Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Managing Information Risk and the Economics of Security Kapitel lesen Erstes Kapitel lesen

2009 | OriginalPaper | Buchkapitel

13. Cyber Insurance as an Incentivefor Internet Security

verfasst von : Jean Bolot, Marc Lelarge

Erschienen in: Managing Information Risk and the Economics of Security

Verlag: Springer US

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Managing security risks in the Internet has, so far, mostly involved methods to reduce the risks and the severity of the damages. Those methods (such as firewalls, intrusion detection and prevention, etc) reduce but do not eliminate risk, and the question remains on how to handle the residual risk. In this chapter, we consider the problem of whether buying insurance to protect the Internet and its users from security risks makes sense, and if so, identifying specific benefits of insurance and designing appropriate insurance policies.
Using insurance in the Internet raises several questions because entities in the Internet face correlated risks, which means that insurance claims will likely be correlated, making those entities less attractive to insurance companies. Furthermore, risks are interdependent, meaning that the decision by an entity to invest in security and self-protect affects the risk faced by others. We analyze the impact of these externalities on the security investments of the users using simple models that combine recent ideas from risk theory and network modeling.
Our key result is that using insurance would increase the security in the Internet. Specifically, we show that the adoption of security investments follows a threshold or tipping point dynamics, and that insurance is a powerful incentive mechanism which pushes entities over the threshold into a desirable state where they invest in self-protection.
Given its many benefits, we argue that insurance should become an important component of risk management in the Internet, and discuss its impact on Internet mechanisms and architecture.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Botnet Economics: Uncertainty Matters
Nächstes Kapitel Conformity or Diversity: Social Implications of Transparency in Personal Data Processing
Literatur
Anderson, R., and Moore, T., “The Economics of Information Security: A Survey and Open Questions,” Science (314), October 2006, pp. 610-613.CrossRef
Aspnes, J., Feigenbaum, J., Mitzenmacher, M., and Parkes, D., “Towards Better Definitions and Measures of Internet Security,” in Proceedings of Workshop on Large-Scale-Network Security and Deployment Obstacles, Landsdowne, VA, March 2003.
Bolot, J., and Lelarge, M. “A New Perspective on Internet Security using Insurance,” INFOCOM 08.
Bolot, J. and Lelarge, M., “Cyber Insuranceas an Incentivefor Internet Security,” in Proceedings of Workshop on the Economics of Information Security (WEIS), 2008.
Böhme, R. “Cyber-insurance Revisited,” in Proceedings of Workshop on the Economics of Information Security (WEIS), 2005.
Böhme, R., and Kataria, G., “Models and Measures for Correlation in Cyber-insurance,” in Proceedings of Workshop on the Economics of Information Security (WEIS), 2006.
Camp, L.J., and Wolfram, C., “Pricing Security,” in Proceedings of CERT Information Survivability Workshop, Boston, MA, pp. 24-26, Oct. 2000.
Chan, H., Dash, D., Perrig, A., and Zang, H., “Modeling Adoptability of Secure BGP Protocols,” in Proceedings of ACM Sigcomm 06, Pisa, Italy, September 2006.
Cheswick, W.R., Bellovin, S., and Rubin, A., Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Ed., Addison-Wesley, 2003.
Chen, P., Kataria, G., and Krishnan, R. “Software Diversityfor Information Security,” in Proceedings of the Workshop on Economic of Information Security 2005, Harvard, MA, June 2005.
Clark, D. “The Design Philosophy of the DARPA Internet Protocols,” in Proceedings of ACM Sigcomm 88, Stanford, CA, Aug 1988.
Clark, D., Wroclawski, J., Sollins, K., and Braden, R., “Tussle in Cyberspace: Defining Tomorrow’s Internet,” in Proceedings of ACM Sigcomm 02, Pittsburgh, PA, Aug. 2002.
Coffman Jr., E.G., Ge, Z., Misra, V., and Towsley, D. “Network Resilience: Exploring Cascading Failures within BGP,” in Proceedings of 40th Annual Allerton Conference on Communications, Computing and Control, October 2002.
Davie, G., Hardt, M., and Kelly, F., “Network Dimensioning, Service Costing, and Pricing in a Packet Switched Environment,” Telecommunications Policy (28), 2004, pp. 391-412.CrossRef
Doyle, J., Alderson, D., Li, L., Low, S., Roughan, M., Shalunov, S., Tanaka, R., and Willinger, W. “The ‘Robust yet Fragile’ Nature of the Internet,” in Proceedings of National Academy Sciences (102-41), October 2005.
Ehrlich, I., and Becker, G.S., “Market Insurance, Self-insurance, and Self-protection,” The Journal of Political Economy (80:4), 1972, pp. 623-648.CrossRef
Ganesh, A., Massoulie, L., and Towsley, D. “The Effect of Network Topology on the Spread of Epidemics,” in Proceedings of IEEE Infocom 2005, Miami, FL, March 2005.
