OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Lloyds to offer hacker insurance

Re: Lloyds to offer hacker insurance


darrenrreed.wattle.id.au
Thu, 30 Apr 1998 20:32:28 +1000 (EST)


In some email I received from Kevin Tyrrell, sie wrote:
[...]
> Buying insurance against "hackers" might actually make some companies less
> secure. They have been certified as insurable (secure), so they can put
> security on the back burner until its time for next year's checkup, then
> they get whacked. But hey, they got insurance.

I'm somewhat bemused by the attitude towards audits. At least here, in
Australia, legal firms are auditted twice anually and one (if not both)
are random audits where the only notice you get is when they ring the
bell to say they're there. This probably happens in a lot of other
cases too, it's just the only one I personally know about. I can't see
why IT security should be any different. Maybe there's a call for more
regular audits - who knows ?

I'd expect that if you did fail an audit that your certification would
(at least) immeadiately lapse and so possibly void your insurance.

I'd imagine that would be somewhat embaressing too.

Darren



This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:53 CDT