Educause Security Discussion mailing list archives
Re: Insurance - Privacy and Network Liability
From: "Plesco, Todd" <tplesco () CHAPMAN EDU>
Date: Tue, 20 Oct 2009 15:24:35 -0700
We're in a very similar situation. I've been onboard since March and have been trying to close gaps while also doing risk assessments in the most critical areas identified. We did pursue cyber insurance per the risk manager's own project initiative rather than IT's full knowledge of our tolerance. (It made adequate business sense.) The policy has resulted in "subjectivities" (recommendations with required responses stating those areas are being addressed.) Free advice is not always negative criticism. I look at it as further re-inforcement. To keep things in perspective, security is an ongoing process which also addresses changes in business and changes in technology. Even NASA was hit pretty heavily by the GAO's internal IT audit. The deputy director had a very good response to the GAO report. I've kept a similar approach in the ready for these situations. While I don't expect any negative reflections from the recommendations, it is always good to be able to address them individually should it raise questions. Todd A. Plesco CISM, CBCP Chapman University, Director of Information Security One University Drive, Orange, CA 92866 Phone: (714) 744-7979/Fax: (714) 744-7041 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Giannetto Sent: Tuesday, October 20, 2009 2:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Insurance - Privacy and Network Liability It seems to be an annual occurrence that our President asks my Vice President if we need privacy/network liability insurance. Naturally, she then asks me the same question. We're still in the early stages of building our IT security program and see data loss as one of our most significant threats. I'm wondering if privacy/network liability insurance is worthwhile, maybe even just until our IT security program matures and we're more comfortable with the safeguards we have in place. Obviously, though, the decision depends on our risk tolerance and the cost of the policy. We're also trying to determine if carrying privacy/network liability insurance is becoming any more common for other schools. Does anyone care to share their experiences, either purchasing this type of insurance, or researching and deciding not to purchase? Thanks, Matt Giannetto Manager of IT Security Montgomery County Community College mgiannetto () mc3 edu | (215) 619-7442 ________________________________ Montgomery County Community College is proud to be the #1 ranked technology-savvy community college in the nation, as determined by the Center for Digital Education and the American Association of Community Colleges (AACC).
Current thread:
- Insurance - Privacy and Network Liability Matthew Giannetto (Oct 20)
- <Possible follow-ups>
- Re: Insurance - Privacy and Network Liability Plesco, Todd (Oct 20)
- Re: Insurance - Privacy and Network Liability Dave Kovarik (Oct 21)