{"id":"https://openalex.org/W2734999728","doi":"https://doi.org/10.1186/s13174-017-0059-y","title":"Mapping the coverage of security controls in cyber insurance proposal forms","display_name":"Mapping the coverage of security controls in cyber insurance proposal forms","publication_year":2017,"publication_date":"2017-07-14","ids":{"openalex":"https://openalex.org/W2734999728","doi":"https://doi.org/10.1186/s13174-017-0059-y","mag":"2734999728"},"language":"en","primary_location":{"id":"doi:10.1186/s13174-017-0059-y","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13174-017-0059-y","pdf_url":"https://jisajournal.springeropen.com/track/pdf/10.1186/s13174-017-0059-y","source":{"id":"https://openalex.org/S1250476","display_name":"Journal of Internet Services and Applications","issn_l":"1867-4828","issn":["1867-4828","1869-0238"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Internet Services and Applications","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://jisajournal.springeropen.com/track/pdf/10.1186/s13174-017-0059-y","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080051176","display_name":"Daniel Woods","orcid":"https://orcid.org/0000-0002-8569-1917"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Daniel Woods","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, UK","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061046049","display_name":"Ioannis Agrafiotis","orcid":null},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Ioannis Agrafiotis","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, UK","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075453550","display_name":"Jason R. C. Nurse","orcid":"https://orcid.org/0000-0003-4118-1680"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Jason R. C. Nurse","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, UK"],"raw_orcid":"https://orcid.org/0000-0003-4118-1680","affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, UK","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5004437304","display_name":"Sadie Creese","orcid":"https://orcid.org/0000-0002-2414-9657"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sadie Creese","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, UK","institution_ids":["https://openalex.org/I40120149"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5080051176"],"corresponding_institution_ids":["https://openalex.org/I40120149"],"apc_list":null,"apc_paid":null,"fwci":12.6559,"has_fulltext":true,"cited_by_count":53,"citation_normalized_percentile":{"value":0.98563991,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"8","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.6881250739097595},{"id":"https://openalex.org/keywords/incentive","display_name":"Incentive","score":0.5987205505371094},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5978550910949707},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.5972459316253662},{"id":"https://openalex.org/keywords/best-practice","display_name":"Best practice","score":0.5789836645126343},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5478439331054688},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5308713912963867},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.5208775997161865},{"id":"https://openalex.org/keywords/information-security-management-system","display_name":"Information security management system","score":0.5148895978927612},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.49938297271728516},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.49374398589134216},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.45512861013412476},{"id":"https://openalex.org/keywords/actuarial-science","display_name":"Actuarial science","score":0.4500097930431366},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.4245827794075012},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3769657611846924},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.33110135793685913},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2747972309589386},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2578585147857666},{"id":"https://openalex.org/keywords/economics","display_name":"Economics","score":0.1808163821697235},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.14872205257415771},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.10150134563446045},{"id":"https://openalex.org/keywords/management","display_name":"Management","score":0.07963022589683533},{"id":"https://openalex.org/keywords/microeconomics","display_name":"Microeconomics","score":0.07953542470932007}],"concepts":[{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.6881250739097595},{"id":"https://openalex.org/C29122968","wikidata":"https://www.wikidata.org/wiki/Q1414816","display_name":"Incentive","level":2,"score":0.5987205505371094},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5978550910949707},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.5972459316253662},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.5789836645126343},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5478439331054688},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5308713912963867},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.5208775997161865},{"id":"https://openalex.org/C111153917","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management