References
- Aidan, Jagmeet Singh, Harsh Kumar Verma, and Lalit Kumar Awasthi. 2017. “Comprehensive Survey on Petya Ransomware Attack.” In 2017 International Conference on Next Generation Computing and Information Systems (ICNGCIS), 122–125. IEEE. doi:https://doi.org/10.1109/ICNGCIS.2017.30.
- AIG, Claims Intelligence Series 2016. “Behind the numbers: Key drivers of cyber insurance claims.” https://www.aig.co.uk/content/dam/aig/emea/united-kingdom/documents/Insights/aig-claims-intelligence-cyber.pdf. [Online; accessed 15-May-2020].
- Alberts, Christopher J., Sandra G., Behrens, Richard D. Pethi A, and William R. Wilson. 1999. Operationally critical threat, asset, and vulnerability evaluation (OCTAVE) framework, Version 1.0. Technical Report. CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST.
- Almajali, Sufyan, I. Dhiah el Diehn, Haythem Bany Salameh, Moussa Ayyash, and Hany Elgala. 2019. “A Distributed Multi-Layer MEC-Cloud Architecture for Processing Large Scale IoT-Based Multimedia Applications.” Multimedia Tools and Applications 78 (17): 24617–24638. doi:https://doi.org/10.1007/s11042-018-7049-3.
- Augustinos, T. P., L. Bauer, A. Cappelletti, J. Chaudhery, I. Goddijn, L. Heslault, N. Kalfigkopoulos, et al. 2016. Cyber insurance: recent advances, good practices & challenges.
- Bahşi, Hayretdin, Ulrik Franke, and Even Langfeldt Friberg. 2019. “The Cyber-Insurance Market in Norway.” Information & Computer Security 28 (1): 54–67. doi:https://doi.org/10.1108/ICS-01-2019-0012.
- Bajcsy, Ruzena, Terry Benzel, Matt Bishop, B. Braden, C. Brodley, Sonia Fahmy, Sally Floyd, et al. 2004. “Cyber Defense Technology Networking and Evaluation.” Communications of the ACM 47 (3): 58–61. doi:https://doi.org/10.1145/971617.971646.
- Biener, Christian, Martin Eling, and Jan Hendrik Wirfs. 2015. “Insurability of Cyber Risk: An Empirical Analysis.” The Geneva Papers on Risk and Insurance - Issues and Practice 40 (1): 131–158. doi:https://doi.org/10.1057/gpp.2014.19.
- Bignozzi, Valeria, and Andreas Tsanakas. 2016. “Parameter Uncertainty and Residual Estimation Risk.” Journal of Risk and Insurance 83 (4): 949–978. doi:https://doi.org/10.1111/jori.12075.
- Böhme, Rainer, and Gaurav Kataria. 2006. “Models and Measures for Correlation in Cyber-Insurance.” In WEIS.
- Byres, Eric, and Justin Lowe. 2004. “The Myths and Facts behind Cyber Security Risks for Industrial Control Systems.” In Proceedings of the VDE Kongress, Vol. 116, 213–218.
- Chaudhary, Mukund, and Abhishek Chopra. 2017. CMMI for Development. New York, USA: Springer.
- Collier, Paul M. M., Paul M., Collier, Anthony J. Berry, Andrew Berry, and Gary T. T. Burke. 2006. Risk and Management Accounting: best Practice Guidelines for Enterprise-Wide Internal Control Procedures. Vol. 2. Linacre House, Oxford: Elsevier.
- Colvin, Nathan L., and Timothy C. Dougherty. 2017. “Trends for Potential Insurance Coverage for Losses Arising from a Data Breach.” N. Ky. L. Rev 44: 29–38.
- Dobie, Greg, and Stewart Collins. 2015. A Guide to Cyber Risk–Managing the Impact of Increasing Interconnectivity, 1–28. London: Allianz Global Corporate & Specialty.
- Elnagdy, Sam Adam, Meikang Qiu, and Keke Gai. 2016. “Cyber Incident Classifications Using Ontology-Based Knowledge Representation for Cybersecurity Insurance in Financial Industry.” In 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), 301–306. IEEE. doi:https://doi.org/10.1109/CSCloud.2016.45.
- Cyber Essentials. 2015. “Cyber essentials scheme: Assurance framework.” UK Government.
- Gai, Keke, Meikang Qiu, and Sam Adam Elnagdy. 2016a. “A Novel Secure Big Data Cyber Incident Analytics Framework for Cloud-Based Cybersecurity Insurance.” In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 171–176. IEEE.
- Gai, Keke, Meikang Qiu, and Sam Adam Elnagdy. 2016b. “Security-Aware Information Classifications Using Supervised Learning for Cloud-Based Cyber Risk Management in Financial Big Data.” In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 197–202. IEEE.
