网络安全保险研究现状及展望
Current Status and Prospects in Researches of Cyber-Insurance
DOI: 10.12677/CSA.2019.98165, PDF,    科研立项经费支持
作者: 纪泉乐*, 焦倩文:硅湖职业技术学院,计算机与软件学院,江苏 昆山
关键词: 网络安全安全风险网络安全保险信息安全投资Network Security Security Risk Cyber-Insurance Information Security Investment
摘要: 随着网络黑客、电脑病毒、计算机犯罪严重地威胁着网络信息的安全,网络信息安全问题给用户带来损失的可能性就越大。网络安全保险作为一种新的网络安全风险管理方式得到了学术界和产业界越来越多的关注,成为网络经济时代的一个新亮点。网络安全保险是指投保人因使用互联网络而遭遇网络安全问题,由此造成的损失由保险人负责赔偿的一类保险。由于通常的网络安全防护措施不能完全消除风险,因此网络安全保险是一种转移信息系统安全剩余风险的有效工具。该文对网络安全保险的产生背景进行了介绍,总结自我安全防御投资激励、安全依赖性与风险相关性、信息不对称性和网络安全保险市场重要研究内容,并最后指出网络安全保险的未来发展趋势和挑战。
Abstract: With hackers, computer viruses and cyber crime seriously threatening information security, users’ loss or damage caused by network security will be more probable. As an emerging risk management mode, cyber-insurance has been drawing more and more attention in both academic and industrial community and becoming an exploration of network economical time. Cyber-insurance is a kind of insurance that a policy-holder pays certain premium to insurance companies in return for compensation when network security breaks out. Because usual protection measures could never eliminate risk, cyber-insurance is an effective tool to transfer the remaining risk of information systems. This paper presents the background of cyber-insurance. The important research areas such as self-defense investment incentive, correlated risk, interdependent security, information asymmetry, as well as the cyber-insurance market are summarized. Finally, the paper discusses possible directions and challenges of cyber-insurance.
文章引用:纪泉乐, 焦倩文. 网络安全保险研究现状及展望[J]. 计算机科学与应用, 2019, 9(8): 1473-1482. https://doi.org/10.12677/CSA.2019.98165

参考文献

[1] Vakilinia, I. and Sengupta, S. (2019) A Coalitional Cyber-Insurance Framework for a Common Platform. IEEE Transactions on In-formation Forensics and Security, 14, 1526-1538. [Google Scholar] [CrossRef
[2] Kshetri, N. (2018) The Eco-nomics of Cyber-Insurance. IT Professional, 20, 9-14. [Google Scholar] [CrossRef
[3] Eling, M. and Wirfs, J. (2019) What Are the Actual Costs of Cyber Risk Events? European Journal of Operational Research, 272, 1109-1119. [Google Scholar] [CrossRef
[4] Iqbal, F., Fung, B.C.M., Debbabi, M., et al. (2019) Wordnet-Based Criminal Networks Mining for Cybercrime Investigation. IEEE Access, 7, 22740-22755. [Google Scholar] [CrossRef
[5] Lelarge, M. and Bolot, J. (2008) Network Externalities and the Deployment of Security Features and Protocols in the Internet. In: Proceedings of the 2008 ACM SIGMETRICS International Con-ference on Measurement and Modeling of Computer Systems, ACM, New York, 37-48. [Google Scholar] [CrossRef
[6] Bolot, J. and Lelarge, M. (2009) Cyber Insurance as an Incentive for Internet Se-curity. In: Managing Information Risk and the Economics of Security, Springer, Berlin, 269-290. [Google Scholar] [CrossRef
[7] 顾建强, 梅姝娥, 仲伟俊. 基于网络安全保险的信息系统安全投资激励机制[J]. 系统工程理论与实践, 2015, 35(4): 1057-1062.
[8] Naghizadeh, P. and Liu, M. (2014) Voluntary Participation in Cyber-Insurance Markets. Proceedings of the Workshop on the Economics of Information Security, Pennsylvania, June 2014, 1-11.