Gollier, C., The Economics of Risk and Time, MIT Press, 2004.
Gong, J., and Srinagesh, P., “The Economics of Layered Networks,” Internet Economics, MIT Press, Cambridge, MA, 1997.
Gordon, L., and Loeb, M., “The Economics of Information Security Investment,” ACM Transaction Information Systems Security (5: 4), November 2002, pp. 438-457.CrossRef
Gordon, L., and Loeb, M., Managing Cybersecurity Resources. McGraw-Hill, Sept. 2005.
Gordon, L., Loeb, M., and Sohail, T., “A Framework for Using Insurancefor Cyber-risk Management,” Communication of ACM (46:3), 2003, pp. 81-85.CrossRef
Hofmann, A., “Internalizing Externalitiesof Loss Prevention through InsuranceMonopoly,” in Proceedings of Annual Meeting of American Risk and Insurance Association, Washington DC, Aug 2006.
Jung, J., Paxson, V., Berger, A., and Balakrishnan, H. “Fast Portscan Detection Using Sequential Hypothesis Testing,” in Proceedings of IEEE Symposium Security and Privacy, 2004.
Kearns, M., and Ortiz, L.E., “Algorithms for Interdependent SecurityGames,” in Advances in Neural Information Processing Systems, Thrun, S., Saul, L. K., and Schoikopf, B. (Eds.), MIT Press, Cambridge, 2004.
Kesan, J., Majuca, R., and Yurcik, W., “The Economic Case for Cyberinsurance,” In Securing Privacy in the Internet Age, Chander, A. et al. (Eds.), Stanford University Press, 2005.
Kesan, J., Majuca, R., and Yurcik, W. “Cyberinsurance as a Market-based Solution to the Problem of Cybersecurity: a Case Study,” in Proceedings of Workshop on the Economics of Information Security 2005, Harvard, MA, June 2005.
Kleinrock, L., “Research Areas in Computer Communications,” Computer Communication Review (4:3), July 1974, pp. 1-4.CrossRef
Kunreuther, H. and Heal, G., “Interdependent Security: the Case of Identical Agents,” Journal of Risk and Uncertainty (26:2), 2003, pp. 231-249.MATHCrossRef
Lelarge, M., and Bolot, J. “Network Externalitiesand the Deployment of Security Features and Protocols in the Internet,” in Proceedings of the 2008 ACM SIGMETRICS International Conference, pp. 37-48.
Lai, C., Medvinsky, G., and Neuman, G.C., “Endorsments, Licensing, and Insurancefor Distributed Systems Services,” in Proceedings of 2nd ACM Conference Computer and Communication Security (CCS), Fairfax, VA, November 1994.
MacKie-Mason, J., and Varian, H. “Pricing the Internet,” in Kahin, B. and Keller, J. (Eds.), Public Access to the Internet, MIT Press, 1995.
Majuca, R.P., Yurcik, W., and Kesan, J.P. “The Evolution of Cyberinsurance,” available at: arxiv:cs/060120
Mossin, J., “Aspects of Rational InsurancePurchasing,” Journal of Political Economy (76), 1968, pp. 553-568.CrossRef
Odlyzko, A. “Economics, Psychology, and Sociology of Security,” in Proceedings of Financial Cryptography 2003, Wright, R.N. (Ed.), LNCS #2742, Springer, April 2003.
Ogut, H., Menon, N., and Raghunathan, S., “Cyber Insuranceand IT Security Investment: Impact of Interdependent Risk,” in Proceedings of Workshop on the Economics of Information Security (WEIS), 2005.
Ozment, A., and Schechter, S., “Bootstrapping the Adoption of Internet Security Protocols,” in Proceedings of Workshop of the Economics on Information Security, Cambridge, June 2006.
Saniford, S., Moore, D., Paxson, V., and Weaver, N. “The Top Speed of Flash Worms,” in Proceedings of ACM Workshop Rapid Malcode WORM’04, Fairfax, VA, October 2004.
Schechter, S., “Quantitatively Differentiating System Security,” in Proceedings of Workshop on the Economics of Information Security (WEIS), Berkeley, CA, May 2002.
Schneier, B., “Insuranceand the Computer Industry,” Communications of ACM (44:3), March 2001, pp. 114-115.CrossRef
Schneier, B. “Computer Security: It’s the Economics, Stupid,” in Proceedings of Workshop on the Economics of Information Security (WEIS), Berkeley, CA, May 2002.
Shenker, S., Clark, D., Estrin, D., and Herzog, S., “Pricing in Computer Networks: Reshaping the Research Agenda,” ACM CCR (26), April 1996, pp. 19-43.
Varian, H., Farrell, J., and Shapiro, C. The Economics of Information Technology. Cambridge University Press, Dec. 2004.
Vojnovic, M., and Ganesh, A., “On the Race of Worms, Alerts and Patches,” in Proceedings of ACM Workshop on Rapid Malcode WORM05, Fairfax, VA, Nov. 2005.
Weaver, N., and Paxson, V., “A Worst-case Worm,” in Proceedings of 3rd Workshop on the Economics of Information Security, Univ. Minnesota, May 2004. See web site for opinion by S. Saniford.
Zou, C.,Gong, W., and Towsley, D., “Code Red Worm Propagation Modeling and Analysis,” in Proceedings of 9th ACM Conference Computer Communication Security CCS’02, Washington, DC, Nov 2002.
Metadaten
Titel
Cyber Insurance as an Incentivefor Internet Security
verfasst von
Jean Bolot
Marc Lelarge
Copyright-Jahr
2009
Verlag
Springer US
Buch
Managing Information Risk and the Economics of Security

Print ISBN: 978-0-387-09761-9

Electronic ISBN: 978-0-387-09762-6

Copyright-Jahr: 2009

DOI
https://doi.org/10.1007/978-0-387-09762-6_13

Premium Partner

    Bildnachweise