BreachExchange mailing list archives
Re: rant: Abandon Ship! Data Loss Ahoy!
From: "Sasha Romanosky" <sromanos () andrew cmu edu>
Date: Thu, 20 Mar 2008 18:29:54 -0400
Whoops, wrote too soon: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1306207, 00.html (Thanks to a student post for pointing this out.)
-----Original Message----- From: Sasha Romanosky [mailto:sromanos () andrew cmu edu] Sent: Thursday, March 20, 2008 6:27 PM To: 'dataloss () attrition org' Subject: RE: [Dataloss] rant: Abandon Ship! Data Loss Ahoy! To my knowledge, this firm in Canada is the one that offers data breach insurance: From SANS NewsBites Vol. 10 Num. 22: --Canadian Firm to Offer Data Breach Insurance (March 13, 2008) As data security breaches appear more and more frequently in the news, at least one Canadian insurance company is starting to offer a product that would cover costs incurred by companies when they have suffered a data privacy breach. The policy would cover the cost of fixing computer damage as well as costs associated with customer notification and reimbursement and compensation paid to credit card companies for losses from fraud. The coverage is structured to address Canadian data privacy laws. http://www.theglobeandmail.com/servlet/story/LAC.20080313.RINS URANCE13/TPStory/Business [Editor's Note (Schultz): Insurance against security incidents in general has not caught on all that well in the information security arena for a number of reasons. However, this new type of insurance is likely to fare much better because of the widespread concern about and high likelihood of data security breaches.] cheers, sasha www.romanosky.net-----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Kevin McPoyle Sent: Thursday, March 20, 2008 6:00 PM To: Chris Walsh; Tracy Blackmore Cc: dataloss () attrition org Subject: Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy! What I find interesting is the recognition among the readers and pundits that this is an imperfect world with respect to security. With that in mind, I'm unclear as to why organizationsdon't transfera portion of this risk to others through an insurance product? It seems rational and clearly represents some mitigating of a scenario that will happen, not if, when. Policies are readily available, negotiable and clearly a deal compared to other costs. Noone like to"waste" money on insurance...until there is a claim. Thesupermarkethad D&O with which to fend off the legal dogs. Why don't they have a "cyber" policy? Whose making these good decisions? -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Chris Walsh Sent: Thursday, March 20, 2008 5:49 PM To: Tracy Blackmore Cc: dataloss () attrition org Subject: Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy! IANAL, but this question of "due diligence" and comparingoneself toone's competitors begs the question -- what harm (in thelegal sense)has been done here to anyone whose CC or debit card # was revealed? Does your answer vary depending on whether there was fraudassociatedwith that card #? _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: rant: Abandon Ship! Data Loss Ahoy!, (continued)
- Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! James Ritchie, CISA, QSA (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Tracy Blackmore (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Chris Walsh (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Kevin McPoyle (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Eric Nelson (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Kim Zelonis (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! Jamie C. Pole (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! macadamiamac (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Manny Cho (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! James Ritchie, CISA, QSA (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Al Mac Wheel (Mar 21)
- Re: rant: Abandon Ship! Data Loss Ahoy! James Ritchie, CISA, QSA (Mar 21)
- Re: rant: Abandon Ship! Data Loss Ahoy! lyger (Mar 22)