[Moderator: I think I will leave this one alone...] Forwarded From: krys <krysat_private> >From CNN: First-Ever Insurance Against Hackers Reuters 14-JUN-98 By Therese Poletti SAN FRANCISCO, June 4 (Reuters) - A computer security firm is so certain of its security prowess that it is offering to protect its customers with the first-ever hacker insurance, in the event a customer is successfully invaded by hackers. ICSA Inc., the International Computer Security Association, is now offering as part of its TruSecure service, insurance against hacker attacks. ISCA will pay up to $250,000 if a customer's network is hacked into, after it has followed the TruSecure criteria. ``This is the first hacker-related insurance,'' said Peter Tibbett, president of the ICSA, based in Carlisle, Penn. ``It puts our money where our mouth is.'' ICSA sells its TruSecure service for $40,000 a year. The service, which it has been offering for several years, is a series of steps, methods and procedures that an ICSA client must adhere to. Some steps are simple, common sense procedures, such as having the server which hosts your company's Web site inside a locked room. Other steps are more complicated, such as the requirement to have a secure firewall around an internal network. But the ICSA does not sell products. Instead, it recommends a whole range of software that it has approved as secure and meets its standards, through open meetings and debates, with all its members, many of whom develop security products. Then, ICSA tests a client's security by using typical hacker methods, through its 100 or so employees, none of whom are reformed hackers. ICSA believes, along with executives at International Business Machines Corp. who perform ``ethical'' hacking on its customers, that there is no such thing as a reformed hacker. ``We spray them with hacker tools and see where their vulnerabilities are,'' Tibbett said, referring to many of the widely-used hacker programs that are available over the Internet or shared among hackers. ``The average site took about two weeks to get to the place where they meet all our requirements.'' After ICSA completes a six-step process to test and improve a company's security, the customer is deemed secure and will then receive insurance. The ICSA said it will pay its customers if they fall prey to a hacker, even if they are not financially harmed from the attack. ``Whether you lose money or not, we will pay,'' Tibbett said. ''We believe that we reduce the risk dramatically ... Yes, we expect to write some checks, but we don't expect to write very many.'' Tibbett likens the ICSA to the Center for Disease Control, because it tracks all hacker attacks and tests every hacker tool and virus its progammers can find. The ICSA also is known for its emergency response center, which tracks the fallout from known computer viruses and helps companies in a crisis. ``Good enough is never going to be perfect,'' Tibbett said. ''But we have a motivation to improve our service. If we have to write a check when someone gets hacked, it gives us another emphasis.'' The company said it is partnering with major nationwide insurance carriers who recognize the ICSA TruSecure certification as a requirement for hacker policies. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:58 PDT