随着网络黑客、电脑病毒、计算机犯罪严重地威胁着网络信息的安全,网络信息安全问题给用户带来损失的可能性就越大。网络安全保险作为一种新的网络安全风险管理方式得到了学术界和产业界越来越多的关注,成为网络经济时代的一个新亮点。网络安全保险是指投保人因使用互联网络而遭遇网络安全问题,由此造成的损失由保险人负责赔偿的一类保险。由于通常的网络安全防护措施不能完全消除风险,因此网络安全保险是一种转移信息系统安全剩余风险的有效工具。该文对网络安全保险的产生背景进行了介绍,总结自我安全防御投资激励、安全依赖性与风险相关性、信息不对称性和网络安全保险市场重要研究内容,并最后指出网络安全保险的未来发展趋势和挑战。 With hackers, computer viruses and cyber crime seriously threatening information security, users’ loss or damage caused by network security will be more probable. As an emerging risk management mode, cyber-insurance has been drawing more and more attention in both academic and industrial community and becoming an exploration of network economical time. Cyber-insurance is a kind of insurance that a policy-holder pays certain premium to insurance companies in return for compensation when network security breaks out. Because usual protection measures could never eliminate risk, cyber-insurance is an effective tool to transfer the remaining risk of information systems. This paper presents the background of cyber-insurance. The important research areas such as self-defense investment incentive, correlated risk, interdependent security, information asymmetry, as well as the cyber-insurance market are summarized. Finally, the paper discusses possible directions and challenges of cyber-insurance.
网络安全,安全风险,网络安全保险,信息安全投资, Network Security Security Risk Cyber-Insurance Information Security Investment网络安全保险研究现状及展望
纪泉乐,焦倩文. 网络安全保险研究现状及展望Current Status and Prospects in Researches of Cyber-Insurance[J]. 计算机科学与应用, 2019, 09(08): 1473-1482. https://doi.org/10.12677/CSA.2019.98165
参考文献ReferencesVakilinia, I. and Sengupta, S. (2019) A Coalitional Cyber-Insurance Framework for a Common Platform. IEEE Transactions on In-formation Forensics and Security, 14, 1526-1538. <br>https://doi.org/10.1109/TIFS.2018.2881694Kshetri, N. (2018) The Eco-nomics of Cyber-Insurance. IT Professional, 20, 9-14.
<br>https://doi.org/10.1109/MITP.2018.2874210Eling, M. and Wirfs, J. (2019) What Are the Actual Costs of Cyber Risk Events? European Journal of Operational Research, 272, 1109-1119. <br>https://doi.org/10.1016/j.ejor.2018.07.021Iqbal, F., Fung, B.C.M., Debbabi, M., et al. (2019) Wordnet-Based Criminal Networks Mining for Cybercrime Investigation. IEEE Access, 7, 22740-22755. <br>https://doi.org/10.1109/ACCESS.2019.2891694Lelarge, M. and Bolot, J. (2008) Network Externalities and the Deployment of Security Features and Protocols in the Internet. In: Proceedings of the 2008 ACM SIGMETRICS International Con-ference on Measurement and Modeling of Computer Systems, ACM, New York, 37-48. <br>https://doi.org/10.1145/1375457.1375463Bolot, J. and Lelarge, M. (2009) Cyber Insurance as an Incentive for Internet Se-curity. In: Managing Information Risk and the Economics of Security, Springer, Berlin, 269-290. <br>https://doi.org/10.1007/978-0-387-09762-6_13顾建强, 梅姝娥, 仲伟俊. 基于网络安全保险的信息系统安全投资激励机制[J]. 系统工程理论与实践, 2015, 35(4): 1057-1062.Naghizadeh, P. and Liu, M. (2014) Voluntary Participation in Cyber-Insurance Markets. Proceedings of the Workshop on the Economics of Information Security, Pennsylvania, June 2014, 1-11.Pal, R. and Golubchik, L. (2010) Analyzing Self-Defense Investments in the Internet under Cyber-Insurance Coverage. IEEE 30th International Conference on Distributed Computing Systems, Genova, 21-25 June 2010, 339-347.
