Security Economics

SECONDO: A Platform for Cybersecurity Investments and Cyber Insurance Decisions

This paper represents the SECONDO framework to assist organizations with decisions related to cybersecurity investments and cyber-insurance. The platform supports cybersecurity and cyber-insurance decisions by implementing and integrating a number of …

MERIT: A fraMEwoRk to Model and IncenTivise Cyber Security Investment Decisions

The MERIT addresses the challenge of how to take better cyber security investment decisions. It aims at minimising cyber security risks by optimally investing its budget for cyber controls. In a multi-disciplinary approach, it utilises both economics and cybersecurity engineering insights to significantly extend the state-of-the-art in decision support for cybersecurity spending.

Post-Incident Audits on Cyber Insurance Discounts

We introduce a game-theoretic model to investigate the strategic interaction between a cyber insurance policyholder whose premium depends on her self-reported security level and an insurer with the power to audit the security level upon receiving an …

SECONDO: a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era

SECONDO addresses the question “How can decisions about cyber security investments and cyber insurance pricing be optimised?” SECONDO will support professionals who seek cyber security investments, developed to support human decision making, and a complete well-founded security strategy.

Cyber-Insurance as a Signaling Game: Self-Reporting and External Security Audits

An insurer has to know the risks faced by a potential client to accurately determine an insurance premium offer. However, while the potential client might have a good understanding of its own security practices, it may also have an incentive not to …

Games and Abstraction: The Science of Cyber Security

This proposal addresses the challenge “How do we make better security decisions?”. Specifically we propose to develop new approaches to decision support based on mathematical game theory. Our work will support professionals who are designing secure systems and also those charged with determining if systems have an appropriate level of security – in particular, systems administrators.