[161895] in North American Network Operators' Group
Re: BCP38 - Internet Death Penalty
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Thu Mar 28 00:42:37 2013
In-Reply-To: <A5CD7213-0E43-48EE-AE99-A62435228607@arbor.net>
Date: Wed, 27 Mar 2013 21:42:27 -0700
From: Paul Ferguson <fergdawgster@gmail.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 27, 2013 at 9:18 PM, Dobbins, Roland <rdobbins@arbor.net> wrote=
:
>
> On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:
>
>> Secondly you reduce your legal liability.
>
> IANAL, but this has yet to be proven, AFAIK.
>
> One approach that hasn't been tried, to my knowledge, is educating the in=
surance companies about how they can potentially reduce *their* liability f=
or payouts by requiring that real, actionable security BCPs such as BCP38/8=
4, running closed resolvers, implementing iACLs, et. al. are implemented by=
those they insure.
>
> Does anyone have insight into examples of how insurance policies have bee=
n paid out as a result of losses stemming from availability-related securit=
y events?
>
> Another approach is educating the 'risk management' and 'business continu=
ity' communities about the risks and how to mitigate them, and how doing so=
enhances business continuity.
>
Funny you should mention it.
Actually, I do know someone who is in the "digital insurance" (for
lack of a better term) business, and although I just met them a few
weeks ago, somehow I get the feeling that it is a growth industry.
I'm semi --> :-)
- ferg
--=20
"Fergie", a.k.a. Paul Ferguson
fergdawgster(at)gmail.com