<br>https://doi.org/10.1109/ICDCS.2010.79Hayel, Y. and Zhu, Q. (2015) Attack-Aware Cyber Insurance for Risk Sharing in Computer Networks. In: Decision and Game Theory for Security, Springer International Publishing, Berlin, Vol. 9406, 22-34.
<br>https://doi.org/10.1007/978-3-319-25594-1_2Laszka, A. and Grossklags, J. (2015) Should Cyber-Insurance Providers In-vest in Software Security? In: Computer Security—ESORICS 2015, Lecture Notes in Computer Science, Springer, Cham, Vol. 9326, 483-502.
<br>https://doi.org/10.1007/978-3-319-24174-6_25Srinidhi, B., Jia, Y. and Tayi, G.K. (2015) Allocation of Resources to Cyber-Security: The Effect of Misalignment of Interest between Managers and Investors. Decision Support Systems, 75, 49-62.
<br>https://doi.org/10.1016/j.dss.2015.04.011Schwartz, G., Shetty, N. and Walrand, J. (2013) Why Cyber-Insurance Contracts Fail to Reflect Cyber-Risks. 51st Annual Allerton Conference on Communication, Control, and Computing, Monticello, 2-4 October 2013, 781-787.
<br>https://doi.org/10.1109/Allerton.2013.6736604Hofmann, A., Von Haefen, O. and Nell, M. (2018) Optimal Insurance Policy Indemnity Schedules with Policyholders’ Limited Liability and Background Risk. Social Science Electronic Publishing, Rochester.
<br>https://doi.org/10.1111/jori.12247Pal, R. and Pan, H. (2013) On Differentiating Cyber-Insurance Contracts a Topological Perspective. IEEE International Symposium on Integrated Network Management, Ghent, 27-31 May 2013, 836-839.Yang, Z. and Lui, J.C.S. (2014) Security Adoption and Influence of Cyber-Insurance Markets in Heterogeneous Networks. Performance Evalu-ation, 74, 1-17. <br>https://doi.org/10.1016/j.peva.2013.10.003Shetty, N., Schwartz, G., Felegyhazi, M., et al. (2010) Competi-tive Cyber-Insurance and Internet Security. 8th Workshop on the Economics of Information Security, Cambridge, 7-8 June 2010, 229-247.
<br>https://doi.org/10.1007/978-1-4419-6967-5_12Yang, Y.X. and Wang, Y.X. (2016) The Optimal Cyber-Insurance Contracts under Moral-Hazard. Chinese High Technology Letters, No. 8-9, 732-738. (In Chinese)Schwartz, G.A. and Sastry, S.S. (2014) Cyber-Insurance Framework for Large Scale Interdependent Networks. International Conference on High Confidence Networked Sys-tems, Berlin, 15-17 April 2014, 145-154.
<br>https://doi.org/10.1145/2566468.2566481Ogut, H., Menon, N. and Raghunathan, S. (2005) Cyber Insurance and IT Secu-rity Investment: Impact of Interdependence Risk. 4th Workshop on the Economics of Information Security, Cambridge, 1-3 June 2005, 1-30.Shim, W. (2012) An Analysis of Information Security Management Strategies in the Presence of Interdependent Security Risk. Asia Pacific Journal of Information Systems, 22, 79-101.Qian, X., Liu, X., Pei, J., et al. (2017) A Game-Theoretic Analy-sis of Information Security Investment for Multiple Firms in a Network. Journal of the Operational Research Society, 68, 1290-1305.
<br>https://doi.org/10.1057/s41274-016-0134-yMarotta, A., Martinelli, F., Nanni, S., et al. (2017) Cyber-Insurance Survey. Computer Science Review, 24, 35-61.
<br>https://doi.org/10.1016/j.cosrev.2017.01.001Hao, Y., Armbruster, D. and Hütt, M.T. (2015) Node Survival in Networks under Correlated Attacks. PLoS ONE, 10, e0125467. <br>https://doi.org/10.1371/journal.pone.0125467