On Wed, Mar 27, 2013 at 9:18 PM, Dobbins, Roland <rdobbins@arbor.net> wrote:
On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:
Secondly you reduce your legal liability.
IANAL, but this has yet to be proven, AFAIK.
One approach that hasn't been tried, to my knowledge, is educating the insurance companies about how they can potentially reduce *their* liability for payouts by requiring that real, actionable security BCPs such as BCP38/84, running closed resolvers, implementing iACLs, et. al. are implemented by those they insure.
Does anyone have insight into examples of how insurance policies have been paid out as a result of losses stemming from availability-related security events?
Another approach is educating the 'risk management' and 'business continuity' communities about the risks and how to mitigate them, and how doing so enhances business continuity.
Funny you should mention it. Actually, I do know someone who is in the "digital insurance" (for lack of a better term) business, and although I just met them a few weeks ago, somehow I get the feeling that it is a growth industry. I'm semi --> :-) - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com