nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BCP38 - Internet Death Penalty

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 28 Mar 2013 04:18:23 +0000

On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:


Secondly you reduce your legal liability.


IANAL, but this has yet to be proven, AFAIK.

One approach that hasn't been tried, to my knowledge, is educating the insurance companies about how they can 
potentially reduce *their* liability for payouts by requiring that real, actionable security BCPs such as BCP38/84, 
running closed resolvers, implementing iACLs, et. al. are implemented by those they insure.

Does anyone have insight into examples of how insurance policies have been paid out as a result of losses stemming from 
availability-related security events?

Another approach is educating the 'risk management' and 'business continuity' communities about the risks and how to 
mitigate them, and how doing so enhances business continuity.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton
Previous By Date Next
Previous By Thread Next

Current thread: