[Dataloss] rant: Abandon Ship! Data Loss Ahoy!

Sasha Romanosky sromanos at andrew.cmu.edu
Thu Mar 20 22:29:54 UTC 2008 

Whoops, wrote too soon: 

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1306207,
00.html
(Thanks to a student post for pointing this out.)


> -----Original Message-----
> From: Sasha Romanosky [mailto:sromanos at andrew.cmu.edu] 
> Sent: Thursday, March 20, 2008 6:27 PM
> To: 'dataloss at attrition.org'
> Subject: RE: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!
> 
> 
> To my knowledge, this firm in Canada is the one that offers 
> data breach insurance: 
> 
> From SANS NewsBites Vol. 10 Num. 22:
> --Canadian Firm to Offer Data Breach Insurance (March 13, 
> 2008) As data security breaches appear more and more 
> frequently in the news, at least one Canadian insurance 
> company is starting to offer a product that would cover costs 
> incurred by companies when they have suffered a data privacy 
> breach. The policy would cover the cost of fixing computer 
> damage as well as costs associated with customer notification 
> and reimbursement and compensation paid to credit card 
> companies for losses from fraud. The coverage is structured 
> to address Canadian data privacy laws.
> http://www.theglobeandmail.com/servlet/story/LAC.20080313.RINS
> URANCE13/TPStory/Business
> 
> [Editor's Note (Schultz): Insurance against security 
> incidents in general has not caught on all that well in the 
> information security arena for a number of reasons. However, 
> this new type of insurance is likely to fare much better 
> because of the widespread concern about and high likelihood 
> of data security breaches.]
> 
> cheers,
> sasha
> www.romanosky.net
> 
> > -----Original Message-----
> > From: dataloss-bounces at attrition.org
> > [mailto:dataloss-bounces at attrition.org] On Behalf Of Kevin McPoyle
> > Sent: Thursday, March 20, 2008 6:00 PM
> > To: Chris Walsh; Tracy Blackmore
> > Cc: dataloss at attrition.org
> > Subject: Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!
> > 
> > What I find interesting is the recognition among the readers and 
> > pundits that this is an imperfect world with respect to security.  
> > With that in mind, I'm unclear as to why organizations 
> don't transfer 
> > a portion of this risk to others through an insurance product?  It 
> > seems rational and clearly represents some mitigating of a scenario 
> > that will happen, not if, when.  Policies are readily available, 
> > negotiable and clearly a deal compared to other costs.  No 
> one like to 
> > "waste" money on insurance...until there is a claim.  The 
> supermarket 
> > had D&O with which to fend off the legal dogs.
> > Why don't they have a "cyber" policy?
> > Whose making these good decisions? 
> > 
> > -----Original Message-----
> > From: dataloss-bounces at attrition.org
> > [mailto:dataloss-bounces at attrition.org] On Behalf Of Chris Walsh
> > Sent: Thursday, March 20, 2008 5:49 PM
> > To: Tracy Blackmore
> > Cc: dataloss at attrition.org
> > Subject: Re: [Dataloss] rant: Abandon Ship! Data Loss Ahoy!
> > 
> > IANAL, but this question of "due diligence" and comparing 
> oneself to 
> > one's competitors begs the question -- what harm (in the 
> legal sense) 
> > has been done here to anyone whose CC or debit card # was revealed?
> > Does your answer vary depending on whether there was fraud 
> associated 
> > with that card #?
> > 
> > 
> > _______________________________________________
> > Dataloss Mailing List (dataloss at attrition.org) 
> > http://attrition.org/dataloss
> > 
> > Tenable Network Security offers data leakage and compliance 
> > monitoring solutions for large and small networks. Scan your 
> > network and monitor your traffic to find the data needing 
> > protection before it leaks out!
> > http://www.tenablesecurity.com/products/compliance.shtml
> > _______________________________________________
> > Dataloss Mailing List (dataloss at attrition.org) 
> > http://attrition.org/dataloss
> > 
> > Tenable Network Security offers data leakage and compliance 
> > monitoring solutions for large and small networks. Scan your 
> > network and monitor your traffic to find the data needing 
> > protection before it leaks out!
> > http://www.tenablesecurity.com/products/compliance.shtml
> > 
> >

More information about the Dataloss mailing list