BCP38 - Internet Death Penalty

• Previous message (by thread): BCP38 - Internet Death Penalty
• Next message (by thread): BCP38 - Internet Death Penalty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 27, 2013 at 9:18 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:

>
> On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:
>
>> Secondly you reduce your legal liability.
>
> IANAL, but this has yet to be proven, AFAIK.
>
> One approach that hasn't been tried, to my knowledge, is educating the insurance companies about how they can potentially reduce *their* liability for payouts by requiring that real, actionable security BCPs such as BCP38/84, running closed resolvers, implementing iACLs, et. al. are implemented by those they insure.
>
> Does anyone have insight into examples of how insurance policies have been paid out as a result of losses stemming from availability-related security events?
>
> Another approach is educating the 'risk management' and 'business continuity' communities about the risks and how to mitigate them, and how doing so enhances business continuity.
>

Funny you should mention it.

Actually, I do know someone who is in the "digital insurance" (for
lack of a better term) business, and although I just met them a few
weeks ago, somehow I get the feeling  that it is a growth industry.
I'm semi --> :-)

- ferg


-- 
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com

• Previous message (by thread): BCP38 - Internet Death Penalty
• Next message (by thread): BCP38 - Internet Death Penalty
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]