an ara based framework and dss for cybersec risk … 2019.pdfan ara based framework and dss for...
TRANSCRIPT
![Page 1: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/1.jpg)
An ARA based framework and DSS for
Cybersec risk managment
Aitor Couce, David Rios ICMAT-CSIC
GDRR’19, May GWU
![Page 2: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/2.jpg)
Games and Decisions in
Cyber Risk
Aitor Couce, David Rios and CYBECO team
GDRR’19, May GWU
![Page 3: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/3.jpg)
Agenda
• Cybersecurity
• A model for cybersecurity risk analysis
• The CYBECO tool
• A motivating case
• Discussion
![Page 4: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/4.jpg)
Cyber risks
• 450b$ impact over global economy 2014
• 0.8% global GDP
• Black market
• Fifth operational space
• Cyber risks in supply chain. Interconnectedsystems– Target attack through its AC supplier
4
![Page 5: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/5.jpg)
Cyber risks
• Stuxnet, Flame, Duqu,… targeted against
Iran’s nuke program
• Shamoon targeted against ARAMCO
• Targeted attack against Estonia
• Wannacry. Not targeted. Stopped UK
NHS, affected Telefónica, BBVA,…
5
![Page 6: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/6.jpg)
Cyber risks. Context
• Systems increasingly connected and relying on ICT
– Cars, planes, investing platforms, voting systems,…
• Increasing variety, number and sophistication of
attacks and attackers
– Virus, worms, trojans, spyware, APTs, ransomware, …
– Countries, cybercriminals, insiders, …
• Potential to cause very large damage
– Economic, physical, national security, reputation, …
6
![Page 7: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/7.jpg)
Cybersecurity. WEF GRM 2018
![Page 8: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/8.jpg)
Cybersecurity in the press
![Page 9: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/9.jpg)
(SP) National Security Strategy
![Page 10: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/10.jpg)
Cybersecurity. NIST
![Page 11: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/11.jpg)
Industry standards
• Frameworks for risk analysis: CRAMM, EBIOS,
ISAMM, Magerit, ISO 27005, MEHARI, NIST 800-30, ISO
31000,...
• Compliance frameworks: ISO27001, ISO 27002,
SANS Critical Security Controls, Common Criteria, GDPR,
ISO 27031, Cloud Security Alliance Cloud Controls Matrix,…
• Excellent catalogues of assets, threats,
controls,….
11
![Page 12: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/12.jpg)
Catalogues. Example
• Vulnerabilities. CVE
Code Name Descriptiom
CVE-2016-5195 Dirty COW …….
CVE-2017-6607 CISCO ASA DNS
DoS
…..
´´´´´´´´´´´´´´
![Page 13: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/13.jpg)
UK Cyber essentials
1. Download software updates
2. Use strong passwords
3. Delete suspicious emails
4. Use anti-virus
5. Raise staff awareness
![Page 14: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/14.jpg)
Approaches
• Frameworks for risk analysis
• Compliance frameworks
• Excellent catalogues of assets, threats,
controls,….
• But when referring to risk management
14
![Page 15: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/15.jpg)
Cybersecurity
15
Risk matrices
Intentionality
HMG1
Cox (2008)
Thomas et al
(2014)
Hubbard,
Seiersen (2016)
Alodi, Massacci
(2017)
![Page 16: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/16.jpg)
Analytic approaches
• Optimisation
• Game theory
• Decision analysis
• Multicriteria decision analysis
• Combinatorial optimisation
Pointers and review:
Fielder et al (2016), Ganin et al (2017)
DRI et al (2019)
![Page 17: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/17.jpg)
Cyber insurance
• AXA, Generali, Zurich,….
• Yet to take off (at least in EU)
Pointers and reviews:
Marotta et al (2017)
Romanosky et al (2018)
Eling and Wirfs (2019)
![Page 18: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/18.jpg)
Cyber risks and cyber insurance.
CYBECO considerations
• Cyber insurance as a complementary risk treatment in cybersecurity.
• Cybersecurity at social level: Global costs. Accumulation problems. Network
effects.
• Cyber insurance: Relatively recent product and comparatively small market.
– Development of cyber insurance products.
• Data scarce in cybersecurity and losses. Companies not disclosing data
breaches.
– Structured expert judgement. Behavioural experiments.
• Modelling intentionality in cybersecurity.
– Adversarial risk analysis.
• Moral hazard problems. Incentives for improving cybersecurity at large. Role of
reinsurers.
– Policy nudges in cybersecurity.
– Policy recommendations.
• Valuing information assets, reputation, …
– Multi-attribute utility theory.
