Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 31) Show all publications
Franke, U. & Meland, P. H. (2019). Demand side expectations of cyber insurance. In: : . Paper presented at IEEE Cyber Science 2019.
Open this publication in new window or tab >>Demand side expectations of cyber insurance
2019 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Cyber insurance has attracted much attention fromboth practitioners, policymakers and academics in the past fewyears. However, it also faces some challenges before it can reachits full potential as a tool for better cyber risk management. Onesuch challenge is the gap between what customers expect andwhat insurers really offer.

This paper investigates this gap empirically, based on interviewswith informant companies in Norway and Sweden consideringcyber insurance. The expectations expressed in the interviewsare compared to anonymized incident claims reports and claimsstatistics for 2018 from a global insurance intermediary.

The results show no obvious pattern of discrepancies betweendifferent domains. However, informant expectations on businessinterruption coverage are much greater than one would expectfrom its share of claims. In this respect, informant expectationson business interruption coverage are more aligned with somerecently published scenarios on possible major business interruptions.

Keywords
cyber insurance, company expectations, cyber claims data, cyber coverage, threats
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-39899 (URN)
Conference
IEEE Cyber Science 2019
Projects
DRISTIG
Funder
Swedish Civil Contingencies Agency, 2015-6986
Available from: 2019-09-13 Created: 2019-09-13 Last updated: 2019-09-13
Olsson, T. & Franke, U. (2019). Introduction to Service Level Agreements.
Open this publication in new window or tab >>Introduction to Service Level Agreements
2019 (English)Report (Other academic)
Abstract [en]

Modern industrial production environments are rapidly transforming.Concepts such as smart industry and Industry 4.0 encompass many expectations onhow digital technology can improve industrial plants. Some strands are betteralgorithms for robotics, better situational awareness through ubiquitous RFID,fewer production interruptions through smarter predictive maintenance, and moreagile production lines enabling greater customization of products. Many of theseideas depend on reliable access to IT services such computing power and dataavailability. If these falters, the benefits will not materialize. Therefore,it is crucial to study the Service Level Agreements (SLAs) that are used toregulate such services.

Publisher
p. 12
Series
RISE Rapport
Keywords
Service Level Agreements; Cyber-physical systems; PIMM DMA
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-37833 (URN)978-91-88907-49-3 (ISBN)
Available from: 2019-02-28 Created: 2019-02-28 Last updated: 2019-02-28Bibliographically approved
Franke, U. (2019). Towards Increased Transparency in Digital Insurance. ERCIM News (116), 23-24
Open this publication in new window or tab >>Towards Increased Transparency in Digital Insurance
2019 (English)In: ERCIM News, ISSN 0926-4981, E-ISSN 1564-0094, no 116, p. 23-24Article in journal (Refereed) Published
Abstract [en]

Automated decision-making has the potential to increase both productivity and competitiveness as well as compensate for well-known human biases and cognitive flaws [1]. But today’s powerful machine-learning based technical solutions also bring about problems of their own – not least in terms of being uncomfortably black-box like. A new research project at RISE Research Institutes of Sweden, in collaboration with KTH Royal Institute of Technology, has recently been set up to study transparency in the insurance industry, a sector that is poised to undergo technological disruption.

Place, publisher, year, edition, pages
Sophia-Antipolis Cedex, France: , 2019
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-37580 (URN)
Projects
Transparenta algoritmer i försäkringsbranschen (TALFÖR)
Funder
Länsförsäkringar AB, P4/18
Available from: 2019-01-24 Created: 2019-01-24 Last updated: 2019-01-29Bibliographically approved
Franke, U. & Draeger, J. (2019). Two simple models of business interruption accumulation risk in cyber insurance. In: : . Paper presented at IEEE Cyber Science 2019.
Open this publication in new window or tab >>Two simple models of business interruption accumulation risk in cyber insurance
2019 (English)Conference paper, Published paper (Refereed)
Abstract [en]

As modern society becomes ever more dependenton IT services, risk management of cyber incidents becomes more important. Cyber insurance is one tool, among others, for such risk management that has received much attentionin the past few years. One obstacle to well-functioning cyberinsurance, however, is the fact that cyber accumulation risk remains poorly understood, despite efforts from practitioners and scientists.

In this article, we address the accumulation risk of business interruption incidents, an area that has received less attention than the accumulation risk of data breach incidents. Two simple models are introduced: First, a model that takes the insurer’s perspective and explores the impact on aggregated claims cost from incidents that unintentionally propagate between firms. Second, a model that takes the insured’s perspective, considering the impacts of limited incident management capacity and showing that there is sometimes an economic case for collectively funding additional incident managers. The paper is concluded with some reflections on the models and an outlook.

