Reducing informational disadvantages to improve cyber risk management
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.loc.gov/MARC21/slim http://www.loc.gov/standards/marcxml/schema/MARC21slim.xsd">
<record>
<leader>00000cab a2200000 4500</leader>
<controlfield tag="001">MAP20180014673</controlfield>
<controlfield tag="003">MAP</controlfield>
<controlfield tag="005">20180525131629.0</controlfield>
<controlfield tag="008">180516e20180402esp|||p |0|||b|spa d</controlfield>
<datafield tag="040" ind1=" " ind2=" ">
<subfield code="a">MAP</subfield>
<subfield code="b">spa</subfield>
<subfield code="d">MAP</subfield>
</datafield>
<datafield tag="084" ind1=" " ind2=" ">
<subfield code="a">7</subfield>
</datafield>
<datafield tag="245" ind1="0" ind2="0">
<subfield code="a">Reducing informational disadvantages to improve cyber risk management</subfield>
<subfield code="c">Sachin Shetty... [et al.]</subfield>
</datafield>
<datafield tag="520" ind1=" " ind2=" ">
<subfield code="a">Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. To address this problem, this paper proposes the Cyber Risk Scoring and Mitigation (CRISM) tool, which estimates cyberattack probabilities by directly monitoring and scoring cyber risk based on assets at risk and continuously updated software vulnerabilities. CRISM also produces risk scores that allow organisations to optimally choose mitigation policies that can potentially reduce insurance premiums</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20080591182</subfield>
<subfield code="a">Gerencia de riesgos</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20160007633</subfield>
<subfield code="a">Ciberriesgos</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20140022700</subfield>
<subfield code="a">Ciberseguridad</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20080590567</subfield>
<subfield code="a">Empresas de seguros</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20140023066</subfield>
<subfield code="a">Ciberataques</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20080603038</subfield>
<subfield code="a">Prevención de riesgos</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20170003779</subfield>
<subfield code="a">Seguro de ciberriesgos</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20080586294</subfield>
<subfield code="a">Mercado de seguros</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20080617141</subfield>
<subfield code="a">Identificación de riesgos</subfield>
</datafield>
<datafield tag="650" ind1=" " ind2="4">
<subfield code="0">MAPA20080603731</subfield>
<subfield code="a">Seguridad informática</subfield>
</datafield>
<datafield tag="700" ind1="1" ind2=" ">
<subfield code="0">MAPA20180007255</subfield>
<subfield code="a">Shetty, Sachin</subfield>
</datafield>
<datafield tag="773" ind1="0" ind2=" ">
<subfield code="w">MAP20077100215</subfield>
<subfield code="t">Geneva papers on risk and insurance : issues and practice</subfield>
<subfield code="d">Geneva : The Geneva Association, 1976-</subfield>
<subfield code="x">1018-5895</subfield>
<subfield code="g">02/04/2018 Volumen 43 Número 2 - abril 2018 , p. 224-238</subfield>
</datafield>
</record>
</collection>