On Wed, Mar 27, 2013 at 9:18 PM, Dobbins, Roland <rdobb...@arbor.net> wrote:
> > On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote: > >> Secondly you reduce your legal liability. > > IANAL, but this has yet to be proven, AFAIK. > > One approach that hasn't been tried, to my knowledge, is educating the > insurance companies about how they can potentially reduce *their* liability > for payouts by requiring that real, actionable security BCPs such as > BCP38/84, running closed resolvers, implementing iACLs, et. al. are > implemented by those they insure. > > Does anyone have insight into examples of how insurance policies have been > paid out as a result of losses stemming from availability-related security > events? > > Another approach is educating the 'risk management' and 'business continuity' > communities about the risks and how to mitigate them, and how doing so > enhances business continuity. > Funny you should mention it. Actually, I do know someone who is in the "digital insurance" (for lack of a better term) business, and although I just met them a few weeks ago, somehow I get the feeling that it is a growth industry. I'm semi --> :-) - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