- Gordon, Lawrence A., Martin P. Loeb, and Tashfeen Sohail. 2003. “A Framework for Using Insurance for Cyber-Risk Management.” Communications of the ACM 46 (3): 81–85. doi:https://doi.org/10.1145/636772.636774.
- Hand, David J. 1996. “Statistics and the Theory of Measurement.” Journal of the Royal Statistical Society: Series A (Statistics in Society) 159 (3): 445–473. doi:https://doi.org/10.2307/2983326.
- Hofmann, Annette, and Hidajet Ramaj. 2011. “Interdependent Risk Networks: The Threat of Cyber Attack.” International Journal of Management and Decision Making 11 (5/6): 312–323. doi:https://doi.org/10.1504/IJMDM.2011.043406.
- Hubmann, Christina, Heidi Polke-Markmann, Bettina Sattler, Patrik Vanheyde, Allianz Global Corporate. 2017. “Allianz Risk Barometer: Top Business Risks 2017.” https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-Barometer-2017.pdf. [Online: accessed 18-May-2020].
- Jenner, Bryan, Uwe Flick, Ernst von Kardoff, and Ines Steinke. 2004. A Companion to Qualitative Research. London: Sage.
- Kaur, Ratinder, and Maninder Singh. 2014. “A Survey on Zero-Day Polymorphic Worm Detection Techniques.” IEEE Communications Surveys & Tutorials 16 (3): 1520–1549. doi:https://doi.org/10.1109/SURV.2014.022714.00160.
- Kellezi, Deina, Christian Boegelund, and Weizhi Meng. 2019. “Towards Secure Open Banking Architecture: An Evaluation with OWASP.” In International Conference on Network and System Security, 185–198. Springer.
- Klahr, Rebecca. 2017. “Cyber Security Breaches Survey.” PhD diss., University of Portsmouth.
- Krosnick, Jon A., and Leandre R. Fabrigar. 1997. “Designing Rating Scales for Effective Measurement in Surveys.” Survey Measurement and Process Quality 141–164.
- Lu, Linlin, Wei Liang, Laibin Zhang, Hong Zhang, Zhong Lu, and Jinzhi Shan. 2015. “A Comprehensive Risk Evaluation Method for Natural Gas Pipelines by Combining a Risk Matrix with a Bow-Tie Model.” Journal of Natural Gas Science and Engineering 25: 124–133. doi:https://doi.org/10.1016/j.jngse.2015.04.029.
- Lund, Mass Soldal, Bjørnar Solhaug, and Ketil Stølen. 2010. Model-Driven Risk Analysis: The CORAS Approach. Heidelberg: Springer Science & Business Media.
- Ma, Li, Lixin Tao, Yong Zhong, and Keke Gai. 2016. “RuleSN: Research and Application of Social Network Access Control Model.” In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 418–423. IEEE.
- Maillart, Thomas, and Didier Sornette. 2010. “Heavy-Tailed Distribution of Cyber-Risks.” The European Physical Journal B 75 (3): 357–364. doi:https://doi.org/10.1140/epjb/e2010-00120-8.
- Marotta, Angelica, Fabio Martinelli, Stefano Nanni, Albina Orlando, and Artsiom Yautsiukhin. 2017. “Cyber-Insurance Survey.” Computer Science Review 24: 35–61. doi:https://doi.org/10.1016/j.cosrev.2017.01.001.
- McAfee 2018. “Economic Impact of Cybercrime, No Slowing Down.” https://www.mcafee.com/enterprise/enus/solutions/lp/economicscybercrime.html/. [Online; accessed 15-May-2020].
- McAfee, Net Losses. 2014. “Estimating the global cost of cybercrime, economic impact of cybercrime ii.” Center for Strategic and International Studies.
- McKelvie, Stuart J. 1978. “Graphic Rating Scales—How Many Categories?” British Journal of Psychology 69 (2): 185–202. doi:https://doi.org/10.1111/j.2044-8295.1978.tb01647.x.
- Mukhopadhyay, Arunabha, Samir Chatterjee, Debashis Saha, Ambuj Mahanti, and Samir K. Sadhukhan. 2013. “Cyber-Risk Decision Models: To Insure IT or Not?” Decision Support Systems 56: 11–26. doi:https://doi.org/10.1016/j.dss.2013.04.004.
- Mulcahy, Mary Beth, Chris Boylan, Samuella Sigmann, and Ralph Stuart. 2017. “Using Bowtie Methodology to Support Laboratory Hazard Identification, Risk Management, and Incident Analysis.” Journal of Chemical Health and Safety 24 (3): 14–20. doi:https://doi.org/10.1016/j.jchas.2016.10.003.
- Netdiligence 2019. “Cyber claims study report.” https://netdiligence.com/wp-content/uploads/2019/10/2019/_NetD/_Claims/_Study/_Report/_1.0.pdf. [Online; accessed 18-May-2020].