• Basic tools for cybersecurity risk analysis
– Decision support tool for cybersecurity investments.18
![Page 19: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/19.jpg)
Company
Expert
Cove
r losse
s
due
to c
yb
er
risk
Collect necessary
data
Provide results
Security
provider
Threat
Reinsurance
provider
Sector
regulator
Provide security services
Compliance with
regulations
Pay p
rem
ium
sDamage or steal
company's assets
Request for a specific
expertiseInsurance
regulator
Compliance with
regulations
Invest in security controls
Policymaker
Interests of insurers
(e.g., insurance federation)
ConsumerProvide
product/service
Po
licy c
ha
ng
es
Research
Po
licy r
ecom
me
nd
ation
s
Provide
product/service
Vendor
Interests of companies
(e.g., SME association)
Insurer
Research results
Cover part of insurer's
clients losses
Interests of consumers
(e.g., consumer rights
supervisory authority)
Insurance
broker Advice on cyber
insurance offerings
Negotiate policy
conditions
Security services for insurer and its clients
![Page 20: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/20.jpg)
Agenda
• Cybersecurity
• A model for cybersecurity risk analysis
• The CYBECO tool
• A case
• Discussion
![Page 21: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/21.jpg)
Cyber security risk management
![Page 22: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/22.jpg)
Cyber security risk management
![Page 23: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/23.jpg)
Cyber security risk management
![Page 24: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/24.jpg)
Use case 1: Cyber insurance product selection
24
![Page 25: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/25.jpg)
Cyber security risk management
![Page 26: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/26.jpg)
Cyber security risk management
![Page 27: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/27.jpg)
Cyber security risk management
![Page 28: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/28.jpg)
Cyber security risk management
• Attacker problem
![Page 29: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/29.jpg)
Defender
problem
![Page 30: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/30.jpg)
Cyber security risk management
• Defender preferences
• Attacker preferences
• Multiple attackers
![Page 31: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/31.jpg)
Cyber security risk management
• Expected utilities
• Maximising expected utilities
Portfolio selection, APS
![Page 32: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/32.jpg)
Agenda
• Cybersecurity
• A model for cybersecurity risk analysis
• The CYBECO tool
• A case
• Discussion
![Page 33: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/33.jpg)
CYBECO Toolbox scope• Web-based information and consultancy tool that includes
decision-support elements• Facilitates decisions about IT security investments
• Demand side. Organisation deciding IT security investments (SME)
• Supply side. Cybersec companies, Insurance companies and brokers
![Page 34: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/34.jpg)
CYBECO Toolbox features
• Precomputed templates as demos• Templates with possibility of some parameter
tuning• Templates with possibility of ‘full’ parameter
tuning. Time consuming
• Supported by a Knowledge Base that:• Contains hierarchical taxonomies of entities used in
the Risk Analysis Cases • Contains information about related cybersecurity
entities such as threats or security controls. • All entities in the KB are interconnected
![Page 35: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/35.jpg)
CYBECO Toolbox
![Page 36: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/36.jpg)
CYBECO Toolbox
Parametrised models
![Page 37: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/37.jpg)
CYBECO Toolbox
![Page 38: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/38.jpg)
CYBECO Toolbox Parameters
• Features of user (No. servers, Budget,…)
• Features of controls and insurance
products (CAPEX, OPEX, Price,
coverage,…)
• Generic business parameters
• Utility parameters, Utility parameters
• Derived parameters (Productivity,…)
• Model parameters (Probability of fire,…)
Upated in light of data
![Page 39: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/39.jpg)
CYBECO Toolbox Parameters
![Page 40: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/40.jpg)
CYBECO Toolbox
![Page 41: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/41.jpg)
CYBECO toolbox
41
![Page 42: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/42.jpg)
Agenda
• Cybersecurity
• A model for cybersecurity risk analysis
• The CYBECO tool
• A case
• Discussion
![Page 43: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/43.jpg)
![Page 44: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/44.jpg)
![Page 45: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/45.jpg)
Agenda
• Cybersecurity
• A model for cybersecurity risk analysis
• The CYBECO tool
• A case
• Discussion
![Page 46: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/46.jpg)
The behavioural component…
CYBECO experiments address this in three ways:
Experiment 2: Testing the toolbox
● Usability of CYBECO toolbox
● Nudging SMEs towards optimal
protection & cyberinsurance
Experiment 1: Testing the model
● Behavioral insights to support
design of cyberinsurance
products
● Information to produce a
‘behavioural version’ of the
CYBECO modelExperiment 3: Belief formation
● Supporting believe formation in
adversarial cyberinsurance
models
![Page 47: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/47.jpg)
Cybersecurity and cyber insurance.
Behavioural aspects
47
![Page 48: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/48.jpg)
Other models or model uses
• Pricing.
– Maximum price that preserves insurance product in
optimal portfolio
– Minimum coverage that preserves insurance product
in optimal portfolio
– Both
• Return on security investment
• Market segmentation
• Granting an insurance
• Reinsurance
![Page 49: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/49.jpg)
Policy issues
![Page 50: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/50.jpg)
Other relevant issues
• Implementing computations
• Insider threats
• Third parties. Supply chain cyber risk
management
• Expanding the toolbox
• Dynamic insurance products
![Page 51: An ARA based framework and DSS for Cybersec risk … 2019.pdfAn ARA based framework and DSS for Cybersec risk managment Aitor Couce, David Rios ICMAT-CSIC GDRR’19, May GWU david.rios@icmat.es](https://reader033.vdocuments.us/reader033/viewer/2022060222/5f078d387e708231d41d8c4c/html5/thumbnails/51.jpg)
www.cybeco.eu
Twitter:@CYBECO_project
Linkedin: www.linkedin.com/company/cybeco