Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59578' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59578' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Towards the Insurance of Healthcare Systems | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Towards the Insurance of Healthcare Systems

Insurance of digital assets is becoming an important aspect nowadays, in order to reduce the investment risks in modern businesses. GDPR and other legal initiatives makes this necessity even more demanding as an organization is now accountable for the usage of its client data. In this paper, we present a cyber insurance framework, called CyberSure. The main contribution is the runtime integration of certification, risk management, and cyber insurance of cyber systems. Thus, the framework determines the current level of compliance with the acquired policies and provide early notifications for potential violations of them. CyberSure develops CUMULUS certification models for this purpose and, based on automated (or semi-automated) certification carried out using them, it develops ways of dynamically adjusting risk estimates, insurance policies and premiums. In particular, it considers the case of dynamic certification, based on continuous monitoring, dynamic testing and hybrid combinations of them, to adapt cyber insurance policies as the conditions of cyber system operation evolve and new data become available for adjusting to the associated risk. The applicability of the whole approach is demonstrated in the healthcare sector, for insuring an e-health software suite that is provided by an IT company to public and private hospitals in Greece. The overall approach can reduce the potential security incidents and the related economic loss, as the beneficiary deploys adequate protection mechanisms, whose proper operation is continually assessed, benefiting both the insured and the insurer.


ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg, 2020

Autori esterni: George Hatzivasilis (Foundation for Research and Technology), Panos Chatziadam (Foundation for Research and Technology), Andreas Miaoudakis (Foundation for Research and Technology), Eftychia Lakka (Foundation for Research and Technology), Sotiris Ioannidis (Foundation for Research and Technology), Alessia Alessio (Network Integration and Solutions (NIS) Srl), Michail Smyrlis (City, University of London), George Spanoudakis (City, University of London), Michalis Antoniou (HD Insurance (HDI) Ltd), Nikos Stathiakis (Center for eHealth Applications and Sevices (CeHA))
Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Information Technology and Communication Systems

File: main.pdf

Attività: Metodi formali per la sicurezza di sistemi ICT