دورية أكاديمية
Mapping the coverage of security controls in cyber insurance proposal forms
العنوان: | Mapping the coverage of security controls in cyber insurance proposal forms |
---|---|
المؤلفون: | Daniel Woods, Ioannis Agrafiotis, Jason R. C. Nurse, Sadie Creese |
المصدر: | Journal of Internet Services and Applications, Vol 8, Iss 1, Pp 1-13 (2017) |
بيانات النشر: | Brazilian Computing Society (SBC), 2017. |
سنة النشر: | 2017 |
المجموعة: | LCC:Telecommunication LCC:Computer engineering. Computer hardware |
مصطلحات موضوعية: | Business security, Security controls, Cyber insurance, SANS20 controls, ISO/IEC 27000 series, Telecommunication, TK5101-6720, Computer engineering. Computer hardware, TK7885-7895 |
الوصف: | Abstract Policy discussions often assume that wider adoption of cyber insurance will promote information security best practice. However, this depends on the process that applicants need to go through to apply for cyber insurance. A typical process would require an applicant to fill out a proposal form, which is a self-assessed questionnaire. In this paper, we examine 24 proposal forms, offered by insurers based in the UK and the US, to determine which security controls are present in the forms. Our aim is to establish whether the collection of security controls mentioned in the analysed forms corresponds to the controls defined in ISO/IEC 27002 and the CIS Critical Security Controls; these two control sets are generally held to be best practice. This work contains a novel research direction as we are the first to systematically analyse cyber insurance proposal forms. Our contributions include evidence regarding the assumption that the insurance industry will promote security best practice. To address the problem of adverse selection, we suggest the number of controls that proposal forms should include to be in alignment with the two information security frameworks. Finally, we discuss the incentives that could lead to this disparity between insurance practice and information security best practice, emphasising the importance of information security economics in studying cyber insurance. |
نوع الوثيقة: | article |
وصف الملف: | electronic resource |
اللغة: | English |
تدمد: | 1867-4828 1869-0238 |
Relation: | http://link.springer.com/article/10.1186/s13174-017-0059-y; https://doaj.org/toc/1867-4828; https://doaj.org/toc/1869-0238 |
DOI: | 10.1186/s13174-017-0059-y |
URL الوصول: | https://doaj.org/article/f82ca435855c4d3e9148af3f2f502617 |
رقم الأكسشن: | edsdoj.f82ca435855c4d3e9148af3f2f502617 |
قاعدة البيانات: | Directory of Open Access Journals |
تدمد: | 18674828 18690238 |
---|---|
DOI: | 10.1186/s13174-017-0059-y |