game-theoretic analysis of information security games, 209
J. Grossklags, B. Johnson, Uncertainty in the weakest-link security game, in: Proceedings of the 1st International Conference on Game Theory for Networks, 2009.
Johnson, 2012, Nash equilibria for weakest target security games with heterogeneous agents, 444
R. Böhme, G. Kataria, Models and measures for correlation in cyber-insurance, in: Proceedings of the 5-th Workshop on Economics of Information Security, 2006.
X. Zhao, L. Xue, A.B. Whinston, Interdependent information security risks: A study of cyberinsurance, managed security service and risk pooling, in: Proceedings of the International Conference on Information Systems, ICIS 2009, Phoenix, Arizona, USA, December 15-18, 2009, 2009, p. 49.
Shim, 2012, An analysis of information security management strategies in the presence of interdependent security risk, Asia Pac. J. Inf. Syst., 22, 79
Gritzalis, 2007, A probabilistic model for optimal insurance contracts against security risks and privacy violation in it outsourcing environments, Int. J. Inf. Secur., 6, 197, 10.1007/s10207-006-0010-x
Lambrinoudakis, 2005, A formal model for pricing information systems insurance contracts, Comput. Stand. Interfaces, 27, 521, 10.1016/j.csi.2005.01.010
Shah, 2015, Valuing data security and privacy using cyber insurance, SIGCAS Comput. Soc., 4, 38, 10.1145/2738210.2738217
Johnson, 2011, Security games with market insurance, 117
Pal, 2010, On the economics of information security: The problem of designing optimal cyber-insurance contracts, SIGMETRICS Perform. Eval. Rev., 38, 51, 10.1145/1870178.1870196
R. Pal, L. Golubchik, Pricing and investments in Internet security: A cyber-insurance perspective, CoRR abs/1103.1552, 2011, pp. 1–30.
R. Pal, L. Golubchik, K. Psounis, P. Hui, Realizing efficient cyber-insurance markets via price discriminating security products, available via http://www-scf.usc.edu/~rpal/TDSCR.pdf (2013).
R. Pal, L. Golubchik, K. Psounis, P. Hui, On a way to improve cyber-insurer profits when a security vendor becomes the cyber-insurer, in: Proceedings of the 12th IFIP Networking Conference, Brooklyn, New York, USA, 2013, pp. 1–9.
R. Pal, P. Hui, On differentiating cyber-insurance contracts a topological perspective, in: Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, 2013, pp. 836–839.
Pal, 2012, Cyberinsurance for cybersecurity a topological take on modulating insurance premiums, SIGMETRICS Perform. Eval. Rev., 40, 86, 10.1145/2425248.2425271
Shavell, 1992, On moral hazard and insurance, 280
Laszka, 2014, A survey of interdependent information security games, ACM Comput. Surv., 47, 23:1, 10.1145/2635673
Grossklags, 2010, Nudge: Intermediaries’ role in interdependent network security, vol. 6101, 323
Microsoft, The security risk management guide, available via https://technet.microsoft.com/en-us/library/cc163143.aspx on 03/01/2017 (2006).
CLUSIF, Risk Management - Concepts and Methods, Club de la securite de l’infromation francias, 30, rue Pierre Semard, 75009, Paris (2009).
Stoneburner, 2001
ISO/IEC, ISO/IEC 27001:2013 Information technology–Security techniques–Information security management systems–Requirements (2013).
IEC, BS IEC 61882:2001. Hazard and operability studies (HAZOP studies)–Application guide (2001).
Bouti, 1994, A state-of-the-art review of FMEA/FMECA, Int. J. Reliab. Qual. Saf. Eng., 1, 515, 10.1142/S0218539394000362
CLUSIF, Mehari 2010. Overview, Club De La Securite De L;Information Francias (2010).
CLUSIF, Mehari 2010. Risk analysis and tratment guide, Club De La Securite De L’Information Francias (August 2010).
CLUSIF, Mehari 2010. Processing guide for risk analysis and management, Club De La Securite De L’Information Francias, 2nd Edition (April 2011).
ISO/IEC, ISO/IEC 27002:2005 Information technology–Security techniques–Code of Practice for Information Security Management (2005).
Lund, 2011
Fredriksen, 2002, The CORAS framework for a model-based risk management process, vol. 2434, 94
K. Stolen, F.D. Braber, T. Dimitrakos, R. Fredriksen, B.A. Gran, S.-H. Houmb, S. Lund, Y.C. Stamatiou, J.O. Aagedal, Model-based risk assessment–the CORAS approach, in: Proceedings of the 1st iTrust Workshop, 2002.
B.A. Gran, R. Fredriksen, A.P.-J. Thunem, An approach for model-based risk assessment, in: SAFECOMP, 2004, pp. 311–324.