system","level":5,"score":0.5148895978927612},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.49938297271728516},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.49374398589134216},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.45512861013412476},{"id":"https://openalex.org/C162118730","wikidata":"https://www.wikidata.org/wiki/Q1128453","display_name":"Actuarial science","level":1,"score":0.4500097930431366},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4245827794075012},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3769657611846924},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.33110135793685913},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2747972309589386},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2578585147857666},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.1808163821697235},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.14872205257415771},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.10150134563446045},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.07963022589683533},{"id":"https://openalex.org/C175444787","wikidata":"https://www.wikidata.org/wiki/Q39072","display_name":"Microeconomics","level":1,"score":0.07953542470932007},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.1186/s13174-017-0059-y","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13174-017-0059-y","pdf_url":"https://jisajournal.springeropen.com/track/pdf/10.1186/s13174-017-0059-y","source":{"id":"https://openalex.org/S1250476","display_name":"Journal of Internet Services and Applications","issn_l":"1867-4828","issn":["1867-4828","1869-0238"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Internet Services and Applications","raw_type":"journal-article"},{"id":"pmh:oai:kar.kent.ac.uk:67473","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13174-017-0059-y>)","pdf_url":"https://kar.kent.ac.uk/67473/1/jisa-cyber-insurance-2017.pdf","source":{"id":"https://openalex.org/S4377196264","display_name":"Kent Academic Repository (University of Kent)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I20581793","host_organization_name":"University of Kent","host_organization_lineage":["https://openalex.org/I20581793"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"},{"id":"pmh:oai:pure.ed.ac.uk:openaire/668f8d0b-e58a-4cc9-a972-d8b8faa2b3a4","is_oa":true,"landing_page_url":"https://www.research.ed.ac.uk/en/publications/668f8d0b-e58a-4cc9-a972-d8b8faa2b3a4","pdf_url":"https://www.research.ed.ac.uk/files/258264082/Mapping_the_Coverage_WOODS_DOA26062017_VOR_CC_BY.pdf","source":{"id":"https://openalex.org/S4306400321","display_name":"Edinburgh Research Explorer (University of Edinburgh)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I98677209","host_organization_name":"University of Edinburgh","host_organization_lineage":["https://openalex.org/I98677209"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Woods, D W, Agrafiotis, I, Nurse, J R C & Creese, S 2017, 'Mapping the coverage of security controls in cyber insurance proposal forms', Journal of Internet Services and Applications, vol. 8, no. 1, 8. https://doi.org/10.1186/s13174-017-0059-y","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:doaj.org/article:f82ca435855c4d3e9148af3f2f502617","is_oa":true,"landing_page_url":"https://doaj.org/article/f82ca435855c4d3e9148af3f2f502617","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Internet Services and Applications, Vol 8, Iss 1, Pp 1-13 (2017)","raw_type":"article"},{"id":"pmh:oai:ora.ox.ac.uk:uuid:db40f025-40f1-4e32-83fb-f1fdaff84465","is_oa":true,"landing_page_url":"https://ora.ox.ac.uk/objects/uuid:db40f025-40f1-4e32-83fb-f1fdaff84465","pdf_url":null,"source":{"id":"https://openalex.org/S4306402636","display_name":"Oxford University Research Archive (ORA) (University of Oxford)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I40120149","host_organization_name":"University of Oxford","host_organization_lineage":["https://openalex.org/I40120149"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Journal