Re: BCP38 - Internet Death Penalty

[Paul Ferguson <fergdawgster () gmail com>]

On Wed, Mar 27, 2013 at 9:18 PM, Dobbins, Roland <rdobbins () arbor net> wrote:

> On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:
>
> > Secondly you reduce your legal liability.
>
> IANAL, but this has yet to be proven, AFAIK.
>
> One approach that hasn't been tried, to my knowledge, is educating the insurance companies about how they can 
> potentially reduce *their* liability for payouts by requiring that real, actionable security BCPs such as BCP38/84, 
> running closed resolvers, implementing iACLs, et. al. are implemented by those they insure.
>
> Does anyone have insight into examples of how insurance policies have been paid out as a result of losses stemming 
> from availability-related security events?
>
> Another approach is educating the 'risk management' and 'business continuity' communities about the risks and how to 
> mitigate them, and how doing so enhances business continuity.

Funny you should mention it.

Actually, I do know someone who is in the "digital insurance" (for
lack of a better term) business, and although I just met them a few
weeks ago, somehow I get the feeling  that it is a growth industry.
I'm semi --> :-)

- ferg


-- 
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com