Keywords
cyber insurance, business interruption, accumulation risk
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-39900 (URN)
Conference
IEEE Cyber Science 2019
Projects
DRISTIG
Funder
Swedish Civil Contingencies Agency, 2015-6986
Available from: 2019-09-13 Created: 2019-09-13 Last updated: 2019-09-13
Badampudi, D., Wnuk, K., Wohlin, C., Franke, U., Smite, D. & Cicchetti, A. (2018). A decision-making process-line for selection of software asset origins and components. Journal of Systems and Software, 135(January), 88-104
Open this publication in new window or tab >>A decision-making process-line for selection of software asset origins and components
Show others...
2018 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 135, no January, p. 88-104Article in journal (Refereed) Published
Abstract [en]

Selecting sourcing options for software assets and components is an important process that helps companies to gain and keep their competitive advantage. The sourcing options include: in-house, COTS, open source and outsourcing. The objective of this paper is to further refine, extend and validate a solution presented in our previous work. The refinement includes a set of decision-making activities, which are described in the form of a process-line that can be used by decision-makers to build their specific decision-making process. We conducted five case studies in three companies to validate the coverage of the set of decision-making activities. The solution in our previous work was validated in two cases in the first two companies. In the validation, it was observed that no activity in the proposed set was perceived to be missing, although not all activities were conducted and the activities that were conducted were not executed in a specific order. Therefore, the refinement of the solution into a process-line approach increases the flexibility and hence it is better in capturing the differences in the decision-making processes observed in the case studies. The applicability of the process-line was then validated in three case studies in a third company

Keywords
Component-based software engineering, Decision-making, Case study
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-32986 (URN)10.1016/j.jss.2017.09.033 (DOI)2-s2.0-85032856583 (Scopus ID)
Available from: 2018-01-03 Created: 2018-01-03 Last updated: 2019-01-07Bibliographically approved
Johnson, P., Lagerström, R., Ekstedt, M. & Franke, U. (2018). Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis. IEEE Transactions on Dependable and Secure Computing, 15(6), 1002-1015
Open this publication in new window or tab >>Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis
2018 (English)In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 15, no 6, p. 1002-1015Article in journal (Refereed) Published
Abstract [en]

The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases – NVD, X-Force, OSVDB, CERT-VN, and Cisco – is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases

National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-32990 (URN)10.1109/TDSC.2016.2644614 (DOI)2-s2.0-85056520813 (Scopus ID)
Available from: 2018-01-03 Created: 2018-01-03 Last updated: 2019-01-07Bibliographically approved
Franke, U. & Ciccozzi, F. (2018). Characterization of trade-off preferences between non-functional properties. Information Systems, 74, 86-102
Open this publication in new window or tab >>Characterization of trade-off preferences between non-functional properties
2018 (English)In: Information Systems, ISSN 0306-4379, E-ISSN 1873-6076, Vol. 74, p. 86-102Article in journal (Refereed) Published
Abstract [en]

Efficient design and evolution of complex software intensive systems rely on the ability to make informed decisions as early as possible in the life cycle. Such informed decisions should take both the intended functional and non-functional properties into account. Especially regarding the latter, it is both necessary to be able to predict properties and to prioritize them according to well-defined criteria. In this paper we focus on the latter problem, that is to say how to make trade-offs between non-functional properties of software intensive systems. We provide an approach based on the elicitation of utility functions from stake-holders and subsequent checks for consistency among these functions. The approach is exploitable through an easy-to-use GUI, which is also presented. Moreover, we describe the setup and the outcome of our two-fold validation based on exploratory elicitations with students and practitioners

Keywords
Non-functional properties, Decision-making, Trade-offs, Utility functions
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-32987 (URN)10.1016/j.is.2017.07.004 (DOI)2-s2.0-85029007979 (Scopus ID)
Available from: 2018-01-03 Created: 2018-01-03 Last updated: 2019-01-07Bibliographically approved
Franke, U. (2018). Cyber Insurance Against Electronic Payment Service Outages: A Document Study of Terms and Conditions from Electronic Payment Service Providers and Insurance Companies. In: Sokratis K. Katsikas & Cristina Alcaraz (Ed.), Security and Trust Management: 14th International Workshop, STM 2018, Barcelona, Spain, September 6–7, 2018, Proceedings. Paper presented at 14th International Workshop on Security and Trust Management (STM 2018) (pp. 73-84). Cham, Switzerland: Springer Nature Switzerland AG
Open this publication in new window or tab >>Cyber Insurance Against Electronic Payment Service Outages: A Document Study of Terms and Conditions from Electronic Payment Service Providers and Insurance Companies
2018 (English)In: Security and Trust Management: 14th International Workshop, STM 2018, Barcelona, Spain, September 6–7, 2018, Proceedings / [ed] Sokratis K. Katsikas & Cristina Alcaraz, Cham, Switzerland: Springer Nature Switzerland AG , 2018, p. 73-84Conference paper, Published paper (Refereed)
Abstract [en]

Society is becoming increasingly dependent on IT services. One example is the dependence of retailers on electronic payment services. This article investigates the terms and conditions offered by three electronic payment service providers, finding that they only guarantee best effort availability. As potential mitigation, five cyber insurance policies are studied from the perspective of coverage of electronic payment service outages. It is concluded that cyber insurance does indeed give some protection, but that coverage differs between insurers and between different policy options offered. Thus, a retailer who wishes to purchase cyber insurance should take care to understand what is on offer and actively select appropriate coverage.