article"}],"best_oa_location":{"id":"doi:10.1186/s13174-017-0059-y","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13174-017-0059-y","pdf_url":"https://jisajournal.springeropen.com/track/pdf/10.1186/s13174-017-0059-y","source":{"id":"https://openalex.org/S1250476","display_name":"Journal of Internet Services and Applications","issn_l":"1867-4828","issn":["1867-4828","1869-0238"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Internet Services and Applications","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2734999728.pdf","grobid_xml":"https://content.openalex.org/works/W2734999728.grobid-xml"},"referenced_works_count":34,"referenced_works":["https://openalex.org/W18112494","https://openalex.org/W106782957","https://openalex.org/W1483280370","https://openalex.org/W1502456417","https://openalex.org/W1516366611","https://openalex.org/W1582553641","https://openalex.org/W1592551091","https://openalex.org/W1717631362","https://openalex.org/W1888970046","https://openalex.org/W1985240760","https://openalex.org/W1986724908","https://openalex.org/W2000891179","https://openalex.org/W2014154613","https://openalex.org/W2029598260","https://openalex.org/W2034759609","https://openalex.org/W2045974281","https://openalex.org/W2063236501","https://openalex.org/W2067404301","https://openalex.org/W2080818587","https://openalex.org/W2082027558","https://openalex.org/W2099263883","https://openalex.org/W2126949246","https://openalex.org/W2144173251","https://openalex.org/W2145651614","https://openalex.org/W2156983464","https://openalex.org/W2181344987","https://openalex.org/W2285943860","https://openalex.org/W2402859497","https://openalex.org/W2406157377","https://openalex.org/W2563485765","https://openalex.org/W2590695271","https://openalex.org/W3124915527","https://openalex.org/W4236841844","https://openalex.org/W6637509572"],"related_works":["https://openalex.org/W40842196","https://openalex.org/W2003676537","https://openalex.org/W2584162156","https://openalex.org/W2483557577","https://openalex.org/W2000891179","https://openalex.org/W2126017555","https://openalex.org/W1982946593","https://openalex.org/W2244884801","https://openalex.org/W2066297175","https://openalex.org/W1988974780"],"abstract_inverted_index":{"Policy":[0],"discussions":[1],"often":[2],"assume":[3],"that":[4,22,146,168,188],"wider":[5],"adoption":[6],"of":[7,87,159,166,205],"cyber":[8,31,135,211],"insurance":[9,136,148,195],"will":[10,150],"promote":[11,151],"information":[12,180,198,206],"security":[13,72,88,152,181,199,207],"best":[14,118,153,200],"practice.":[15,119,154],"However,":[16],"this":[17,52,192],"depends":[18],"on":[19],"the":[20,64,67,77,85,92,97,104,130,144,147,157,164,178,186,203],"process":[21,35],"applicants":[23],"need":[24],"to":[25,28,40,69,82,96,116,132,173,191],"go":[26],"through":[27],"apply":[29],"for":[30],"insurance.":[32,212],"A":[33],"typical":[34],"would":[36],"require":[37],"an":[38],"applicant":[39],"fill":[41],"out":[42],"a":[43,48,123],"proposal":[44,57,137,169],"form,":[45],"which":[46,71],"is":[47,81],"self-assessed":[49],"questionnaire.":[50],"In":[51],"paper,":[53],"we":[54,128,162,184],"examine":[55],"24":[56],"forms,":[58],"offered":[59],"by":[60],"insurers":[61],"based":[62],"in":[63,76,91,100,175,209],"UK":[65],"and":[66,103,197],"US,":[68],"determine":[70],"controls":[73,89,98,167],"are":[74,113,129],"present":[75],"forms.":[78,138],"Our":[79,139],"aim":[80],"establish":[83],"whether":[84],"collection":[86],"mentioned":[90],"analysed":[93],"forms":[94,170],"corresponds":[95],"defined":[99],"ISO/IEC":[101],"27002":[102],"CIS":[105],"Critical":[106],"Security":[107],"Controls;":[108],"these":[109],"two":[110,179],"control":[111],"sets":[112],"generally":[114],"held":[115],"be":[117,174],"This":[120],"work":[121],"contains":[122],"novel":[124],"research":[125],"direction":[126],"as":[127],"first":[131],"systematically":[133],"analyse":[134],"contributions":[140],"include":[141,172],"evidence":[142],"regarding":[143],"assumption":[145],"industry":[149],"To":[155],"address":[156],"problem":[158],"adverse":[160],"selection,":[161],"suggest":[163],"number":[165],"should":[171],"alignment":[176],"with":[177],"frameworks.":[182],"Finally,":[183],"discuss":[185],"incentives":[187],"could":[189],"lead":[190],"disparity":[193],"between":[194],"practice":[196],"practice,":[201],"emphasising":[202],"importance":[204],"economics":[208],"studying":[210]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":10},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":7}],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2025-10-10T00:00:00"}