- Nurliyani, Arlin. 2019. “Assessment IT Risk Management at the Computer and Network Laboratory School.” Journal of Informatics and Telecommunication Engineering 3 (1): 115–124. doi:https://doi.org/10.31289/jite.v3i1.2622.
- Öğüt, Hulisi, Srinivasan Raghunathan, and Nirup Menon. 2011. “Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self-Protection.” Risk Analysis: An Official Publication of the Society for Risk Analysis 31 (3): 497–512. doi:https://doi.org/10.1111/j.1539-6924.2010.01478.x.
- Oppenheimer, Priscilla. 2011. Top-Down Network Design. Indianapolis, USA: Cisco Press. ISBN 1: 57069–57870.
- Paulk, Mark. 2002. “Capability maturity model for software.” Encyclopedia of Software Engineering.
- Ponemon Institute 2020. “Cost of Data Breach Study: Global Overview.” https://www.ibm.com/security/data-breach. [Online; accessed 15-May-2020].
- Rabionet, Silvia E. 2011. “How I Learned to Design and Conduct Semi-Structured Interviews: An Ongoing and Continuous Journey.” Qualitative Report 16 (2): 563–566.
- Re, Swiss. 2017. “Cyber: Getting to grips with a complex risk.” Sigma Report.
- Reason, James. 2000. “Human Error: models and Management.” BMJ (Clinical Research ed.) 320 (7237): 768–770. doi:https://doi.org/10.1136/bmj.320.7237.768.
- Romanosky, Sasha, Ablon Lilian, Kuehn Andreas, and Jones Therese. 2017. “Content analysis of cyber insurance policies: How do carriers write policies and price cyber risk?” Available at SSRN 2929137.
- Rossebo, Judith E. Y., Fransen Frank, and Luiijf Eric. 2016. “Including Threat Actor Capability and Motivation in Risk Assessment for Smart GRIDs.” In 2016 Joint Workshop on Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG), 1–7. IEEE.
- Ruan, Keyun. 2017. “Introducing Cybernomics: A Unifying Economic Framework for Measuring Cyber Risk.” Computers & Security 65: 77–89. doi:https://doi.org/10.1016/j.cose.2016.10.009.
- Rubinstein, Ira, and Bilyana Petkova. 2018. “The international impact of the General Data Protection Regulation.” Commentary on the General Data Protection Regulation, Marc Cole & Franziska Boehm, Edward Elgar.
- Schweizerische, S. N. V. 2013. “Information technology-Security techniques-Information security management systems-Requirements.” ISO/IEC International Standards Organization.
- Sharf, Elad. 2016. “Information Exchanges: regulatory Changes to the Cyber-Security Industry after Brexit: Making Security Awareness Training Work.” Computer Fraud & Security 2016 (7): 9–12. doi:https://doi.org/10.1016/S1361-3723(16)30052-5.
- Sheehan, Barry, Finbarr Murphy, Martin Mullins, and Cian Ryan. 2019. “Connected and Autonomous Vehicles: A Cyber-Risk Classification Framework.” Transportation Research Part A: policy and Practice 124: 523–536. doi:https://doi.org/10.1016/j.tra.2018.06.033.
- Svensson, Elisabeth. 2001. “Guidelines to Statistical Evaluation of Data from Rating Scales and Questionnaires.” Journal of Rehabilitation Medicine 33 (1): 47–48. doi:https://doi.org/10.1080/165019701300006542.
- The Institute of Cyber Risk Management 2014. “Cyber Risk - Resources for Practitioners.” https://www.iia.org.uk/media/560694/irm/_cyber/_risk/_for/_practioners.pdf. [Online; accessed 15-May-2020].
- Toregas, Costis, and Nicolas Zahn. 2014. “Insurance for Cyber Attacks: The Issue of Setting Premiums in Context.” George Washington University
- Tungatt, Gareth. 2017. “Cyber Insurance Comes of Age.” Cyber Security: A Peer-Reviewed Journal 1 (3): 251–258.
- Von Solms, Rossouw, and Johan Van Niekerk. 2013. “From Information Security to Cyber Security.” Computers & Security 38: 97–102. doi:https://doi.org/10.1016/j.cose.2013.04.004.
- Wangen, Gaute, Christoffer Hallstensen, and Einar Snekkenes. 2018. “A Framework for Estimating Information Security Risk Assessment Method Completeness.” International Journal of Information Security 17 (6): 681–699. doi:https://doi.org/10.1007/s10207-017-0382-0.
- Whiting, Lisa S. 2008. “Semi-Structured Interviews: guidance for Novice Researchers.” Nursing Standard (Royal College of Nursing (Great Britain): 1987) 22 (23): 35–41. doi:https://doi.org/10.7748/ns2008.02.22.23.35.c6420.
- Zuijderduijn, C. 2000. “Risk management by Shell refinery/chemicals at Pernis, the Netherlands.” In EU Joint Research Centre Conference on Seveso II Safety Cases, Athens.