[161894] in North American Network Operators' Group
Re: BCP38 - Internet Death Penalty
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Mar 28 00:18:39 2013
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Thu, 28 Mar 2013 04:18:23 +0000
In-Reply-To: <20130327230134.A948031A1DF7@drugs.dv.isc.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:
> Secondly you reduce your legal liability.
IANAL, but this has yet to be proven, AFAIK.
One approach that hasn't been tried, to my knowledge, is educating the insu=
rance companies about how they can potentially reduce *their* liability for=
payouts by requiring that real, actionable security BCPs such as BCP38/84,=
running closed resolvers, implementing iACLs, et. al. are implemented by t=
hose they insure.
Does anyone have insight into examples of how insurance policies have been =
paid out as a result of losses stemming from availability-related security =
events?
Another approach is educating the 'risk management' and 'business continuit=
y' communities about the risks and how to mitigate them, and how doing so e=
nhances business continuity.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
