12,856 research outputs found
Pricing and Investments in Internet Security: A Cyber-Insurance Perspective
Internet users such as individuals and organizations are subject to different
types of epidemic risks such as worms, viruses, spams, and botnets. To reduce
the probability of risk, an Internet user generally invests in traditional
security mechanisms like anti-virus and anti-spam software, sometimes also
known as self-defense mechanisms. However, such software does not completely
eliminate risk. Recent works have considered the problem of residual risk
elimination by proposing the idea of cyber-insurance. In this regard, an
important research problem is the analysis of optimal user self-defense
investments and cyber-insurance contracts under the Internet environment. In
this paper, we investigate two problems and their relationship: 1) analyzing
optimal self-defense investments in the Internet, under optimal cyber-insurance
coverage, where optimality is an insurer objective and 2) designing optimal
cyber-insurance contracts for Internet users, where a contract is a (premium,
coverage) pair
Computing on Masked Data to improve the Security of Big Data
Organizations that make use of large quantities of information require the
ability to store and process data from central locations so that the product
can be shared or distributed across a heterogeneous group of users. However,
recent events underscore the need for improving the security of data stored in
such untrusted servers or databases. Advances in cryptographic techniques and
database technologies provide the necessary security functionality but rely on
a computational model in which the cloud is used solely for storage and
retrieval. Much of big data computation and analytics make use of signal
processing fundamentals for computation. As the trend of moving data storage
and computation to the cloud increases, homeland security missions should
understand the impact of security on key signal processing kernels such as
correlation or thresholding. In this article, we propose a tool called
Computing on Masked Data (CMD), which combines advances in database
technologies and cryptographic tools to provide a low overhead mechanism to
offload certain mathematical operations securely to the cloud. This article
describes the design and development of the CMD tool.Comment: 6 pages, Accepted to IEEE HST Conferenc
Cyber risk in health facilities: A systematic literature review
The current world challenges include issues such as infectious disease
pandemics, environmental health risks, food safety, and crime prevention.
Through this article, a special emphasis is given to one of the main challenges
in the healthcare sector during the COVID-19 pandemic, the cyber risk. Since
the beginning of the Covid-19 pandemic, the World Health Organization has
detected a dramatic increase in the number of cyber-attacks. For instance, in
Italy the COVID-19 emergency has heavily affected cybersecurity; from January
to April 2020, the total of attacks, accidents, and violations of privacy to
the detriment of companies and individuals has doubled. Using a systematic and
rigorous approach, this paper aims to analyze the literature on the cyber risk
in the healthcare sector to understand the real knowledge on this topic. The
findings highlight the poor attention of the scientific community on this
topic, except in the United States. The literature lacks research contributions
to support cyber risk management in subject areas such as Business, Management
and Accounting; Social Science; and Mathematics. This research outlines the
need to empirically investigate the cyber risk, giving a practical solution to
health facilities. Keywords: cyber risk; cyber-attack; cybersecurity; computer
security; COVID-19; coronavirus;information technology risk; risk management;
risk assessment; health facilities; healthcare sector;systematic literature
review; insuranc
Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge
The Internet of Things (IoT) triggers new types of cyber risks. Therefore,
the integration of new IoT devices and services requires a self-assessment of
IoT cyber security posture. By security posture this article refers to the
cybersecurity strength of an organisation to predict, prevent and respond to
cyberthreats. At present, there is a gap in the state of the art, because there
are no self-assessment methods for quantifying IoT cyber risk posture. To
address this gap, an empirical analysis is performed of 12 cyber risk
assessment approaches. The results and the main findings from the analysis is
presented as the current and a target risk state for IoT systems, followed by
conclusions and recommendations on a transformation roadmap, describing how IoT
systems can achieve the target state with a new goal-oriented dependency model.
By target state, we refer to the cyber security target that matches the generic
security requirements of an organisation. The research paper studies and adapts
four alternatives for IoT risk assessment and identifies the goal-oriented
dependency modelling as a dominant approach among the risk assessment models
studied. The new goal-oriented dependency model in this article enables the
assessment of uncontrollable risk states in complex IoT systems and can be used
for a quantitative self-assessment of IoT cyber risk posture
- …