Risk Management using Cyber-Threat Information Sharing and Cyber-Insurance

2017 ◽  
Author(s):  
Deepak K. Tosh ◽  
Sachin Shetty ◽  
Shamik Sengupta ◽  
Jay P. Kesan ◽  
Charles Kamhoua
Keyword(s):  
Risk Management ◽  
Information Sharing ◽  
Cyber Insurance ◽  
Cyber Threat

scholarly journals Contextualized Filtering for Shared Cyber Threat Information

Sensors ◽  
2021 ◽  
Vol 21 (14) ◽  
pp. 4890
Author(s):  
Athanasios Dimitriadis ◽  
Christos Prassas ◽  
Jose Luis Flores ◽  
Boonserm Kulvatunyou ◽  
Nenad Ivezic ◽  
...  
Keyword(s):  
Information Sharing ◽  
Business Processes ◽  
State Of The Art ◽  
Contextual Information ◽  
Coarse Grained ◽  
Business Information ◽  
Cyber Threat ◽  
Domain Expertise ◽  
Multi Level ◽  
Filtering Approach

Cyber threat information sharing is an imperative process towards achieving collaborative security, but it poses several challenges. One crucial challenge is the plethora of shared threat information. Therefore, there is a need to advance filtering of such information. While the state-of-the-art in filtering relies primarily on keyword- and domain-based searching, these approaches require sizable human involvement and rarely available domain expertise. Recent research revealed the need for harvesting of business information to fill the gap in filtering, albeit it resulted in providing coarse-grained filtering based on the utilization of such information. This paper presents a novel contextualized filtering approach that exploits standardized and multi-level contextual information of business processes. The contextual information describes the conditions under which a given threat information is actionable from an organization perspective. Therefore, it can automate filtering by measuring the equivalence between the context of the shared threat information and the context of the consuming organization. The paper directly contributes to filtering challenge and indirectly to automated customized threat information sharing. Moreover, the paper proposes the architecture of a cyber threat information sharing ecosystem that operates according to the proposed filtering approach and defines the characteristics that are advantageous to filtering approaches. Implementation of the proposed approach can support compliance with the Special Publication 800-150 of the National Institute of Standards and Technology.

Information Sharing and Risk Management

2017 ◽  
pp. 1-33
Author(s):  
Xinbao Liu ◽  
Jun Pei ◽  
Lin Liu ◽  
Hao Cheng ◽  
Mi Zhou ◽  
...  
Keyword(s):  
Risk Management ◽  
Information Sharing

scholarly journals Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem

Computers ◽  
2020 ◽  
Vol 9 (1) ◽  
pp. 18 ◽  
Author(s):  
Konstantinos Rantos ◽  
Arnolnt Spyros ◽  
Alexandros Papanikolaou ◽  
Antonios Kritsas ◽  
Christos Ilioudis ◽  
...  
Keyword(s):  
Information Sharing ◽  
Information Exchange ◽  
Security Analysis ◽  
Corporate Networks ◽  
Layered Model ◽  
Cyber Threats ◽  
Model Based ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
The Right

Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats.

ENTERPRISES APPROACHES TO INFORMATION SHARING IN SUPPLY CHAIN RISK MANAGEMENT

2020 ◽  
Vol 21 (2) ◽  
pp. 137-151
Author(s):  
Marcin Komańda ◽  
Edyta Klosa
Keyword(s):  
Risk Management ◽  
Supply Chain ◽  
Information Sharing ◽  
Organizational Structures ◽  
Complex Nature ◽  
Supply Chain Risk Management ◽  
Supply Chain Risk ◽  
Significant Relationships ◽  
Policy Models ◽  
Interpretative Framework

Complex nature and rapidly changing environment of contemporary supply chains make them highly vulnerable to risk. Key facilator of supply chain risk management is information being shared among partners. Thus the aim of this paper is to highlight supply chain members’ approaches to sharing information supporting risk management. To achieve this goal, assumptions related to information policy models in organizational structures have been adopted, broadening the cognitive perspective of the discussed problem. The article is based on data collected from 197 respondents representing enterprises operating in Poland through a survey conducted with paper self-administered questionnaires (PSAQs). The method used applied a nonrepresentative sampling. The results obtained suggest that among studied companies there are three frequently co-ocuring practices forming eight approaches to risk information sharing in the supply chain. These findings, together with demonstrated significant relationships with control variables, create a unique descriptive and interpretative framework of the discussed issue.

How internal integration, information sharing, and training affect supply chain risk management capabilities

2016 ◽  
Vol 46 (10) ◽  
pp. 953-980 ◽  
Author(s):  
Jason M. Riley ◽  
Richard Klein ◽  
Janis Miller ◽  
V. Sridharan
Keyword(s):  
Risk Management ◽  
Supply Chain ◽  
Information Sharing ◽  
Operational Performance ◽  
Supply Chain Risk Management ◽  
Supply Chain Risk ◽  
Content Type ◽  
Internal Integration ◽  
Supply Chain Risks ◽  
And Training

Purpose The purpose of this paper is to determine if internal integration, information sharing, and training constitute direct antecedents to organizations’ warning and recovery capabilities. Assuming that organizations periodically face various supply chain risks, the authors intend to show that managers can develop these antecedent competencies in ways that bolster their supply chain risk management (SCRM) capabilities. Design/methodology/approach To understand the relationships between the antecedents and SCRM capabilities, the authors used Q-sorts and confirmatory factor analysis to develop new warning and recovery measures. The authors then collected survey data from 231 hospital supply managers and analyzed these records using structural equation modeling. Findings The results indicate that internal integration and training positively affect organizations’ warning and recovery capabilities, in both a direct and indirect manner. The authors also illustrate how managers can leverage their SCRM capabilities to affect operational performance. Research limitations/implications These results suggest that by developing antecedent competencies like internal integration and training, firms may bolster their warning and recovery capabilities, and ultimately operational performance of the organization. Originality/value The findings provide hospital supply organizations and other inventory management teams with a novel approach to managing an evolving array of supply chain risks. Rather than investing in costly risk management techniques, like inventory stocks, organizations can use internal integration and training to improve their SCRM capabilities.

Sign in / Sign up

Export Citation Format

Share Document