http://www.darkreading.com/database-security/167901020/security/security-management/240008014/don-t-waste-your-money-on-cyber-breach-insurance.html By Kelly Jackson Higgins Dark Reading Sep 26, 2012 As an increasing number of businesses are starting to look at cyber breach insurance as a tool to mitigate the risks of data breaches, IT security pros need to be prepared to help their organizations avoid the hazards of choosing a policy that may not pay out when the worst occurs. Chief among the biggest pitfalls? Trying to use insurance as a financial replacement for investment in sound protection of databases and other data security infrastructure. "These insurance policies can't eliminate risk, they can only help you control and minimize it," says Rich Santalesa, senior counsel for Infolaw Group. "It's really one arrow in the quiver of those dealing with today's cyber risks and some of the liabilities that can spring from them." Organizations that fail to encrypt sensitive data, that have few controls over who accesses database resources, and that do nothing to monitor activity within these data stores could be in for a rude awakening if they buy insurance as a stand-in for these practices. If legal or more traditional risk management personnel are under this misapprehension, it may be up to IT security pros to explain why, says Rich Mogull, analyst and CEO of Securosis. [...] -- ExpandingSecurity.com Live OnLine classes won’t wreck your schedule. Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1: CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/ CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/ ISSAP info signup: http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/Received on Thu Sep 27 2012 - 01:32:30 PDT
This archive was generated by hypermail 2.2.0 : Thu Sep 27 2012 - 01:28:18 PDT