OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!

From: Sasha Romanosky (sromanosandrew.cmu.edu)
Date: Thu Mar 20 2008 - 17:29:54 CDT

Whoops, wrote too soon:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1306207,
00.html
(Thanks to a student post for pointing this out.)

> -----Original Message-----
> From: Sasha Romanosky [mailto:sromanosandrew.cmu.edu]
> Sent: Thursday, March 20, 2008 6:27 PM
> To: 'datalossattrition.org'
> Subject: RE: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!
>
>
> To my knowledge, this firm in Canada is the one that offers
> data breach insurance:
>
> From SANS NewsBites Vol. 10 Num. 22:
> --Canadian Firm to Offer Data Breach Insurance (March 13,
> 2008) As data security breaches appear more and more
> frequently in the news, at least one Canadian insurance
> company is starting to offer a product that would cover costs
> incurred by companies when they have suffered a data privacy
> breach. The policy would cover the cost of fixing computer
> damage as well as costs associated with customer notification
> and reimbursement and compensation paid to credit card
> companies for losses from fraud. The coverage is structured
> to address Canadian data privacy laws.
> http://www.theglobeandmail.com/servlet/story/LAC.20080313.RINS
> URANCE13/TPStory/Business
>
> [Editor's Note (Schultz): Insurance against security
> incidents in general has not caught on all that well in the
> information security arena for a number of reasons. However,
> this new type of insurance is likely to fare much better
> because of the widespread concern about and high likelihood
> of data security breaches.]
>
> cheers,
> sasha
> www.romanosky.net
>
> > -----Original Message-----
> > From: dataloss-bouncesattrition.org
> > [mailto:dataloss-bouncesattrition.org] On Behalf Of Kevin McPoyle
> > Sent: Thursday, March 20, 2008 6:00 PM
> > To: Chris Walsh; Tracy Blackmore
> > Cc: datalossattrition.org
> > Subject: Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!
> >
> > What I find interesting is the recognition among the readers and
> > pundits that this is an imperfect world with respect to security.
> > With that in mind, I'm unclear as to why organizations
> don't transfer
> > a portion of this risk to others through an insurance product? It
> > seems rational and clearly represents some mitigating of a scenario
> > that will happen, not if, when. Policies are readily available,
> > negotiable and clearly a deal compared to other costs. No
> one like to
> > "waste" money on insurance...until there is a claim. The
> supermarket
> > had D&O with which to fend off the legal dogs.
> > Why don't they have a "cyber" policy?
> > Whose making these good decisions?
> >
> > -----Original Message-----
> > From: dataloss-bouncesattrition.org
> > [mailto:dataloss-bouncesattrition.org] On Behalf Of Chris Walsh
> > Sent: Thursday, March 20, 2008 5:49 PM
> > To: Tracy Blackmore
> > Cc: datalossattrition.org
> > Subject: Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!
> >
> > IANAL, but this question of "due diligence" and comparing
> oneself to
> > one's competitors begs the question -- what harm (in the
> legal sense)
> > has been done here to anyone whose CC or debit card # was revealed?
> > Does your answer vary depending on whether there was fraud
> associated
> > with that card #?
> >
> >
> > _______________________________________________
> > Dataloss Mailing List (datalossattrition.org)
> > http://attrition.org/dataloss
> >
> > Tenable Network Security offers data leakage and compliance
> > monitoring solutions for large and small networks. Scan your
> > network and monitor your traffic to find the data needing
> > protection before it leaks out!
> > http://www.tenablesecurity.com/products/compliance.shtml
> > _______________________________________________
> > Dataloss Mailing List (datalossattrition.org)
> > http://attrition.org/dataloss
> >
> > Tenable Network Security offers data leakage and compliance
> > monitoring solutions for large and small networks. Scan your
> > network and monitor your traffic to find the data needing
> > protection before it leaks out!
> > http://www.tenablesecurity.com/products/compliance.shtml
> >
> >

_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml