[Cisspstudy] cisspstudy Digest, Vol 16, Issue 4
Smith, Luther B.
smithlb at mitre.org
Wed Oct 7 12:34:48 EDT 2009
RE: Insurance
All prior assessments are correct, but Insurance 'prevents' a financial loss to the insurance policy holder when an event occurs.
R/
-Butch Smith-
-----Original Message-----
From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org] On Behalf Of cisspstudy-request at cccure.org
Sent: Wednesday, October 07, 2009 12:00 PM
To: cisspstudy at cccure.org
Subject: cisspstudy Digest, Vol 16, Issue 4
Send cisspstudy mailing list submissions to
cisspstudy at cccure.org
To subscribe or unsubscribe via the World Wide Web, visit
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
cisspstudy-request at cccure.org
You can reach the person managing the list at
cisspstudy-owner at cccure.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."
Today's Topics:
1. Re: Insurance Preventive Control (Andrea Gatta)
----------------------------------------------------------------------
Message: 1
Date: Wed, 7 Oct 2009 15:18:14 +0100
From: Andrea Gatta <andrea.gatta at gmail.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] Insurance Preventive Control
Message-ID:
<89ab1b610910070718l7f01f82bh9954f26d1ea90b1 at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Another way to look at insurance in the context of the question would be in
terms of what causes it: risk tranfer.
Risk transfer does not address the ante but just the post of an
event/incident. Moreover, the risk is still there with the insurer. To this
end I can't see how insurance could be defined as preventive controls since
it does not reduce the risk and does not stop the incident from happening.
In case - I did found a number of references that classify insurance as a
compensatory control.
Andrea
On Tue, Oct 6, 2009 at 9:55 PM, Andrea Gatta <andrea.gatta at gmail.com> wrote:
> Just thinking loud - a preventive control avoids in part (mitigation) or
> altogether an incident from happening.
>
> In the context of the question 'audit logs' is the only control which is
> clearly not preventative in nature.
>
> it's a quite a long shot but a recovery control - 'insurance' in this case
> - although not preventative in nature actually shares with preventative
> controls the focus on complete or partial reduction of the damage so that it
> will be as 'it has never happened'.
>
> In the context of the question 'insurance' is clearly a distractor which
> introduces that uncertainty that usually causes me to 'overthink' big time
> something that otherwise would be straightforward.
>
>
> Andrea
>
> On Tue, Oct 6, 2009 at 6:09 PM, Holland, Brandon <hollandb at frmaint.com>wrote:
>
>> Transcender:
>>
>> Which measure is NOT considered to be preventative in nature?
>>
>> Insurance
>>
>> Fire suppression systems
>>
>> Redundant communication links
>>
>> Audit Logs
>>
>> Ok, so I understand Audit Logs are NOT preventative? but how is insuranceconsidered preventative?
>>
>> Brandon Holland
>>
>> Army Fleet Support
>>
>> ITS | Network Services
>>
>> Ph: 598-0626
>>
>>
>> _______________________________________________
>> cisspstudy mailing list
>> cisspstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20091007/09c0652b/attachment-0001.html>
------------------------------
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
End of cisspstudy Digest, Vol 16, Issue 4
*****************************************
More information about the cisspstudy
mailing list