[Cisspstudy] Insurance Preventive Control

Vardhan, Aditya {PI} aditya.vardhan at intl.pepsico.com
Thu Oct 8 00:34:51 EDT 2009 

Hi guys,

Before I comment on this, let me share the good news- I cleared my CISSP
which I attempted on 26th Sep.

 

My view on this is that you always go with the best answer. There will
always ( in most of the cases) be two almost correct options.

In this question we were debating on insurance being preventive or
compensatory control, however audit is not at all a preventive control
hence is the best answer.

 

Regards,

Aditya 

From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org] On Behalf Of Andrea Gatta
Sent: Wednesday, October 07, 2009 7:48 PM
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] Insurance Preventive Control

 

Another way to look at insurance in the context of the question would be
in terms of what causes it: risk tranfer. 

Risk transfer does not address the ante but just the post of an
event/incident. Moreover, the risk is still there with the insurer. To
this end I can't see how insurance could be defined as preventive
controls since it does not reduce the risk and does not stop the
incident from happening.

In case - I did found a number of references that classify insurance as
a compensatory control.

Andrea

On Tue, Oct 6, 2009 at 9:55 PM, Andrea Gatta <andrea.gatta at gmail.com>
wrote:

Just thinking loud - a preventive control avoids in part (mitigation) or
altogether an incident from happening.

In the context of the question 'audit logs' is the only control which is
clearly not preventative in nature.

it's a quite a long shot but a recovery control - 'insurance' in this
case - although not preventative in nature actually shares with
preventative controls the focus on complete or partial reduction of the
damage so that it will be as 'it has never happened'.

In the context of the question 'insurance' is clearly a distractor which
introduces that uncertainty that usually causes me to 'overthink' big
time something that otherwise would be straightforward. 


Andrea

On Tue, Oct 6, 2009 at 6:09 PM, Holland, Brandon <hollandb at frmaint.com>
wrote:

	Transcender:

	Which measure is NOT considered to be preventative in nature?

	Insurance

	Fire suppression systems

	Redundant communication links

	Audit Logs

	Ok, so I understand Audit Logs are NOT preventative... but how
is insurance considered preventative?

	Brandon Holland

	Army Fleet Support

	ITS | Network Services

	Ph:  598-0626

	 

	_______________________________________________
	cisspstudy mailing list
	cisspstudy at cccure.org
	http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20091008/e05fe17d/attachment-0001.html>

More information about the cisspstudy mailing list