Security Insurance and Best Practices

Selahattin Kuru, Onur Ihsan Arsun, and Mustafa Yildiz, Isik University, Turkey

Introduction

Insurance and Risk Transfer Basics

Risk Management

Risk Assessment

Moral Hazards

Cybersecurity and Cyberinsurance

Cybersecurity Threats

E-risk Management

Challenges Associated with Assessing Information Security Risks

Cyberinsurance

Legal Principles and Regulations

Gramm-Leach-Bliley Act (GLBA)

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Sarbanes-Oxley Act (SOA) of 2002

U.S. Food and Drug Administration (FDA) 21 CFR11

Federal Information Security Management Act (FISMA)

Coverage Types

Conventional Coverage Types Applicable to Cybersecurity

Coverage Types Specific to Cybersecurity

A Typical Policy

Hypothetical Case

Coverage of Hypothetical Case

Best Practices

Information Technology Infrastructure Library (ITIL)

Control Objectives for Information and Related Technology (COBiT)

ISO 17799/BS 7799

Common Criteria (CC)

Visa Cardholder Information Security Program (CISP)

Glossary

Cross References

References

INTRODUCTION

Insurance is a common tool for risk transfer. Individuals and organizations use this tool to transfer the risk of potential losses to another party, namely an insurance company. However, individuals and organizations have different motivations for purchasing insurance. In one classic example, a ship owner insures a ship and receives payment if the ship is damaged or destroyed. This example is one of the earliest uses of ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.