商品描述
Tackling the cybersecurity challenge is a matter of survival for society at large. Cyber attacks are rapidly increasing in sophistication and magnitude--and in their destructive potential. New threats emerge regularly, the last few years having seen a ransomware boom and distributed denial-of-service attacks leveraging the Internet of Things.
For organisations, the use of cybersecurity risk management is essential in order to manage these threats. Yet current frameworks have drawbacks which can lead to the suboptimal allocation of cybersecurity resources. Cyber insurance has been touted as part of the solution - based on the idea that insurers can incentivize companies to improve their cybersecurity by offering premium discounts - but cyber insurance levels remain limited. This is because companies have difficulty determining which cyber insurance products to purchase, and insurance companies struggle to accurately assess cyber risk and thus develop cyber insurance products.
To deal with these challenges, this volume presents new models for cybersecurity risk management, partly based on the use of cyber insurance. It contains:
- A set of mathematical models for cybersecurity risk management, including (i) a model to assist companies in determining their optimal budget allocation between security products and cyber insurance and (ii) a model to assist insurers in designing cyber insurance products.
- The models use adversarial risk analysis to account for the behavior of threat actors (as well as the behavior of companies and insurers).
- To inform these models, we draw on psychological and behavioural economics studies of decision-making by individuals regarding cybersecurity and cyber insurance.
- We also draw on organizational decision-making studies involving cybersecurity and cyber insurance.
Its theoretical and methodological findings will appeal to researchers across a wide range of cybersecurity-related disciplines including risk and decision analysis, analytics, technology management, actuarial sciences, behavioural sciences, and economics. The practical findings will help cybersecurity professionals and insurers enhance cybersecurity and cyber insurance, thus benefiting society as a whole.
This book grew out of a two-year European Union-funded project under Horizons 2020, called CYBECO (Supporting Cyber Insurance from a Behavioral Choice Perspective).
商品描述(中文翻譯)
應對網絡安全挑戰對整個社會來說是一個生存問題。網絡攻擊在複雜性和規模上迅速增加,並具有破壞性潛力。新的威脅不斷出現,近年來出現了勒索軟件猖獗和利用物聯網的分散式阻斷服務攻擊。
對於組織來說,使用網絡安全風險管理是必不可少的,以應對這些威脅。然而,目前的框架存在缺陷,可能導致網絡安全資源的次優分配。網絡保險被認為是解決方案的一部分,基於保險公司可以通過提供保費折扣來激勵企業改善其網絡安全。然而,網絡保險的水平仍然有限。這是因為企業難以確定要購買哪種網絡保險產品,而保險公司則難以準確評估網絡風險,從而制定網絡保險產品。
為了應對這些挑戰,本書提出了基於網絡保險的網絡安全風險管理的新模型。它包括:
- 一套數學模型,用於網絡安全風險管理,包括(i)一個模型,幫助企業確定其在安全產品和網絡保險之間的最佳預算分配,以及(ii)一個模型,幫助保險公司設計網絡保險產品。
- 這些模型使用對抗風險分析來考慮威脅行為者的行為(以及企業和保險公司的行為)。
- 為了支持這些模型,我們借鑒了有關個人在網絡安全和網絡保險方面的決策心理學和行為經濟學研究,以及涉及網絡安全和網絡保險的組織決策研究。
本書的理論和方法學發現將吸引廣泛的網絡安全相關學科的研究人員,包括風險和決策分析、分析學、技術管理、精算科學、行為科學和經濟學。實踐發現將幫助網絡安全專業人員和保險公司提升網絡安全和網絡保險,從而造福整個社會。
本書源於一個為期兩年的歐盟資助項目,名為CYBECO(從行為選擇角度支持網絡保險)。
作者簡介
David Ríos Insua is AXA-ICMAT Chair in Adversarial Risk Analysis and a Member of the Spanish Royal Academy of Sciences.
Caroline Baylon is Security Research and Innovation Lead at AXA and a Research Affiliate at the Centre for the Study of Existential Risk, University of Cambridge.
Jose Vila is Scientific Director at DevStat and Associate Professor of Behavioural Economics at the University of Valencia.
作者簡介(中文翻譯)
David Ríos Insua是AXA-ICMAT Adversarial Risk Analysis主席,也是西班牙皇家科學院的成員。
Caroline Baylon是AXA的安全研究和創新主管,也是劍橋大學存在風險研究中心的研究聯絡人。
Jose Vila是DevStat的科學總監,也是瓦倫西亞大學行為經濟學副教授。