Place, publisher, year, edition, pages
Cham, Switzerland: Springer Nature Switzerland AG, 2018
Series
Lecture Notes in Computer Science (LNCS), ISSN 0302-9743, E-ISSN 1611-3349 ; 11091
Keywords
Cyber insurance, Payment systems, Service outages, Document study
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-35232 (URN)10.1007/978-3-030-01141-3_5 (DOI)2-s2.0-85054802767 (Scopus ID)978-3-030-01140-6 (ISBN)978-3-030-01141-3 (ISBN)
Conference
14th International Workshop on Security and Trust Management (STM 2018)
Projects
Driftavbrott i samhällsviktiga IT-tjänster (DRISTIG)
Funder
Swedish Civil Contingencies Agency, 2015-6986
Available from: 2018-10-03 Created: 2018-10-03 Last updated: 2019-01-07Bibliographically approved
Borg, M., Olsson, T., Franke, U. & Assar, S. (2018). Digitalization of Swedish Government Agencies: A Perspective Through the Lens of a Software Development Census. In: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Society. Paper presented at 40th International Conference on Software Engineering: Software Engineering in Society Gothenburg, Sweden — May 27 - June 03, 2018 (pp. 37-46).
Open this publication in new window or tab >>Digitalization of Swedish Government Agencies: A Perspective Through the Lens of a Software Development Census
2018 (English)In: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Society, 2018, p. 37-46Conference paper, Published paper (Refereed)
Abstract [en]

Software engineering is at the core of the digitalization of society. Ill-informed decisions can have major consequences, as made evident in the 2017 government crisis in Sweden, originating in a data breach caused by an outsourcing deal made by the Swedish Transport Agency. Many Government Agencies (GovAgs) in Sweden are rapidly undergoing a digital transition, thus it is important to overview how widespread, and mature, software development is in this part of the public sector. We present a software development census of Swedish GovAgs, complemented by document analysis and a survey. We show that 39.2% of the GovAgs develop software internally, some matching the number of developers in large companies. Our findings suggest that the development largely resembles private sector counterparts, and that established best practices are implemented. Still, we identify improvement potential in the areas of strategic sourcing, openness, collaboration across GovAgs, and quality requirements. The Swedish Government has announced the establishment of a new digitalization agency next year, and our hope is that the software engineering community will contribute its expertise with a clear voice.

Keywords
census, digital government, public sector, software engineering
National Category
Natural Sciences
Identifiers
urn:nbn:se:ri:diva-36443 (URN)10.1145/3183428.3183434 (DOI)2-s2.0-85053889481 (Scopus ID)
Conference
40th International Conference on Software Engineering: Software Engineering in Society Gothenburg, Sweden — May 27 - June 03, 2018
Available from: 2018-11-27 Created: 2018-11-27 Last updated: 2019-01-07Bibliographically approved
Borg, M., Olsson, T., Franke, U. & Assar, S. (2018). Digitalization of Swedish Government Agencies: Detailed Census Description and Analysis.
Open this publication in new window or tab >>Digitalization of Swedish Government Agencies: Detailed Census Description and Analysis
2018 (English)Report (Other academic)
Abstract [en]

Software engineering is at the core of the digitalization of society. Ill-informed decisions can have major consequences, as made evident in the 2017 government crisis in Sweden, originating in a data breach caused by an outsourcing deal made by the Swedish Transport Agency. Many Government Agencies (GovAgs) in Sweden are rapidly undergoing a digital transition, thus it is important to overview how widespread, and mature, software development is in this part of the public sector. We present a software development census of Swedish GovAgs, complemented by document analysis and a survey. We show that 39.2% of the GovAgs develop software internally, some matching the number of developers in large companies. Our findings suggest that the development largely resembles private sector counterparts, and that established best practices are implemented. Still, we identify improvement potential in the areas of strategic sourcing, openness, collaboration across GovAgs, and quality requirements. The Swedish Government has announced the establishment of a new digitalization agency next year, and our hope is that the software engineering community will contribute its expertise with a clear voice.

Publisher
p. 22
Series
SICS Technical Report, ISSN 1100-3154 ; T2018:02
National Category
Information Systems Software Engineering
Identifiers
urn:nbn:se:ri:diva-33214 (URN)
Available from: 2018-02-01 Created: 2018-02-01 Last updated: 2018-08-16Bibliographically approved
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2017-7914

Search in DiVA

Show all publications
v. 2.35.7