BreachExchange mailing list archives

Re: rant: Abandon Ship! Data Loss Ahoy!

From: "Sasha Romanosky" <sromanos () andrew cmu edu>
Date: Thu, 20 Mar 2008 18:29:54 -0400


Whoops, wrote too soon: 

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1306207,
00.html
(Thanks to a student post for pointing this out.)

-----Original Message-----
From: Sasha Romanosky [mailto:sromanos () andrew cmu edu] 
Sent: Thursday, March 20, 2008 6:27 PM
To: 'dataloss () attrition org'
Subject: RE: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!


To my knowledge, this firm in Canada is the one that offers 
data breach insurance: 

From SANS NewsBites Vol. 10 Num. 22:
--Canadian Firm to Offer Data Breach Insurance (March 13, 
2008) As data security breaches appear more and more 
frequently in the news, at least one Canadian insurance 
company is starting to offer a product that would cover costs 
incurred by companies when they have suffered a data privacy 
breach. The policy would cover the cost of fixing computer 
damage as well as costs associated with customer notification 
and reimbursement and compensation paid to credit card 
companies for losses from fraud. The coverage is structured 
to address Canadian data privacy laws.
http://www.theglobeandmail.com/servlet/story/LAC.20080313.RINS
URANCE13/TPStory/Business

[Editor's Note (Schultz): Insurance against security 
incidents in general has not caught on all that well in the 
information security arena for a number of reasons. However, 
this new type of insurance is likely to fare much better 
because of the widespread concern about and high likelihood 
of data security breaches.]

cheers,
sasha
www.romanosky.net

-----Original Message-----
From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of Kevin McPoyle
Sent: Thursday, March 20, 2008 6:00 PM
To: Chris Walsh; Tracy Blackmore
Cc: dataloss () attrition org
Subject: Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!

What I find interesting is the recognition among the readers and 
pundits that this is an imperfect world with respect to security.  
With that in mind, I'm unclear as to why organizations

don't transfer

a portion of this risk to others through an insurance product?  It 
seems rational and clearly represents some mitigating of a scenario 
that will happen, not if, when.  Policies are readily available, 
negotiable and clearly a deal compared to other costs.  No

one like to

"waste" money on insurance...until there is a claim.  The

supermarket

had D&O with which to fend off the legal dogs.
Why don't they have a "cyber" policy?
Whose making these good decisions? 

-----Original Message-----
From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of Chris Walsh
Sent: Thursday, March 20, 2008 5:49 PM
To: Tracy Blackmore
Cc: dataloss () attrition org
Subject: Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!

IANAL, but this question of "due diligence" and comparing

oneself to

one's competitors begs the question -- what harm (in the

legal sense)

has been done here to anyone whose CC or debit card # was revealed?
Does your answer vary depending on whether there was fraud

associated

with that card #?


_______________________________________________
Dataloss Mailing List (dataloss () attrition org) 
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance 
monitoring solutions for large and small networks. Scan your 
network and monitor your traffic to find the data needing 
protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________
Dataloss Mailing List (dataloss () attrition org) 
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance 
monitoring solutions for large and small networks. Scan your 
network and monitor your traffic to find the data needing 
protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

Current thread:

Re: rant: Abandon Ship! Data Loss Ahoy!, (continued)
- - - Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! James Ritchie, CISA, QSA (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Tracy Blackmore (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Chris Walsh (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Kevin McPoyle (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Eric Nelson (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Kim Zelonis (Mar 19)
  - Re: rant: Abandon Ship! Data Loss Ahoy! Jackson, Ben (ITD) (Mar 19)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Jamie C. Pole (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! Sasha Romanosky (Mar 20)
  - Re: rant: Abandon Ship! Data Loss Ahoy! macadamiamac (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Manny Cho (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! James Ritchie, CISA, QSA (Mar 20)
    - Re: rant: Abandon Ship! Data Loss Ahoy! Al Mac Wheel (Mar 21)
    - Re: rant: Abandon Ship! Data Loss Ahoy! James Ritchie, CISA, QSA (Mar 21)
- Re: rant: Abandon Ship! Data Loss Ahoy! *Hobbit* (Mar 22)
  - Re: rant: Abandon Ship! Data Loss Ahoy! lyger (Mar 22)