[9] Pal, R. and Golubchik, L. (2010) Analyzing Self-Defense Investments in the Internet under Cyber-Insurance Coverage. IEEE 30th International Conference on Distributed Computing Systems, Genova, 21-25 June 2010, 339-347. [Google Scholar] [CrossRef
[10] Hayel, Y. and Zhu, Q. (2015) Attack-Aware Cyber Insurance for Risk Sharing in Computer Networks. In: Decision and Game Theory for Security, Springer International Publishing, Berlin, Vol. 9406, 22-34. [Google Scholar] [CrossRef
[11] Laszka, A. and Grossklags, J. (2015) Should Cyber-Insurance Providers In-vest in Software Security? In: Computer Security—ESORICS 2015, Lecture Notes in Computer Science, Springer, Cham, Vol. 9326, 483-502. [Google Scholar] [CrossRef
[12] Srinidhi, B., Jia, Y. and Tayi, G.K. (2015) Allocation of Resources to Cyber-Security: The Effect of Misalignment of Interest between Managers and Investors. Decision Support Systems, 75, 49-62. [Google Scholar] [CrossRef
[13] Schwartz, G., Shetty, N. and Walrand, J. (2013) Why Cyber-Insurance Contracts Fail to Reflect Cyber-Risks. 51st Annual Allerton Conference on Communication, Control, and Computing, Monticello, 2-4 October 2013, 781-787. [Google Scholar] [CrossRef
[14] Hofmann, A., Von Haefen, O. and Nell, M. (2018) Optimal Insurance Policy Indemnity Schedules with Policyholders’ Limited Liability and Background Risk. Social Science Electronic Publishing, Rochester. [Google Scholar] [CrossRef
[15] Pal, R. and Pan, H. (2013) On Differentiating Cyber-Insurance Contracts a Topological Perspective. IEEE International Symposium on Integrated Network Management, Ghent, 27-31 May 2013, 836-839.
[16] Yang, Z. and Lui, J.C.S. (2014) Security Adoption and Influence of Cyber-Insurance Markets in Heterogeneous Networks. Performance Evalu-ation, 74, 1-17. [Google Scholar] [CrossRef
[17] Shetty, N., Schwartz, G., Felegyhazi, M., et al. (2010) Competi-tive Cyber-Insurance and Internet Security. 8th Workshop on the Economics of Information Security, Cambridge, 7-8 June 2010, 229-247. [Google Scholar] [CrossRef
[18] Yang, Y.X. and Wang, Y.X. (2016) The Optimal Cyber-Insurance Contracts under Moral-Hazard. Chinese High Technology Letters, No. 8-9, 732-738. (In Chinese)
[19] Schwartz, G.A. and Sastry, S.S. (2014) Cyber-Insurance Framework for Large Scale Interdependent Networks. International Conference on High Confidence Networked Sys-tems, Berlin, 15-17 April 2014, 145-154. [Google Scholar] [CrossRef
[20] Ogut, H., Menon, N. and Raghunathan, S. (2005) Cyber Insurance and IT Secu-rity Investment: Impact of Interdependence Risk. 4th Workshop on the Economics of Information Security, Cambridge, 1-3 June 2005, 1-30.
[21] Shim, W. (2012) An Analysis of Information Security Management Strategies in the Presence of Interdependent Security Risk. Asia Pacific Journal of Information Systems, 22, 79-101.
[22] Qian, X., Liu, X., Pei, J., et al. (2017) A Game-Theoretic Analy-sis of Information Security Investment for Multiple Firms in a Network. Journal of the Operational Research Society, 68, 1290-1305. [Google Scholar] [CrossRef
[23] Marotta, A., Martinelli, F., Nanni, S., et al. (2017) Cyber-Insurance Survey. Computer Science Review, 24, 35-61. [Google Scholar] [CrossRef
[24] Hao, Y., Armbruster, D. and Hütt, M.T. (2015) Node Survival in Networks under Correlated Attacks. PLoS ONE, 10, e0125467. [Google Scholar] [CrossRef] [PubMed]