A scalable approach to joint cyber insurance and Security-as-a-Service provisioning in cloud computing
As computing services are increasingly cloud-based, corporations are investing in cloud-based security measures. The Security-as-a-Service (SECaaS) paradigm allows customers to outsource security to the cloud, through the payment of a subscription fee. However, no security system is bulletproof, and...
Saved in:
| Main Authors: | , , , , |
|---|---|
| 格式: | text |
| 語言: | English |
| 出版: |
Institutional Knowledge at Singapore Management University
2019
|
| 主題: | |
| 在線閱讀: | https://ink.library.smu.edu.sg/sis_research/7167 https://ink.library.smu.edu.sg/context/sis_research/article/8170/viewcontent/ScalableApproachJointCyberInsurance_av.pdf |
| 標簽: |
添加標簽
沒有標簽, 成為第一個標記此記錄!
|
| 總結: | As computing services are increasingly cloud-based, corporations are investing in cloud-based security measures. The Security-as-a-Service (SECaaS) paradigm allows customers to outsource security to the cloud, through the payment of a subscription fee. However, no security system is bulletproof, and even one successful attack can result in the loss of data and revenue worth millions of dollars. To guard against this eventuality, customers may also purchase cyber insurance to receive recompense in the case of loss. To achieve cost effectiveness, it is necessary to balance provisioning of security and insurance, even when future costs and risks are uncertain. To this end, we introduce a stochastic optimization model to optimally provision security and insurance services in the cloud. Since the model we design is a mixed integer problem, we also introduce a partial Lagrange multiplier algorithm that takes advantage of the total unimodularity property to find the solution in polynomial time. We also apply sensitivity analysis to find the exact tolerance of decision variables to parameter changes. We show the effectiveness of these techniques using numerical results based on real attack data to demonstrate a realistic testing environment, and find that security and insurance are interdependent. |
|---|