INSTRUMENT DESIGN FOR CYBER RISK ASSESSMENT IN INSURABILITY VERIFICATION
David Nicolas Bartolini
davidnicolas.bartolini@alumnos.upm.esUniversidad Politécnica de Madrid (Spain)
Andreas Ahrens
Hochschule Wismar, University of Applied Sciences, Technology, Business and Design (Germany)
Jelena Zascerinska
Hochschule Wismar, University of Applied Sciences, Technology, Business and Design (Germany)
Abstract
Cyber risk assessment for insurability verification has been paid a lot of research interest as cyber insurance represents a new dynamic segment of market with considerable growth potential for insurers. As customer’s practices and processes consistently lead to the final overall result, customer's behaviour has to be described in detail. The aim of the present paper is to design an instrument (questionnaire) for customer’s cyber risk assessment in insurability verification. The method for building an instrument (questionnaire) is empirical research. Empirical research is based on use of empirical evidence. A questionnaire with 11 questions is proposed.
Keywords:
cyber risk management, cyber insurance, information security, data protectionReferences
Bartolini D., Ahrens A., Benavente-Peces, C.: Risk Assessment and Verification of Insurability. In: International Conference on Pervasive and Embedded Computing and Communication Systems (PECCS), Madrid (Spanien). 2017, 24–26.
Google Scholar
Eckert C.: IT Security – Concepts, Procedures and Protocols. De Gruyter Oldenbourg, 2014.
Google Scholar
Official Journal of the European Union: General Data Protection Regulation. http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf, 2016.
Google Scholar
Meyers M., Harris S., a Campo Rössing: CISSP: Certified Information Systems Security Professional (mitp Professional) Broschiert, 9 März 2009.
Google Scholar
ISACA, 2012, Cobit 5 Framework.
Google Scholar
ISO 2013. ISO/IEC 27001: 2013. Information technology – Security techniques – Information security management systems – Requirements.
Google Scholar
ISO 2015. Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud security services.
Google Scholar
NIST 2008. NIST 800-123: Guide to General Server Security.
Google Scholar
NIST 2013. NIST 800-40: Guide to Enterprise Patch Management Technologies.
Google Scholar
NIST 2013. NIST 800-53: Security and Privacy Controls for Federal Information Systems and Organizations.
Google Scholar
NIST 2013. NIST 500-291: NIST Cloud Computing Standards Roadmap.
Google Scholar
Open Web Application Security Project (OWASP), 2017.
Google Scholar
PCI/DSS, 2016. Payment Card Industry (PCI) Data Security Standard, v3.2.
Google Scholar
Warren C., et. al.: Enterprise Information Security and Privacy, 2009, 193–199.
Google Scholar
Authors
David Nicolas Bartolinidavidnicolas.bartolini@alumnos.upm.es
Universidad Politécnica de Madrid Spain
Authors
Andreas AhrensHochschule Wismar, University of Applied Sciences, Technology, Business and Design Germany
Authors
Jelena ZascerinskaHochschule Wismar, University of Applied Sciences, Technology, Business and Design Germany
Statistics
Abstract views: 201PDF downloads: 189
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Most read articles by the same author(s)
- Andreas Ahrens, André Sandmann, Kort Bremer, Bernhard Roth, Steffen Lochmann, IMPROVING OPTICAL FIBER SENSING BY MIMO SIGNAL PROCESSING , Informatyka, Automatyka, Pomiary w Gospodarce i Ochronie Środowiska: Vol. 6 No. 3 (2016)