City Research Online

Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations

Hatzivasilis, G., Chatziadam, P., Petroulakis, N., Ioannidis, S., Mangini, M., Kloukinas, C. ORCID: 0000-0003-0424-7425, Yautsiukhin, A., Antoniou, M., Katehakis, D. G. and Panayiotou, M. (2019). Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations. 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), doi: 10.1109/CAMAD.2019.8858165 ISSN 2378-4873

Abstract

Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable.

Publication Type: Conference or Workshop Item (Paper)
Additional Information: © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Publisher Keywords: Insurance, Certification, Security, Tools, Risk management, Organizations, Optimized production technology
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Z Bibliography. Library Science. Information Resources > ZA Information resources > ZA4050 Electronic information resources
Departments: School of Mathematics, Computer Science & Engineering > Computer Science
URI: https://openaccess.city.ac.uk/id/eprint/23352
[img]
Preview
Text - Accepted Version
Download (612kB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login