Braber, 2007, Model-based security analysis in seven steps–a guided tour to the coras method, BT Technol. J., 2, 101, 10.1007/s10550-007-0013-9
Butler, 2002, Security attribute evaluation method: a cost-benefit approach, 232
Karabacak, 2005, Isram: information security risk analysis method, Comput. Secur., 24, 147, 10.1016/j.cose.2004.07.004
Bennett, 1992, An application of qualitative risk analysis to computer security for the commercial sector, 64
Farahmand, 2003, Managing vulnerabilities of information systems to security incidents, 348
Hsu, 2007, The delphi technique: Making sense of consensus, Pract. Assess. Res. Eval., 12, 1
Pardue, 2011, Threats to healthcare data: a threat tree for risk assessment, Issues Inf. Syst., XII, 106
IEC, IEC 61025:2006. Fault tree analysis (FTA) (2006).
Schneier, 1999, Attack trees: Modelling security threats, Dr. Dobb’s J.
Mauw, 2005, Foundations of attack trees
S. Bistarelli, M. Dall’Aglio, P. Peretti, Strategic games on defense trees, in: Proceedings of 4th International Workshop on Formal Aspects in Security and Trust, 2007, pp. 1–15.
von Solms, 2013, From information security to cyber security, Comput. Secur., 38, 97, 10.1016/j.cose.2013.04.004
ISACA, Cobit 5, Avalaible via http://www.isaca.org/COBIT/Pages/default.aspx on 03/01/2017.
IASME Consortium, The IASME Standard, Available via https://www.iasme.co.uk/index.php/about on 03/01/2017.
ISO/TS, ISO/TS 16949:2009 - Quality management systems–Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations, Available via http://goo.gl/9s4uGU on 03/01/2017.
NERC, Cip-002-4–cyber security–critical cyber asset identification, available via http://goo.gl/5i6zxg on 03/01/2017.
NEN, Nen 7510:2011 nl - health informatics - information security management in healthcare, available via https://goo.gl/5pk0oT on 03/01/2017.
ISO/IEC, ISO/IEC 27018:2014- information technology–security techniques–code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, Available via http://goo.gl/GnPUFG on 03/01/2017.
C. Morrison, AIG offers SME protection against “hacktivists” with new cyber product, available viawww.insuranceage.co.uk/insurance-age/news/2367528/aig-offers-sme-protection-against-hacktivists-with-new-cyber-product on 03/01/2017 (September 2014).
IEC, IEC 60300-3-9 Dependability management- Part 3. Application guide - Section 9: Risk analysis of technological systems - Event Tree Analysis (ETA) (1995).
Ortalo, 1999, Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Trans. Softw. Eng., 25, 633, 10.1109/32.815323
Sheyner, 2005, Tools for generating and analysing attack graphs
Noel, 2004, Managing attack graph complexity through visual hierarchical aggregation, 109
Phillips, 1998, A graph-based system for network-vulnerability analysis, 71
Krautsevich, 2012, Towards modelling adaptive attacker’s behaviour, vol. 7743, 357
Beckers, 2014, Analysis of social engineering threats with attack graphs
Snort, Snort, available via https://www.snort.org/ on 03/01/2017.
Gordon, 2006
Mukhopadhyay, 2013, Cyber-risk decision models: To insure it or not?, Decis. Support Syst., 56, 11, 10.1016/j.dss.2013.04.004
A. Mukhopadhyay, G.K. Shukla, P. Kirs, K.K. Bagchi, Quntifying e-risk for cyber-insurance using logit anf probit models, in: Proceedings of the 8th Annual Symposium on Information Assurance, 2013.
Ishikawa, 2016, A study of security management with cyber insurance, 68
Hayel, 2015, Attack-aware cyber insurance for risk sharing in computer networks, 22
Bolot, 2009, Cyber insurance as an incentive for internet security, 269
Johnson, 2014, How many down?: toward understanding systematic risk in networks, 49
Laszka, 2014, Estimating systematic risk in real-world networks, 417
B. Johnson, A. Laszka, J. Grossklags, The complexity of estimating systematic risk in networks, in: Proceedings of the 27th IEEE Computer Security Foundations Symposium, CSF, 2014.
Laszka, 2015, Should cyber-insurance providers invest in software security?, 483
Pal, 2012
F. Martinelli, A. Yautsiukhin, Security by insurance for services, in: Proceedings of the 1st International Workshop on Cyber Resilience Economics, 2016.
Grossklags, 2008, Security and insurance management in networks with heterogeneous agents, 160
Johnson, 2010, Are security experts useful? Bayesian nash equilibria for network security games with limited information, 588
Grossklags, 2010, Financial cryptography and data security: 14th international conference, fc 2010, tenerife, canary islands, january 25-28, 2010, revised selected papers, 416
Grossklags, 2010, The price of uncertainty in security games, 9
Ehrlich, 1992, 164
R. Pal, Cyber-insurance for cyber-security: a solution to the information asymmetry problem, in: Proceedings of SIAM Annual Meeting, 2012.
Pal, 2012, Cyber-insurance in Internet security: A dig into the information asymmetry problem, Comput. Res. Repository, 1
Herrmann, 2007
Krautsevich, 2011, Formal analysis of security metrics and risk, vol. 6633, 304
Krautsevich, 2013, Formal analysis of security metrics with defensive actions
PwC, Managing cyber risks in an interconnected world, available via http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/the-global-state-of-information-security-survey-2015.pdf on 03/01/2017 (September 2014).