Title :
Applicability of Prediction Markets in Information Security Risk Management
Author :
Pandey, Parul ; Snekkenes, Einar Arthur
Author_Institution :
Norwegian Inf. Security Lab., Gjovik Univ. Coll., Gjovik, Norway
Abstract :
Information security practitioners face a challenging task of assessing the information security risks. The lack of complete information about the vulnerabilities in the system leads to the problem of information asymmetry between the security stakeholders. This leads to difficulty in assessing the severity of vulnerabilities and estimation of the impact of an attack. There are at least two approaches to deal with information asymmetry in the information security market, namely market methods and financial instruments. This paper focuses on a relatively novel method: prediction markets, to deal with the information asymmetry problem in information security domain. In this paper, we examine the applicability of prediction markets in forecasting and assessment of information security events. We describe the usefulness of prediction markets in prediction of vulnerabilities, setting values for vulnerabilities and threats, and as a source of aggregating security information for pricing of cyber-financial instruments, such as cyber-insurance.
Keywords :
risk management; security of data; cyber-financial instrument pricing; cyber-insurance; financial instruments; information asymmetry; information security domain; information security event assessment; information security event forecasting; information security risk management; market methods; prediction markets; security stakeholders; Companies; Contracts; Economics; Estimation; Information security; Risk management; Hedge; Information Security; Prediction Markets; Risk Management; Security Economics;
Conference_Titel :
Database and Expert Systems Applications (DEXA), 2014 25th International Workshop on
Conference_Location :
Munich
Print_ISBN :
978-1-4799-5721-7
DOI :
10.1109/DEXA.2014.66
