On Economic Perspectives of Internet Security: The Problem of Designing Optimal Cyber-Insurance Contracts

نویسندگان

  • Ranjan Pal
  • Leana Golubchik
چکیده

In Internet security, traditional protection mechanisms such as anti-virus software, firewalls, and other add-ons are not capable of completely eliminating security risks [3]. As noted in [7], the management of information security needs to be addressed through economic, psychological, and policymaking approaches, in combination with engineering approaches. As a realistic and futuristic solution, recent efforts suggest alleviating existing Internet security problems through cyber-insurance schemes [5][6] an alternative approach to handling residual risk, where residual risk is transferred to a different entity, i.e, insurance companies, in return for a fee, termed the insurance premium. Cyber-insurance is analogous to the widely popular technique of ‘insurance’ in modern life [1]. Cyber-insurance companies could take the form of government agencies or public/private Internet service providers (ISPs) such as phone and cable companies (e.g., AT&T, Comcast). For instance, ISPs could act as insurance agencies and make it mandatory for its clients to certify their computing devices, and in return provide them with insurance services that include monetary compensations, data backups, real-time network traffic monitoring and filtering [4]. Existing research [5][6] has shown that cyber-insurance is a powerful incentive mechanism that increases the level of self-protection amongst Internet users, and thereby the overall network security (social welfare). The works are based on the notion that increasing level of self-protection amongst Internet users makes individual users robust to the success of threat attacks, and in turn makes the whole network more threat-proof. In this extended abstract, we address the problem of enforcing optimal cyber-insurance contracts between the insurer and the insured, where optimality may be defined w.r.t to maximizing social welfare or w.r.t maximizing insurer commercial profits. We define an insurance contract as a (premium, coverage) tuple that is enforced between the insurer (say an ISP) and the insured, prior to the ISP providing Internet service, as part of terms of the agreement between the two.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Pricing and Investments in Internet Security: A Cyber-Insurance Perspective

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, such software does not completely eliminate risk...

متن کامل

Aegis A Novel Cyber-Insurance Model

Recent works on Internet risk management have proposed the idea of cyber-insurance to eliminate risks due to security threats, which cannot be tackled through traditional means such as by using antivirus and antivirus softwares. In reality, an Internet user faces risks due to security attacks as well as risks due to non-security related failures (e.g., reliability faults in the form of hardware...

متن کامل

A Novel Cyber-Insurance for Internet Security

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, and botnets. To reduce the probability of risk, an Internet user generally invests in self-defense mechanisms like antivirus and antispam software. However, such software does not completely eliminate risk. Recent works have considered the problem of residual risk elimin...

متن کامل

Cyber-Insurance in Internet Security: A Dig into the Information Asymmetry Problem

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, according to security experts, such software (an...

متن کامل

Cyber-Insurance for Cyber-Security A Solution to the Information Asymmetry Problem

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, according to security experts, such software (an...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010