Research Article
Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance
@INPROCEEDINGS{10.1007/978-3-319-67540-4_14, author={Deepak Tosh and Sachin Shetty and Shamik Sengupta and Jay Kesan and Charles Kamhoua}, title={Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance}, proceedings={Game Theory for Networks. 7th International EAI Conference, GameNets 2017 Knoxville, TN, USA, May 9, 2017, Proceedings}, proceedings_a={GAMENETS}, year={2017}, month={9}, keywords={Cybersecurity information sharing Cyber-insurance Cyber-threat intelligence Cyber Security Information Sharing Act (CISA)}, doi={10.1007/978-3-319-67540-4_14} }
- Deepak Tosh
Sachin Shetty
Shamik Sengupta
Jay Kesan
Charles Kamhoua
Year: 2017
Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance
GAMENETS
Springer
DOI: 10.1007/978-3-319-67540-4_14
Abstract
Critical infrastructure systems spanning from transportation to nuclear operations are vulnerable to cyber attacks. Cyber-insurance and cyber-threat information sharing are two prominent mechanisms to defend cybersecurity issues proactively. However, standardization and realization of these choices have many bottlenecks. In this paper, we discuss the benefits and importance of cybersecurity information sharing and cyber-insurance in the current cyber-warfare situation. We model a standard game theoretic participation model for cybersecurity information exchange (CYBEX) and discuss the applicability of economic tools in addressing important issues related to CYBEX and cyber-insurance. We also pose several open research challenges, which need to be addressed for developing a robust cyber-risk management capability.