PhD Project: Cyber security (model and product design)

September 26th, 2016

Through enabling technologies such as wireless communication (WiFi) and smartphones, the digital revolution has well and truly taken over our day-to-day lives. Whether it’s planning and maintaining our social lives via social media platforms, doing some online shopping or streaming live sports and TV to relax after work, information and digital technologies have become integral to our way of life. Indeed, the average Australian household is predicted to have 24 devices connected to the internet by 2019, while 50% of small and medium enterprises will receive payments online [1]. Whilst this digital disruption has provided the opportunity for innovation in our economy, there are also inherent risks for individuals, the private sector and for governments. We generate and store immense quantities of data each day, most of which we would like to keep private and secure. However, this data is valued by other parties, leading to the persistent threat of cybercrime estimated to cost global economies approximately 1% of GDP each year [1]. Thus, some form of insurance for cyber risk management would provide great benefit to the global economy. Nevertheless, there has been little research into quantitative models for cyber-insurance [2]. This work will focus on developing quantitative valuation models for cybersecurity risk management, in both corporate and private applications. More specifically, the work can be split into two mini-projects:

  1. Develop a quantitative pricing model for cyber-insurance. The aim is to develop a pricing framework in an analogous fashion to the current financial industry. This will require the identification of risks, modelling them as stochastic processes, and valuing possible risk mitigation strategies. The work will utilise real-world data when available to ensure real-world applicability.
  2. Develop a model for determining resource allocations to combat cyber-crime. The aim is to address the challenge of allocating limited resources to different risk-mitigation strategies to minimise the expected future losses of an organisation. This work will utilise the valuation model developed in the first mini-project, and will again utilise real-world data when possible.

[1]. Commonwealth of Australia, Department of the Prime Minister and Cabinet, Australia’s Cybersecurity Strategy (2016), accessed online: https://cybersecuritystrategy.dpmc.gov.au

[2]. Tondel, I.A., Meland, P.H., Omerovic, A., Gjaere E.A. and Solhaudg, B., Using Cyber-Insurance as a Risk Management Strategy: Knowledge Gaps and Recommendations for Further Research, (2015), Report No SINTEF A27298, SINTEF ICT, Norway

Applications can be made by selecting the below link.

Please attach supporting documentation including a covering letter outlining why you would like to undertake the PhD project and a current CV including 2 referees. Please note that more than one application can be made if  you wish to be considered for more than one PhD project.

Apply Now