Cyber Insurance as an Incentivefor Internet Security

Managing security risks in the Internet has, so far, mostly involved methods to reduce the risks and the severity of the damages. Those methods (such as firewalls, intrusion detection and prevention, etc) reduce but do not eliminate risk, and the question remains on how to handle the residual risk. In this chapter, we consider the problem of whether buying insurance to protect the Internet and its users from security risks makes sense, and if so, identifying specific benefits of insurance and designing appropriate insurance policies.

[1]  S. Shenker,et al.  Pricing in computer networks: reshaping the research agenda , 1996, CCRV.

[2]  J. Kesan,et al.  The Economic Case for Cyberinsurance , 2004 .

[3]  David Clark,et al.  Tussle in cyberspace: defining tomorrow's internet , 2002, SIGCOMM 2002.

[4]  Lawrence A. Gordon,et al.  Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series) , 2005 .

[5]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[6]  Jeffrey K. MacKie-Mason,et al.  Pricing the Internet , 1995 .

[7]  Hemantha S. B. Herath,et al.  Cyber-Insurance: Copula Pricing Framework and Implication for Risk Management , 2007, WEIS.

[8]  Marc Lelarge,et al.  A local mean field analysis of security investments in networks , 2008, NetEcon '08.

[9]  Douglas A. Barnes Deworming the Internet , 2004 .

[10]  Frank Kelly,et al.  Come the revolution—network dimensioning, service costing and pricing in a packet switched environment , 2004 .

[11]  Ramayya Krishnan,et al.  Software Diversity for Information Security , 2005, WEIS.

[12]  Bruce Schneier,et al.  Insurance and the computer industry , 2001, CACM.

[13]  A.J. Ganesh,et al.  On the Race of Worms, Alerts, and Patches , 2008, IEEE/ACM Transactions on Networking.

[14]  S. Low,et al.  The "robust yet fragile" nature of the Internet. , 2005, Proceedings of the National Academy of Sciences of the United States of America.

[15]  Stuart E. Schechter,et al.  Bootstrapping the Adoption of Internet Security Protocols , 2006, WEIS.

[16]  Rainer Böhme,et al.  Cyber-Insurance Revisited , 2005, WEIS.

[17]  Vern Paxson,et al.  The top speed of flash worms , 2004, WORM '04.

[18]  Luis E. Ortiz,et al.  Algorithms for Interdependent Security Games , 2003, NIPS.

[19]  H. Varian,et al.  The Economics Of Information Technology , 2004 .

[20]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[21]  Stuart E. Schechter,et al.  Quantitatively Differentiating System Security , 2002 .

[22]  Andrew M. Odlyzko Economics, Psychology, and Sociology of Security , 2003, Financial Cryptography.

[23]  I. Ehrlich,et al.  Market Insurance, Self-Insurance, and Self-Protection , 1972, Journal of Political Economy.

[24]  B. Clifford Neuman,et al.  Endorsements, licensing, and insurance for distributed system services , 1994, CCS '94.

[25]  Marc Lelarge,et al.  A New Perspective on Internet Security using Insurance , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[26]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[27]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocols , 2006, SIGMETRICS '06/Performance '06.

[28]  J. Mossin Aspects of Rational Insurance Purchasing , 1968, Journal of Political Economy.

[29]  L. McKnight,et al.  Internet economics , 1997 .

[30]  Jiong Gong,et al.  The Economics of Layered Networks , 1995 .

[31]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocol , 2006, SIGCOMM 2006.

[32]  Vern Paxson,et al.  A Worst-Case Worm , 2004 .

[33]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[34]  ShenkerS.,et al.  Pricing in computer networks , 1996 .

[35]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[36]  C. Gollier The economics of risk and time , 2001 .

[37]  Marc Lelarge,et al.  Network externalities and the deployment of security features and protocols in the internet , 2008, SIGMETRICS '08.

[38]  William Yurcik,et al.  The Evolution of Cyberinsurance , 2006, ArXiv.

[39]  Thomas Mikosch,et al.  Non-Life Insurance Mathematics: An Introduction with Stochastic Processes , 2006 .

[40]  Lawrence A. Gordon,et al.  A framework for using insurance for cyber-risk management , 2003, Commun. ACM.

[41]  William Cheswick,et al.  Firewalls and Internet Security , 1994 .

[42]  Leonard Kleinrock Research areas in computer communication , 1974, CCRV.

[43]  Vishal Misra,et al.  Network Resilience: Exploring Cascading Failures within BGP∗ , 2006 .

[44]  Rainer Böhme,et al.  Models and Measures for Correlation in Cyber-Insurance , 2006, WEIS.

[45]  Juan M. Estévez-Tapiador,et al.  Concepts and Attitudes for Internet Security (A review of Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin). , 2003 .

[46]  David D. Clark,et al.  The design philosophy of the DARPA internet protocols , 1988, SIGCOMM '88.