A Semantic Approach for Automating Knowledge in Policies of Cyber Insurance Services
Loading...
Files
Links to Files
Author/Creator
Author/Creator ORCID
Date
2019-07-08
Type of Work
Department
Program
Citation of Original Publication
K. Joshi, K. Pande Joshi and S. Mittal, "A Semantic Approach for Automating Knowledge in Policies of Cyber Insurance Services," 2019 IEEE International Conference on Web Services (ICWS), Milan, Italy, 2019, pp. 33-40, doi: 10.1109/ICWS.2019.00018.
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2019 IEEE.
© 2019 IEEE.
Abstract
With the rapid adoption of web services, the need to
protect against various threats has become imperative for organizations operating in cyberspace. Organizations are increasingly
opting to get financial cover in the event of losses due to a security
incident. This helps them safeguard against the threat posed
to third-party services that the organization uses. It is in the
organization’s interest to understand the insurance requirements
and procure all necessary direct and liability coverages. This
helps transfer some risks to the insurance providers. However,
cyber insurance policies often list details about coverages and
exclusions using legalese that can be difficult to comprehend.
Currently, it takes a significant manual effort to parse and extract
knowledgeable rules from these lengthy and complicated policy
documents. We have developed a semantically rich machine
processable framework to automatically analyze cyber insurance
policy and populate a knowledge graph that efficiently captures
various inclusion and exclusion terms and rules embedded in
the policy. In this paper, we describe this framework that has
been built using technologies from AI, including Semantic Web,
Modal/ Deontic Logic, and Natural Language Processing. We
have validated our approach using industry standards proposed
by the United States Federal Trade Commission (FTC) and
applying it against publicly available policies of 7 cyber insurance
vendors. Our system will enable cyber insurance seekers to
automatically analyze various policy documents and make a well-informed decision by identifying its inclusions and exclusions.