Reducing informational disadvantages to improve cyber risk management
<?xml version="1.0" encoding="UTF-8"?><modsCollection xmlns="http://www.loc.gov/mods/v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.loc.gov/mods/v3 http://www.loc.gov/standards/mods/v3/mods-3-8.xsd">
<mods version="3.8">
<titleInfo>
<title>Reducing informational disadvantages to improve cyber risk management</title>
</titleInfo>
<name type="personal" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20180007255">
<namePart>Shetty, Sachin</namePart>
<nameIdentifier>MAPA20180007255</nameIdentifier>
</name>
<typeOfResource>text</typeOfResource>
<genre authority="marcgt">periodical</genre>
<originInfo>
<place>
<placeTerm type="code" authority="marccountry">esp</placeTerm>
</place>
<dateIssued encoding="marc">2018</dateIssued>
<issuance>serial</issuance>
</originInfo>
<language>
<languageTerm type="code" authority="iso639-2b">spa</languageTerm>
</language>
<physicalDescription>
<form authority="marcform">print</form>
</physicalDescription>
<abstract displayLabel="Summary">Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. To address this problem, this paper proposes the Cyber Risk Scoring and Mitigation (CRISM) tool, which estimates cyberattack probabilities by directly monitoring and scoring cyber risk based on assets at risk and continuously updated software vulnerabilities. CRISM also produces risk scores that allow organisations to optimally choose mitigation policies that can potentially reduce insurance premiums</abstract>
<note type="statement of responsibility">Sachin Shetty... [et al.]</note>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080591182">
<topic>Gerencia de riesgos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20160007633">
<topic>Ciberriesgos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20140022700">
<topic>Ciberseguridad</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080590567">
<topic>Empresas de seguros</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20140023066">
<topic>Ciberataques</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080603038">
<topic>Prevención de riesgos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20170003779">
<topic>Seguro de ciberriesgos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080586294">
<topic>Mercado de seguros</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080617141">
<topic>Identificación de riesgos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080603731">
<topic>Seguridad informática</topic>
</subject>
<classification authority="">7</classification>
<relatedItem type="host">
<titleInfo>
<title>Geneva papers on risk and insurance : issues and practice</title>
</titleInfo>
<originInfo>
<publisher>Geneva : The Geneva Association, 1976-</publisher>
</originInfo>
<identifier type="issn">1018-5895</identifier>
<identifier type="local">MAP20077100215</identifier>
<part>
<text>02/04/2018 Volumen 43 Número 2 - abril 2018 , p. 224-238</text>
</part>
</relatedItem>
<recordInfo>
<recordContentSource authority="marcorg">MAP</recordContentSource>
<recordCreationDate encoding="marc">180516</recordCreationDate>
<recordChangeDate encoding="iso8601">20180525131629.0</recordChangeDate>
<recordIdentifier source="MAP">MAP20180014673</recordIdentifier>
<languageOfCataloging>
<languageTerm type="code" authority="iso639-2b">spa</languageTerm>
</languageOfCataloging>
</recordInfo>
</mods>
</modsCollection>