Dar_Shan0209
Ton up Member
Hi tutors,
I would appreciate if you could please help me regarding the above mentioned question.
Part iii asks about "Describe the information SSSIC would need to model cyber risk." With this command verb (when compared to the command verb taxonomy), says about "Express, fully and clearly, the details / facts of".
As answer structure, I was thinking of: Process how to model - i.e., probability and severity making reference to any IT policy that the insurer has or any ERM documents such as risk register and risk reports. Then talking about frequency making use of GEV/GDP to quantify the probability and then talking about severity. Data sources (TRAINERS acronym) and any limitations (credibility vs reliability). This is how far i would have gone for 6 marks given the question talks about data to model cyber risk, but the solution mentions only types of event, data on previous cyber event and potential scale of losses only. Is there something I am missing here?
Part viii asks about "Discuss an alternative approach SSSIC might use to model the risk of significant loss from cyber risk". With the command verb (when compared to the command verb taxonomy), says about " Write about in some detail, taking into account different issues or points of view".
I was thinking of talking about EVT and discussing about fitting a GEV and GPD given the question talks about approach to model risk of such loss. However, the solution talks only about EVT and limitations about bulk of data. Is there something I am missing here?
Thanks for your time.
I would appreciate if you could please help me regarding the above mentioned question.
Part iii asks about "Describe the information SSSIC would need to model cyber risk." With this command verb (when compared to the command verb taxonomy), says about "Express, fully and clearly, the details / facts of".
As answer structure, I was thinking of: Process how to model - i.e., probability and severity making reference to any IT policy that the insurer has or any ERM documents such as risk register and risk reports. Then talking about frequency making use of GEV/GDP to quantify the probability and then talking about severity. Data sources (TRAINERS acronym) and any limitations (credibility vs reliability). This is how far i would have gone for 6 marks given the question talks about data to model cyber risk, but the solution mentions only types of event, data on previous cyber event and potential scale of losses only. Is there something I am missing here?
Part viii asks about "Discuss an alternative approach SSSIC might use to model the risk of significant loss from cyber risk". With the command verb (when compared to the command verb taxonomy), says about " Write about in some detail, taking into account different issues or points of view".
I was thinking of talking about EVT and discussing about fitting a GEV and GPD given the question talks about approach to model risk of such loss. However, the solution talks only about EVT and limitations about bulk of data. Is there something I am missing here?
Thanks for your time.