Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59623' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59623' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Optimisation of cyber insurance coverage with selection of cost effective security controls. | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Optimisation of cyber insurance coverage with selection of cost effective security controls.

Nowadays, cyber threats are considered among the most dangerous risks by topmanagement of enterprises. One way to deal with these risks is to insure them,but cyber insurance is still quite expensive. The insurance fee can be reduced iforganisations improve their cyber security protection, i.e., reducing the insuredrisk. In other words, organisations need an investment strategy to decide theoptimal amount of investments into cyber insurance and self-protection.

In this work, we propose an approach to help a risk-averse organisation todistribute its cyber security investments in a cost-efficient way. What makesour approach unique is that next to de ning the amount of investments incyber insurance and self-protection, our proposal also explicitly de nes howthese investments should be spent by selecting the most cost-efficient securitycontrols. Moreover, we provide an exact algorithm for the control selectionproblem considering several threats at the same time and compare this algorithm with other approximate algorithmic solutions.


Computers & Security, 2020

Autori esterni: Fabio Massacci (University of Trento)
Autori IIT:

Tipo: Contributo in rivista ISI
Area di disciplina: Information Technology and Communication Systems

File: main-pre-print_CNR.pdf

Attività: Metodi formali per la sicurezza di sistemi ICT