On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:
Secondly you reduce your legal liability.
IANAL, but this has yet to be proven, AFAIK. One approach that hasn't been tried, to my knowledge, is educating the insurance companies about how they can potentially reduce *their* liability for payouts by requiring that real, actionable security BCPs such as BCP38/84, running closed resolvers, implementing iACLs, et. al. are implemented by those they insure. Does anyone have insight into examples of how insurance policies have been paid out as a result of losses stemming from availability-related security events? Another approach is educating the 'risk management' and 'business continuity' communities about the risks and how to mitigate them, and how doing so enhances business continuity. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton