2018 International Workshop on Cyber Insurance and Risk Controls (CIRC)

At the IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA 2018)

June 11-12, 2018, Glasgow, Scotland, UK

 

http://www.c-mric.com/circ

 

Important Dates

All deadlines are GMT.

  • Submission deadline: February 26, 2018 extended to March 15, 2018 (hard deadline)
  • Notification: April 1, 2018

Overview

The International Workshop on Cyber Insurance and Risk Controls (CIRC 2018) is a workshop organised and sponsored by the University of Oxford. It is co-located as part of the CyberSA 2018 conference.

CyberSA 2018 is an IEEE technically co-sponsored (TCS) conference, University of Oxford and Abertay University are the scientific sponsors of the CyberSA 2018 conference.

Scope

Insurance companies are facing new challenges with the increasing demand for policies to cover cyber incidents such as data breaches and business interruption. Traditional risk assessments are no longer enough to understand the business impact of a cyber-attack. Cyber Value-at-Risk (CVaR) models have been proposed to quantify security incidents, but they are still quite limited in understanding the specifics of each company and quantifying the risk for a large number of feasible scenarios. A more holistic approach should be considered, but the lack of data and understanding of risks, makes it a challenging problem. In this workshop we solicit research papers and latest advances in the topic of cyber insurance, as well as case analyses that examine the effectiveness of current security controls.

Topics of interest include, but are not limited to the following:

  • Cyber Insurance
  • Cyber Risk Assessment
  • Cyber Risk Propagation
  • Security Controls and Standards
  • Cybersecurity Metrics and their Measurements
  • Maturity Models and Frameworks
  • Cyber Value-at-Risk (CVaR)
  • Cyber Economics
  • Economics Approaches for Cybersecurity
  • Cyber Harm

TYPE OF SUBMISSIONS/PAPERS

  • Full papers (maximum of 8 pages)
  • Short Papers (maximum of 4 pages)

All paper submissions must be via the Easychair conference management portal. Click here to submit your papers.

Both long (8 pages max., roughly 8,000 words) and short (4 pages max., roughly 4,000 words) paper submissions should be written in English and be submitted electronically via the EasyChair conference portal.

Submission file formats are PDF and Microsoft Word using the IEEE templates that can be found at the corresponding C-MRiC website.

ORGANIZATION

Steering Committee Chairs

  • Arnau Erola – Cyber Security Centre, Department of Computer Science, University of Oxford, Oxford, UK
  • Xavier Bellekens – University of Abertay, Scotland, UK
  • Cyril Onwubiko – Centre for Multidisciplinary Research, Innovation and Collaboration, UK

 

Publicity Chair

  • Jason Nurse – University of Oxford, UK

 

Programme Committee

  • Per Meland – SINTEF, Norway
  • Ulrik Franke – RISE SICS, Sweden
  • Jose Such – King’s College London, UK
  • Antonios Gouglidis – Lancaster University, UK
  • Gaurav Misra – University of New South Wales, Australia
  • Tristan Caulfield – University College London, UK
  • Ioannis Agrafiotis – University of Oxford, UK
  • Ben Shreeve – University of Bristol, UK

 

Accepted Papers

Here’s list of accepted papers for 2018 Cyber Incident and Risk Controls (CIRC) Workshop pending receipt of camera-ready version and workshop registration:

  • Ganbayar Uuganbayar, Artsiom Yautsiukhin and Fabio MartinelliCyber Insurance and Security Interdependence: Friends or Foes?
  • Per Håkon Meland and Fredrik SeehusenWhen to Treat Security Risks with Cyber Insurance
  • Daniel W. Woods and Andrew C. Simpson –  Towards Integrating Insurance Data into Information Security Investment Decision Making
  • Erin Kenneally, Lucien Randazzese and David BalensonCyber Risk Economics Capability Gaps Research Strategy
  • Wes ConnellBuilding a Predictive Pipeline to Rapidly Detect Phishing Domains
  • Brian ContosGrandmothers, Gangsters, Guerrillas and Governments
  • Brian ContosAssumption-based Security Sucks