Skip to main content
SpringerLink
Log in

CyberSure: A Framework for Liability Based Trust

  • Conference paper
  • First Online:
Computer Security (IOSEC 2019, MSTEC 2019, FINSEC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11981))

  • 1086 Accesses

Abstract

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems. Creating such policies will enhance the trustworthiness of cyber systems and provide a sound basis for liability in cases of security and privacy breaches in them. The framework is supported by a platform of tools enabling an integrated risk cyber system security risk analysis, certification and cyber insurance, based on the analysis of objective evidence during the operation of such systems. CyberSure develops its cyber insurance platform by building upon and integrating state of the art tools, methods and techniques. The development of the CyberSure platform is driven by certification, risk analysis and cyber insurance scenarios for cyber system pilots providing cloud and e-health services. Through these, CyberSure addresses the conditions required for offering effective cyber insurance for interoperable service chains cutting across application domains and jurisdictions. CyberSure platform aims to tackle the challenges of offering cyber insurance for interoperable service chains cutting across application domains and jurisdictions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mehari 2010: risk analysis and treatment guide. club de la securite de l’information francias, August 2010. [cm03] C. Copeland J. Moteff, Science John Fischer Resources, and Industry Division

    Google Scholar 

  2. Amutio, M., Candau, J., Mañas, J.: Magerit-version 3, methodology for information systems risk analysis and management, book I-the method. Ministerio de Administraciones Públicas (2014)

    Google Scholar 

  3. Anisetti, M., Ardagna, C.A., Damiani, E.: A certification-based trust model for autonomic cloud computing systems. In: 2014 International Conference on Cloud and Autonomic Computing, pp. 212–219 (September 2014). https://doi.org/10.1109/ICCAC.2014.8

  4. Böhme, R., Schwartz, G., et al.: Modeling cyber-insurance: towards a unifying framework. In: WEIS (2010)

    Google Scholar 

  5. Bolot, J., Lelarge, M.: Cyber insurance as an incentivefor internet security. In: Johnson, M.E. (ed.) Managing Information Risk and the Economics of Security, pp. 269–290. Springer, Boston (2009). https://doi.org/10.1007/978-0-387-09762-6_13

    Chapter  Google Scholar 

  6. Calder, A., Watkins, S.: IT Governance: An International Guide to Data Security and ISO27001/ISO27002. Kogan Page Publishers, London (2012)

    Google Scholar 

  7. Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro: improving the information security risk assessment process. Technical report, Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst (2007)

    Google Scholar 

  8. CyberSure: Deliverable D2.2: CyberSurevalidation framework. http://www.cybersure.eu/m/filer_public/15/e4/15e47988-2b90-4828-ae63-4a4c4c9ccef3/cybersure_-_d22_final.pdf. Accessed 05 July 2019

  9. Enisa: Incentives and barriers of the cyber insurance market in Europe. https://www.enisa.europa.eu/publications/incentives-and-barriers-of-the-cyber-insurance-market-in-europe. Accessed 05 June 2019

  10. Fredriksen, R., Kristiansen, M., Gran, B.A., Stølen, K., Opperud, T.A., Dimitrakos, T.: The CORAS framework for a model-based risk management process. In: Anderson, S., Felici, M., Bologna, S. (eds.) SAFECOMP 2002. LNCS, vol. 2434, pp. 94–105. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45732-1_11

    Chapter  Google Scholar 

  11. Innerhofer-Oberperfler, F., Breu, R.: Potential rating indicators for cyberinsurance: an exploratory qualitative study. In: Moore, T., Pym, D., Ioannidis, C. (eds.) Economics of Information Security and Privacy, pp. 249–278. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-6967-5_13

    Chapter  Google Scholar 

  12. Katopodis, S., Spanoudakis, G., Mahbub, K.: Towards hybrid cloud service certification models. In: 2014 IEEE International Conference on Services Computing, pp. 394–399, June 2014. https://doi.org/10.1109/SCC.2014.59

  13. Kruger, R., Eloff, J.H.P.: A Common Criteria framework for the evaluation of information technology systems security. In: Yngström, L., Carlsen, J. (eds.) Information Security in Research and Business. ITIFIP, pp. 197–209. Springer, Boston (1997). https://doi.org/10.1007/978-0-387-35259-6_16

    Chapter  Google Scholar 

  14. Lagazio, M., Barnard-Wills, D., Rodrigues, R., Wright, D.: Certification schemes for cloud computing. EU Commission report (2014)

    Google Scholar 

  15. Marotta, A., Martinelli, F., Nanni, S., Orlando, A., Yautsiukhin, A.: Cyber-insurance survey. Comput. Sci. Rev. 24, 35–61 (2017). https://doi.org/10.1016/j.cosrev.2017.01.001. http://www.sciencedirect.com/science/article/pii/S1574013716301137

    Article  Google Scholar 

  16. Nikolopoulou, A.: The directive on security of networks and information systems (NIS Directive) from a practical view (2019)

    Google Scholar 

  17. Podolak, G.D.: Insurance for cyber risks: a comprehensive analysis of the evolving exposure, today’s litigation, and tomorrow’s challenges. Quinnipiac L. Rev. 33, 369 (2014)

    Google Scholar 

  18. Romanosky, S., Ablon, L., Kuehn, A., Jones, T.: Content analysis of cyber insurance policies: how do carriers price cyber risk? J. Cybersecur. 5(1) (2019). https://doi.org/10.1093/cybsec/tyz002

  19. Spanoudakis, G., Damiani, E., Mana, A.: Certifying services in cloud: the case for a hybrid, incremental and multi-layer approach. In: 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering, pp. 175–176. IEEE (2012)

    Google Scholar 

Download references

Acknowledgements

This work was supported by the European Commission through the project CONCORDIA Horizon 2020 Research and Innovation program under Grant Agreement No. 830927 and CYBERSURE Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie Grant Agreement No. 734815.

Author information

Authors and Affiliations

  1. Foundation of Research and Technology Hellas, Heraklion, Greece

    George Christou, Eva Papadogiannaki, Michalis Diamantaris & Panos Chatziadam

  2. Network Integration and Solutions, Genoa, Italy

    Livia Torterolo

Authors
  1. George Christou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eva Papadogiannaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michalis Diamantaris
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Livia Torterolo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Panos Chatziadam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to George Christou .

Editor information

Editors and Affiliations

  1. Industrial Systems Institute/Research Center ATHENA, Patras, Greece

    Apostolos P. Fournaris

  2. Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece

    Manos Athanatos

  3. University of Patras, Patras, Greece

    Konstantinos Lampropoulos

  4. Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece

    Sotiris Ioannidis

  5. Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece

    George Hatzivasilis

  6. University of Milan, Milan, Italy

    Ernesto Damiani

  7. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  8. Fondazione Bruno Kessler, Trento, Italy

    Silvio Ranise

  9. University of Genoa, Genoa, Italy

    Luca Verderame

  10. Fondazione Bruno Kessler, Trento, Italy

    Alberto Siena

  11. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Christou, G., Papadogiannaki, E., Diamantaris, M., Torterolo, L., Chatziadam, P. (2020). CyberSure: A Framework for Liability Based Trust. In: Fournaris, A., et al. Computer Security. IOSEC MSTEC FINSEC 2019 2019 2019. Lecture Notes in Computer Science(), vol 11981. Springer, Cham. https://doi.org/10.1007/978-3-030-42051-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42051-2_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42050-5

  • Online ISBN: 978-3-030-42051-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation