Economic Analysis: Theory and Practice
 

Insurance mechanisms in information security risk management

Vol. 16, Iss. 2, FEBRUARY 2017

PDF  Article PDF Version

Received: 20 October 2016

Received in revised form: 1 November 2016

Accepted: 25 November 2016

Available online: 27 February 2017

Subject Heading: MATHEMATICAL METHODS AND MODELS

JEL Classification: С02, C61, D81, G22

Pages: 379-388

https://doi.org/10.24891/ea.16.2.379

Borkhalenko V.A. OOO InfoProServis, Moscow, Russian Federation
vadikhide@yandex.ru

Subject The article addresses risks of information security.
Objectives The aim of the study is to consider the treatment of information security risks associated with implementation of DDoS-attacks and the lack of efficient technical means to reduce these risks.
Methods I employ methods of linear programming, the theory of utility and actuarial mathematics to develop a mathematical model of a mutually profitable insurance contract.
Results I consider the basic disadvantages of organizational and technical measures against DDoS-attacks realization and describe the prevalence and profitability of using this type of attacks by attackers and dishonest competitors to violate the business continuity of the organization. The paper explains the need for using economic methods to ensure information security, and offers an insurance model that provides for shifting the risk associated with realization of DDoS-attacks.
Conclusions and Relevance The proposed cyberinsurance method of DDoS-attacks resistance is more efficient as compared to many common hardware available, and can be applied to reduce possible financial losses from information attacks.

Keywords: cyberinsurance, contract theory, DDoS, information security, risk

References:

  1. Gordon L.A., Loeb M.P. The Economics of Information Security Investment. ACM Transactions on Information and System Security, 2002, vol. 5, iss. 4, pp. 438–457.
  2. Gordon L.A., Loeb M.P., Lucyshyn W. Information Security Expenditures and Real Options: A wait-and-see approach. Computer Security Journal, 2003, vol. 19, iss. 2, pp. 1–7.
  3. Задiрака В.К., Олесюк О.С., Смоленюк Р.П., Штаблюк П.I. Фiнансування витрат на захист iнформацiї в економiчнiй дiяльностi. Унiверситетьскi науковi записи, 2006, no. 3-4, pp. 479–490.
  4. Sobakin I.B. [Analyzing the approaches to determination of optimal investment in information security]. Trudy ISA RAN = Proceedings of Institute for Systems Analysis of RAS, 2012, vol. 62, no. 3, pp. 63–68. (In Russ.)
  5. Левченко Є.Г., Демчишин М.В., Рабчун А.О. Математичнi моделi економiчного менеджменту iнформацiйної безпеки. Системнi дослідження та інформацiйнi технології, 2011, no. 4, pp. 88–96.
  6. Левченко Є.Г., Воробовська Г.В. Динамiчне управлiння ресурсами захисту iнформацiї. Захист Iнформацiї, 2011, no. 1, pp. 11–17.
  7. Azhmukhamedov I.M., Khanzhina T.B. [Assessment of the cost-effectiveness of information security measures]. Vestnik Astrakhanskogo GTU. Ser. Ekonomika = Vestnik of Astrakhan State Technical University. Series: Economics, 2011, no. 1, pp. 185–190.
  8. Ivashchenko A.N., Sharko I.A. [The world cyber risk insurance market: Opportunities and obstacles for development in the Republic of Belarus]. Materialy IX Mezhdunarodnoi nauchno-prakticheskoi konferentsii studentov “Natsional'naya ekonomika Respubliki Belarus': problemy i perspektivy razvitiya” [Proc. 9th Int. Sci. Conf. The National Economy of the Republic of Belarus: Problems and Development Prospects]. Minsk, BSEU Publ., 2016, pp. 196–202.
  9. Kosygina N.V., Anpilogova V.S. [Cyber risks and their insurance in the sphere of banking services]. Materialy II Mezhdunarodnoi nauchno-prakticheskoi konferentsii “Aktual'nye voprosy ekonomiki i finansov v usloviyakh sovremennykh vyzovov rossiiskogo i mirovogo khozyaistva” [Proc. 2nd Int. Sci. Conf. Topical Issues of Economy and Finance under Contemporary Challenges of Russian and Global Economy]. Samara, As Gard Publ., 2014, pp. 203–204.
  10. Nebol'sina E.V. [Cyber risks as a global problem of the modern world]. Strakhovoe delo = Insurance Business, 2016, no. 1, pp. 22–28. (In Russ.)
  11. Kesan J.P., Majuca R.P., Yurcik W.J. The Economic Case of Cyberinsurance. Available at: http://law.bepress.com/cgi/viewcontent.cgi?article=1001&context=uiuclwps.
  12. Shetty N., Schwartz G., Felegyhazi M., Walrand J. Competitive Cyber-Insurance and Internet Security. In: Workshop on Economics of Information Security (WEIS). University College London, 2009.
  13. Böhme R., Schwartz G. Modeling Cyber-Insurance: Towards A Unifying Framework. Available at: http://www.econinfosec.org/archive/weis2010/papers/session5/weis2010_boehme.pdf.
  14. Pal R., Golubchik L., Psounis K. A Novel Cyber-Insurance Model. Available at: http://www-bcf.usc.edu/~kpsounis/Papers/aegis.pdf.
  15. Biener C., Eling M., Wirfs J.H. Insurability of Cyber Risk: An Empirical Analysis. Working Papers on Risk Management and Insurance, 2015, no. 151. Available at: http://www.ivw.unisg.ch/~/media/internet/content/dateien/instituteundcenters/ivw/wps/wp151.pdf.
  16. Artamonov N.I. [Management of cyber risks in the risk management system for small and medium-sized businesses]. Strakhovoe pravo = Insurance Law, 2015, no. 4, pp. 53–57. (In Russ.)
  17. Guts A.K., Vakhnii T.V. Teoriya igr i zashchita komp'yuternykh sistem [The games theory and computer systems protection]. Omsk, OmSU Publ., 2013, 160 p.
  18. Segura V., Lahuerta J. Modeling the Economic Incentives of DDoS Attacks: Femtocell Case Study. Available at: http://weis09.infosecon.net/files/113/paper113.pdf.
  19. Burkov V.N., Zalozhnev A.Yu., Kulik O.S., Novikov D.A. Mekhanizmy strakhovaniya v sotsial'no-ekonomicheskikh sistemakh [Insurance arrangements in socio-economic systems]. Moscow, Institute of Control Sciences of RAS Publ., 2001, 109 p.

View all articles of issue

 

ISSN 2311-8725 (Online)
ISSN 2073-039X (Print)

Journal current issue

Vol. 17, Iss. 8
August 2018

Archive