INSTRUMENT DESIGN FOR CYBER RISK ASSESSMENT IN INSURABILITY VERIFICATION

David Nicolas Bartolini

davidnicolas.bartolini@alumnos.upm.es
Universidad Politécnica de Madrid (Spain)

Andreas Ahrens


Hochschule Wismar, University of Applied Sciences, Technology, Business and Design (Germany)

Jelena Zascerinska


Hochschule Wismar, University of Applied Sciences, Technology, Business and Design (Germany)

Abstract

Cyber risk assessment for insurability verification has been paid a lot of research interest as cyber insurance represents a new dynamic segment of market with considerable growth potential for insurers. As customer’s practices and processes consistently lead to the final overall result, customer's behaviour has to be described in detail. The aim of the present paper is to design an instrument (questionnaire) for customer’s cyber risk assessment in insurability verification. The method for building an instrument (questionnaire) is empirical research. Empirical research is based on use of empirical evidence. A questionnaire with 11 questions is proposed.


Keywords:

cyber risk management, cyber insurance, information security, data protection

Bartolini D., Ahrens A., Benavente-Peces, C.: Risk Assessment and Verification of Insurability. In: International Conference on Pervasive and Embedded Computing and Communication Systems (PECCS), Madrid (Spanien). 2017, 24–26.
  Google Scholar

Eckert C.: IT Security – Concepts, Procedures and Protocols. De Gruyter Oldenbourg, 2014.
  Google Scholar

Official Journal of the European Union: General Data Protection Regulation. http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf, 2016.
  Google Scholar

Meyers M., Harris S., a Campo Rössing: CISSP: Certified Information Systems Security Professional (mitp Professional) Broschiert, 9 März 2009.
  Google Scholar

ISACA, 2012, Cobit 5 Framework.
  Google Scholar

ISO 2013. ISO/IEC 27001: 2013. Information technology – Security techniques – Information security management systems – Requirements.
  Google Scholar

ISO 2015. Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud security services.
  Google Scholar

NIST 2008. NIST 800-123: Guide to General Server Security.
  Google Scholar

NIST 2013. NIST 800-40: Guide to Enterprise Patch Management Technologies.
  Google Scholar

NIST 2013. NIST 800-53: Security and Privacy Controls for Federal Information Systems and Organizations.
  Google Scholar

NIST 2013. NIST 500-291: NIST Cloud Computing Standards Roadmap.
  Google Scholar

Open Web Application Security Project (OWASP), 2017.
  Google Scholar

PCI/DSS, 2016. Payment Card Industry (PCI) Data Security Standard, v3.2.
  Google Scholar

Warren C., et. al.: Enterprise Information Security and Privacy, 2009, 193–199.
  Google Scholar

Download


Bartolini, D. N., Ahrens, A., & Zascerinska, J. (2018). INSTRUMENT DESIGN FOR CYBER RISK ASSESSMENT IN INSURABILITY VERIFICATION. Informatyka, Automatyka, Pomiary W Gospodarce I Ochronie Środowiska, 8(3), 7–10. https://doi.org/10.5604/01.3001.0012.5274

Authors

David Nicolas Bartolini 
davidnicolas.bartolini@alumnos.upm.es
Universidad Politécnica de Madrid Spain

Authors

Andreas Ahrens 

Hochschule Wismar, University of Applied Sciences, Technology, Business and Design Germany

Authors

Jelena Zascerinska 

Hochschule Wismar, University of Applied Sciences, Technology, Business and Design Germany

Statistics

Abstract views: 202
PDF downloads: 190


Most read articles by the same author(s)