On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:

> Secondly you reduce your legal liability.

IANAL, but this has yet to be proven, AFAIK.

One approach that hasn't been tried, to my knowledge, is educating the 
insurance companies about how they can potentially reduce *their* liability for 
payouts by requiring that real, actionable security BCPs such as BCP38/84, 
running closed resolvers, implementing iACLs, et. al. are implemented by those 
they insure.

Does anyone have insight into examples of how insurance policies have been paid 
out as a result of losses stemming from availability-related security events?

Another approach is educating the 'risk management' and 'business continuity' 
communities about the risks and how to mitigate them, and how doing so enhances 
business continuity.

-----------------------------------------------------------------------
Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton


Reply via email to