Difference between revisions of "Modeling Cyber-Insurance"

From Cybersecurity Wiki
Jump to: navigation, search
Line 10: Line 10:
  
 
==Categorization==
 
==Categorization==
 
+
* Issues: [[Insurance]]
* Issues: [[Economics of Cybersecurity]]; [[Insurance]]
+
* Approaches: [[Private Efforts/Organizations]]
  
 
==Key Words==
 
==Key Words==
 
+
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]],
[[Cyber-Insurance]], [[Risk Assessment]]
+
[[Keyword_Index_and_Glossary_of_Core_Ideas#Honeypot | Honeypot]],
 +
[[Keyword_Index_and_Glossary_of_Core_Ideas#Interdependencies | Interdependencies]],
 +
[[Keyword_Index_and_Glossary_of_Core_Ideas#Phishing | Phishing]],
 +
[[Keyword_Index_and_Glossary_of_Core_Ideas#Risk_Modeling | Risk Modeling]],
 +
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM | SPAM]],
 +
[[Keyword_Index_and_Glossary_of_Core_Ideas#Worm | Worm]]
  
 
==Synopsis==
 
==Synopsis==
  
We propose a comprehensive formal framework to classify all market models
+
The paper proposes a comprehensive formal framework to classify all market models
 
of cyber-insurance we are aware of. The framework features a common terminology
 
of cyber-insurance we are aware of. The framework features a common terminology
 
and deals with the specific properties of cyber-risk in a unified way: interdependent
 
and deals with the specific properties of cyber-risk in a unified way: interdependent
Line 30: Line 35:
  
 
==Additional Notes and Highlights==
 
==Additional Notes and Highlights==
 +
Expertise Requires: Economics - High
 +
 +
Outline:
 +
  1. Introduction
 +
  2. A General Framework for Modeling Cyber-Insurance Markets
 +
    2.1 Network Environment: Connected Nodes
 +
      2.1.1 Defense Function
 +
      2.1.2 Network Topology
 +
      2.1.3 Risk Arrival
 +
      2.1.4 Attacker Model
 +
    2.2 Demand Side: Agents
 +
      2.2.1 Node Control
 +
      2.2.2 Heterogeneity
 +
      2.2.3 Agents’ Risk Aversion
 +
      2.2.4 Action Space
 +
      2.2.5 Time
 +
    2.3 Supply Side: Insurers
 +
      2.3.1 Market Structure
 +
      2.3.2 Insurers’ Risk Aversion
 +
      2.3.3 Markup
 +
      2.3.4 Contract Design
 +
      2.3.5 Higher-Order Risk Transfer
 +
    2.4 Information Structure
 +
      2.4.1 Information Asymmetries in the Conventional Insurance Literature
 +
      2.4.2 Information Asymmetries Specific to Cyber-Insurance
 +
      2.4.3 Timing
 +
    2.5 Organizational Environment
 +
      2.5.1 Regulator
 +
      2.5.2 ICT Manufacturers
 +
      2.5.3 Network Intermediaries
 +
      2.5.4 Security Service Providers
 +
  3 Using the Framework for a Literature Survey
 +
    3.1 Market Models
 +
      3.1.1 Comparison Across Models
 +
      3.1.2 Discussion of Individual Models
 +
    3.2 Related Topics
 +
  4 Concluding Remarks

Revision as of 09:48, 3 August 2010

Full Title of Reference

Modeling Cyber-Insurance: Towards A Unified Framework

Full Citation

Rainer Bohme and Galina Schwartz, Modeling Cyber-Insurance: Towards A Unified Framework, Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010). Web

BibTeX

Categorization

Key Words

Botnet, Honeypot, Interdependencies, Phishing, Risk Modeling, SPAM, Worm

Synopsis

The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

Additional Notes and Highlights

Expertise Requires: Economics - High

Outline:

 1. Introduction
 2. A General Framework for Modeling Cyber-Insurance Markets
   2.1 Network Environment: Connected Nodes
     2.1.1 Defense Function
     2.1.2 Network Topology
     2.1.3 Risk Arrival
     2.1.4 Attacker Model
   2.2 Demand Side: Agents
     2.2.1 Node Control
     2.2.2 Heterogeneity
     2.2.3 Agents’ Risk Aversion
     2.2.4 Action Space
     2.2.5 Time
   2.3 Supply Side: Insurers
     2.3.1 Market Structure
     2.3.2 Insurers’ Risk Aversion
     2.3.3 Markup
     2.3.4 Contract Design
     2.3.5 Higher-Order Risk Transfer
   2.4 Information Structure
     2.4.1 Information Asymmetries in the Conventional Insurance Literature
     2.4.2 Information Asymmetries Specific to Cyber-Insurance
     2.4.3 Timing
   2.5 Organizational Environment
     2.5.1 Regulator
     2.5.2 ICT Manufacturers
     2.5.3 Network Intermediaries
     2.5.4 Security Service Providers
 3 Using the Framework for a Literature Survey
   3.1 Market Models
     3.1.1 Comparison Across Models
     3.1.2 Discussion of Individual Models
   3.2 Related Topics
 4 Concluding Remarks