Parinaz Naghizadeh, a graduate student in electrical engineering, has been named a 2014 Barbour Scholar, a distinction awarded to women of outstanding academic and professional achievement who are natives of Asia.
Parinaz is conducting research in the general area of computer and network security, and more specifically, combining communications with economics to assess the security level of a network and then apply that data to design cyber-insurance contracts.
Recently, she has focused on the public good problem known as interdependent security. Interdependent security deals with the fact that the security of a network is increasingly dependent upon the collective efforts of each one of its interconnected users.
“Consider email attachments,” explained Parinaz. “If a user installs the latest antivirus and refrains from downloading suspicious email attachments, she will protect not only her own computer, but potentially other computers as well.” However, refraining from these precautions could have a broad negative impact because so many computers are interconnected.
Currently, cyber insurance is being researched as one of the most promising approaches to provide the necessary incentives for network users to invest in and practice the best cyber security protocols. “We want to give people an incentive to care about network security, and do things like keep antivirus software updated and change their passwords every six months,” Parinaz said.
Designing the cyber insurance contracts is a highly complex mathematical and system problem. Parinaz hopes to use IP blacklists and reputation systems to help determine the risks present to the network’s security. These reputation systems would be similar to those used by Amazon and eBay, where users provide feedback on sellers and that feedback is used to generate a rating that future customers can see before deciding to do business with that seller.
Parinaz says, “Once I know the risks, I can tell how important each of these systems is to the entire environment, and how important any one computer is to the network.”
After completing the network assessment, Parinaz can design a contract based on the user’s importance to the overall health of the system.
Currently, cyber insurance policies are only contracted with large entities like universities, banks and large companies, with premiums costing tens of thousands of dollars. The participation of smaller entities, however, is important to the security of the entire network.
Parinaz Naghizadeh will present the paper, Voluntary Participation in Cyber-Insurance Markets, co-authored by her advisor, Prof. Mingyan Liu, at the 13th Annual Workshop on the Economics of Information Security, June 23-24, 2014.
Ms. Ardabili’s research is funded by the Department of Homeland Security, Cyber Security Division.