Risk management using cyber-threat information sharing and cyber-insurance

Deepak K. Tosh, Sachin Shetty, Shamik Sengupta, Jay P. Kesan, Charles A. Kamhoua

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Critical infrastructure systems spanning from transportation to nuclear operations are vulnerable to cyber attacks. Cyber-insurance and cyber-threat information sharing are two prominent mechanisms to defend cybersecurity issues proactively. However, standardization and realization of these choices have many bottlenecks. In this paper, we discuss the benefits and importance of cybersecurity information sharing and cyber-insurance in the current cyber-warfare situation. We model a standard game theoretic participation model for cybersecurity information exchange (CYBEX) and discuss the applicability of economic tools in addressing important issues related to CYBEX and cyber-insurance. We also pose several open research challenges, which need to be addressed for developing a robust cyber-risk management capability.

Original languageEnglish (US)
Title of host publicationGame Theory for Networks - 7th International EAI Conference, GameNets 2017, Proceedings
EditorsRachid Elazouzi, Xu Chen, Lingjie Duan, Anibal Sanjab, Donatello Materassi, Husheng Li
Number of pages11
ISBN (Print)9783319675398
StatePublished - 2017
Event7th EAI International Conference on Game Theory for Networks, GameNets 2017 - Knoxville, United States
Duration: May 9 2017May 9 2017

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
ISSN (Print)1867-8211


Other7th EAI International Conference on Game Theory for Networks, GameNets 2017
Country/TerritoryUnited States


  • Cyber Security Information Sharing Act (CISA)
  • Cyber-insurance
  • Cyber-threat intelligence
  • Cybersecurity information sharing

ASJC Scopus subject areas

  • Computer Networks and Communications


Dive into the research topics of 'Risk management using cyber-threat information sharing and cyber-insurance'. Together they form a unique fingerprint.

Cite this