Change search
ReferencesLink to record
Permanent link

Direct link
Method for insuring IT risks
KTH, Superseded Departments, Computer and Systems Sciences, DSV.
KTH, Superseded Departments, Computer and Systems Sciences, DSV.
2004 (English)Conference paper (Refereed)
Abstract [en]

This paper explains in detail the method behind the insurance database Estimated Maximum information technology Loss (EMitL). The database has been a crucial tool to make it possible to insure IT perils. It helps to insure IT-perils financially in the same professional way as consequences of traditional perils like fire, flood, and robbery are insured, and thereby secures shareholders' investments. EMitL estimates the security awareness in an existing IT-platform. Based on that information, existing security measures can be "priced" as they may reduce the estimated maximum loss figures - and thereby the costs for the insurance. In addition, a more cost-effective decision can be made on additional security measures. Furthermore, the costs for the loss exposure inherent in a business service/product can be estimated in a better way, and thereby be incorporated in the product's price. The IT insurances are based on the traditional industries' classes: Liability, Loss of Property, and Business Interruption. The insurance class Liability is divided into insurance policies for: Business Interruption, Fraud and Embezzlement, Robbery and Theft, Defamation, Infringement of Privacy, and Infringement of code, trademark etc. The insurance policies in the class Loss of Property are: Fraud and Embezzlement, and Robbery and Theft. The database EMitL layers insurance covers, which is a common method in the insurance industry. This means that the insurance policies are layered according to the amount of financial cover they provide. The insurance levels relate and are converted to security levels. These levels are built on the IT security properties Integrity, Availability and Confidentiality, and are utilized differently, depending on the insurance level and the type of insurance policy. The properties and the levels constitute the base of the Security Polices produced by EMitL; they are used for the estimation of security awareness and as terms of insurance.

Place, publisher, year, edition, pages
2004. 2913-2920 p.
, Proceedings of the Hawaii International Conference on System Sciences, ISSN 1060-3425 ; 37
Keyword [en]
Commercial and industrial security, Estimated maximum IT loss, IT insurance method, IT insurance policies, Risk management, Security policies, Database systems, Electronic mail, Industrial insurance, Investments, Security of data, Societies and institutions, Insurance markets, Insurance policies, Information technology
National Category
Computer and Information Science
URN: urn:nbn:se:kth:diva-157725ScopusID: 2-s2.0-12344314042OAI: diva2:771871
Proceedings of the Hawaii International Conference on System Sciences, 5 January 2004 through 8 January 2004, Big Island, HI, United States

QC 20141215

Available from: 2014-12-15 Created: 2014-12-12 Last updated: 2014-12-15Bibliographically approved

Open Access in DiVA

No full text


Search in DiVA

By author/editor
Yngström, Louise
By organisation
Computer and Systems Sciences, DSV
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 10 hits
ReferencesLink to record
Permanent link

Direct link