[ISN] First-Ever Insurance Against Hackers

From: mea culpa (jerichoat_private)
Date: Mon Jun 15 1998 - 17:21:58 PDT

  • Next message: mea culpa: "[ISN] InfoSec Mags?"

    [Moderator: I think I will leave this one alone...]
    Forwarded From: krys <krysat_private>
    >From CNN:
    First-Ever Insurance Against Hackers
    By Therese Poletti 
    SAN FRANCISCO, June 4 (Reuters) - A computer security firm is so certain
    of its security prowess that it is offering to protect its customers with
    the first-ever hacker insurance, in the event a customer is successfully
    invaded by hackers. 
    ICSA Inc., the International Computer Security Association, is now
    offering as part of its TruSecure service, insurance against hacker
    attacks. ISCA will pay up to $250,000 if a customer's network is hacked
    into, after it has followed the TruSecure criteria. 
    ``This is the first hacker-related insurance,'' said Peter Tibbett,
    president of the ICSA, based in Carlisle, Penn. ``It puts our money where
    our mouth is.'' 
    ICSA sells its TruSecure service for $40,000 a year. The service, which it
    has been offering for several years, is a series of steps, methods and
    procedures that an ICSA client must adhere to. Some steps are simple,
    common sense procedures, such as having the server which hosts your
    company's Web site inside a locked room. 
    Other steps are more complicated, such as the requirement to have a secure
    firewall around an internal network. 
    But the ICSA does not sell products. Instead, it recommends a whole range
    of software that it has approved as secure and meets its standards,
    through open meetings and debates, with all its members, many of whom
    develop security products. 
    Then, ICSA tests a client's security by using typical hacker methods,
    through its 100 or so employees, none of whom are reformed hackers.
    ICSA believes, along with executives at International Business Machines
    Corp. who perform ``ethical'' hacking on its customers, that there is no
    such thing as a reformed hacker. 
    ``We spray them with hacker tools and see where their vulnerabilities
    are,'' Tibbett said, referring to many of the widely-used hacker programs
    that are available over the Internet or shared among hackers. ``The
    average site took about two weeks to get to the place where they meet all
    our requirements.'' 
    After ICSA completes a six-step process to test and improve
    a company's security, the customer is deemed secure and will then
    receive insurance. 
    The ICSA said it will pay its customers if they fall prey to a hacker,
    even if they are not financially harmed from the attack. 
    ``Whether you lose money or not, we will pay,'' Tibbett said. ''We believe
    that we reduce the risk dramatically ... Yes, we expect to write
    some checks, but we don't expect to write very many.'' 
    Tibbett likens the ICSA to the Center for Disease Control, because it
    tracks all hacker attacks and tests every hacker tool and virus its
    progammers can find. The ICSA also is known for its emergency response
    center, which tracks the fallout from known computer viruses and helps
    companies in a crisis. 
    ``Good enough is never going to be perfect,'' Tibbett said. ''But we have 
    a motivation to improve our service. If we have to write a check when
    someone gets hacked, it gives us another emphasis.'' 
    The company said it is partnering with major nationwide insurance carriers
    who recognize the ICSA TruSecure certification as a requirement for hacker
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:58 PDT