> Adam Shostack wrote: > >I'm very curious as to what people think of the idea of insurance for > >infosec failures. Will it encourage standards of due dilligence and > >due care for the industry, the way bank insurance has driven bank > >safes to be stronger and stronger? > > I'm sure that it will, so it's a good thing. ... Being aware of how the insurance industry's insidious coils have affected other fields, I'm not so sure. In the medical field, you can see how on the one hand insurance causes doctors to do CYA testing that might not normally be necessary, and on the other hand [managed care] to not do things that would be beneficial but less profitable. In many other fields, and even in the Red Cross, many ideas are submitted to and killed by "Risk Management", which is another name for "can we do this without the insurance guys getting a gleam in their eyes" - or, in some cases, it IS the insurance guys saying "how can we make sure we never have to pay out." Sorry, Marcus. While I will admit the obvious benefits of a fair and impartial insurance system, any more insurance companies are just forcing people to do things in such a way that they (the insurance companies) are all profit and no [or little] loss. Not to mention - sort of an opposite gripe - in some cases insurance is compelling or impelling people to do silly things, just because "the insurance covers it." Which is probably why the insurance companies decided to try to take that kind of control ... -- Joe Yao jsdyat_private - Joseph S. D. Yao COSPO Computer Support EMT-A/B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "COSPO Computer Support" mail to sys-admat_private ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:12 PDT