[Cisspstudy] Insurance Preventive Control
Andrea Gatta
andrea.gatta at gmail.com
Tue Oct 6 16:55:37 EDT 2009
Just thinking loud - a preventive control avoids in part (mitigation) or
altogether an incident from happening.
In the context of the question 'audit logs' is the only control which is
clearly not preventative in nature.
it's a quite a long shot but a recovery control - 'insurance' in this case -
although not preventative in nature actually shares with preventative
controls the focus on complete or partial reduction of the damage so that it
will be as 'it has never happened'.
In the context of the question 'insurance' is clearly a distractor which
introduces that uncertainty that usually causes me to 'overthink' big time
something that otherwise would be straightforward.
Andrea
On Tue, Oct 6, 2009 at 6:09 PM, Holland, Brandon <hollandb at frmaint.com>wrote:
> Transcender:
>
> Which measure is NOT considered to be preventative in nature?
>
> Insurance
>
> Fire suppression systems
>
> Redundant communication links
>
> Audit Logs
>
> Ok, so I understand Audit Logs are NOT preventative… but how is insuranceconsidered preventative?
>
> Brandon Holland
>
> Army Fleet Support
>
> ITS | Network Services
>
> Ph: 598-0626
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20091006/2dc3247c/attachment.html>
More information about the cisspstudy
mailing list