INSTRUMENT DESIGN FOR CYBER RISK ASSESSMENT IN INSURABILITY VERIFICATION

Cyber risk assessment for insurability verification has been paid a lot of research interest as cyber insurance represents a new dynamic segment of market with considerable growth potential for insurers. As customer’s practices and processes consistently lead to the final overall result, customer's behaviour has to be described in detail. The aim of the present paper is to design an instrument (questionnaire) for customer’s cyber risk assessment in insurability verification. The method for building an instrument (questionnaire) is empirical research. Empirical research is based on use of empirical evidence. A questionnaire with 11 questions is proposed.

Download Full-text

Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance

Information Systems Frontiers ◽

10.1007/s10796-017-9808-5 ◽

2017 ◽

Vol 21 (5) ◽

pp. 997-1018 ◽

Cited By ~ 6

Author(s):

Arunabha Mukhopadhyay ◽

Samir Chatterjee ◽

Kallol K. Bagchi ◽

Peteer J. Kirs ◽

Girja K. Shukla

Keyword(s):

Risk Assessment ◽

Cyber Insurance ◽

Probit Models ◽

Logit And Probit Models ◽

Cyber Risk

Download Full-text

Controlled Environments For Cyber Risk Assessment Of Cyber-Physical Systems

Summer Computer Simulation Conference (SCSC) ◽

10.22360/summersim.2017.scsc.003 ◽

2017 ◽

Keyword(s):

Risk Assessment ◽

Cyber Physical Systems ◽

Physical Systems ◽

Controlled Environments ◽

Cyber Risk

Download Full-text

An Analysis of Cross-Sectional Differences in Big and Non-Big Public Accounting Firms' Audit Programs

Auditing A Journal of Practice & Theory ◽

10.2308/aud.2006.25.1.27 ◽

2006 ◽

Vol 25 (1) ◽

pp. 27-48 ◽

Cited By ~ 70

Author(s):

Hans Blokdijk ◽

Fred Drieenhuizen ◽

Dan A. Simunic ◽

Michael T. Stein

Keyword(s):

Risk Assessment ◽

Empirical Evidence ◽

Audit Quality ◽

Audit Fees ◽

Public Accounting ◽

Accounting Firms ◽

Big 5 ◽

Public Accounting Firms ◽

Audit Approach ◽

Control Risk

A significant body of prior research has shown that audits by the Big 5 (now Big 4) public accounting firms are quality differentiated relative to non-Big 5 audits. This result can be derived analytically by assuming that Big 5 and non-Big 5 firms face different loss functions for “audit failures” and is consistent with a variety of empirical evidence from studies of audit fees, auditor changes, and the stock price reaction to audited earnings. However, there is no existing evidence (of which we are aware) concerning the underlying production differences between Big 5 and non-Big 5 audits. As a result, existing empirical evidence cannot distinguish between the possibility that Big 5 audits are simply perceived to be different (e.g., by investors) or actually differ in how they are produced. Our research objective is to identify the production characteristics of audit engagements that may explain the differences in expected audit quality between Big 5 and non-Big 5 firms. In this archival study, we examine the total audit effort and the allocation of effort to four audit phases—planning, (control) risk assessment, substantive testing, and completion—for a cross-section sample of 113 audits of Dutch companies in 1998/99 by 14 public accounting firms. We find that, after controlling for client characteristics: (1) both types of auditors exert about the same amount of total audit effort; (2) Big 5 auditors allocate relatively more effort to planning and (control) risk assessment, and relatively less to substantive testing and completion; and (3) client size, use of the business-risk-based audit approach, and reliance on client internal controls affect audit hours differently for the two auditor types. We conclude that the Big 5 firms actually produce a higher audit quality level, and that this quality difference is related to how audit hours are deployed in a more contextual and less procedural audit approach.

Download Full-text

Armchair Arguments

10.1093/oso/9780190873363.003.0002 ◽

2018 ◽

Author(s):

Hugh Lafollette

Keyword(s):

Empirical Evidence ◽

Empirical Research ◽

Burden Of Proof ◽

Gun Control ◽

Know How

Valuable armchair arguments are shaped by significant reservoirs of knowledge, albeit knowledge that lies in their background, rather than the foreground. So understood armchair arguments are essential to any serious investigation of the issue of gun control. They help establish the burden of proof: they show what it is reasonable to believe if the rights-based arguments and the empirical evidence are less than compelling. They inform the arguments about the serious right to bear arms. They are essential in seeking and evaluating empirical evidence: they enable researchers to know how to structure empirical research and how to interpret their findings.

Download Full-text

Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things

The Review of Socionetwork Strategies ◽

10.1007/s12626-021-00086-5 ◽

2021 ◽

Author(s):

Petar Radanliev ◽

David De Roure ◽

Pete Burnap ◽

Omar Santos

Keyword(s):

Risk Assessment ◽

Internet Of Things ◽

Empirical Analysis ◽

Quantitative Risk Assessment ◽

The Internet ◽

Self Assessment ◽

Target State ◽

Epistemological Analysis ◽

Cyber Risk ◽

The Internet Of Things

AbstractThe Internet-of-Things (IoT) triggers data protection questions and new types of cyber risks. Cyber risk regulations for the IoT, however, are still in their infancy. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. At present, there are no self-assessment methods for quantifying IoT cyber risk posture. It is considered that IoT represent a complex system with too many uncontrollable risk states for quantitative risk assessment. To enable quantitative risk assessment of uncontrollable risk states in complex and coupled IoT systems, a new epistemological equation is designed and tested though comparative and empirical analysis. The comparative analysis is conducted on national digital strategies, followed by an empirical analysis of cyber risk assessment approaches. The results from the analysis present the current and a target state for IoT systems, followed by a transformation roadmap, describing how IoT systems can achieve the target state with a new epistemological analysis model. The new epistemological analysis approach enables the assessment of uncontrollable risk states in complex IoT systems—which begin to resemble artificial intelligence—and can be used for a quantitative self-assessment of IoT cyber risk posture.

Download Full-text

Qualitative Risk Assessment of Cybersecurity and Development of Vulnerability Enhancement Plans in Consideration of Digitalized Ship

Journal of Marine Science and Engineering ◽

10.3390/jmse9060565 ◽

2021 ◽

Vol 9 (6) ◽

pp. 565

Author(s):

Yunja Yoo ◽

Han-Seon Park

Keyword(s):

Risk Assessment ◽

Safety Management ◽

International Standards ◽

Security Risk ◽

Analytic Hierarchy ◽

Improvement Plan ◽

Qualitative Risk Assessment ◽

Cyber Risk ◽

Hierarchy Process ◽

Ship Safety

The International Maritime Organization (IMO) published the Guidelines on Maritime Cyber Risk Management in 2017 to strengthen cybersecurity in consideration of digitalized ships. As part of these guidelines, the IMO recommends that each flag state should integrate and manage matters regarding cyber risk in the ship safety management system (SMS) according to the International Safety Management Code (ISM Code) before the first annual verification that takes place on or after 1 January 2021. The purpose of this paper is to identify cybersecurity risk components in the maritime sector that should be managed by the SMS in 2021 and to derive priorities for vulnerability improvement plans through itemized risk assessment. To this end, qualitative risk assessment (RA) was carried out for administrative, technical, and physical security risk components based on industry and international standards, which were additionally presented in the IMO guidelines. Based on the risk matrix from the RA analysis results, a survey on improving cybersecurity vulnerabilities in the maritime sector was conducted, and the analytic hierarchy process was used to analyze the results and derive improvement plan priority measures.

Download Full-text

Small-Scale Deliberation and Mass Democracy: A Systematic Review of the Spillover Effects of Deliberative Minipublics

Political Studies ◽

10.1177/00323217211007278 ◽

2021 ◽

pp. 003232172110072

Author(s):

Ramon van der Does ◽

Vincent Jacquet

Keyword(s):

Systematic Review ◽

Empirical Evidence ◽

Empirical Research ◽

Spillover Effects ◽

Future Research ◽

Small Scale ◽

Long Term Effects ◽

Current Crisis ◽

Mass Democracy

Deliberative minipublics are popular tools to address the current crisis in democracy. However, it remains ambiguous to what degree these small-scale forums matter for mass democracy. In this study, we ask the question to what extent minipublics have “spillover effects” on lay citizens—that is, long-term effects on participating citizens and effects on non-participating citizens. We answer this question by means of a systematic review of the empirical research on minipublics’ spillover effects published before 2019. We identify 60 eligible studies published between 1999 and 2018 and provide a synthesis of the empirical results. We show that the evidence for most spillover effects remains tentative because the relevant body of empirical evidence is still small. Based on the review, we discuss the implications for democratic theory and outline several trajectories for future research.

Download Full-text