ES Episode28

From Paul's Security Weekly
Jump to: navigation, search

Episode Audio

Enterprise Security Announcements

"Quick announcement, ITProTV has updated their course library with new courses. Upcoming courses include Cybersecurity Analyst+, CCNA Cyber Ops, ITIL Operational Support and Analysis, Penetration Testing, Ethical Hacking v9. ITProTV is introducing a new membership level. All current Premium Members will be granted the highest membership level available, so ​sign up today! Visit​ and use code ​ ES30."

Enterprise Security News

  1. HP Debuts New Devices In Las Vegas - BizPlus
  2. FireMon Announces Future Support for Check Point R80 - FireMon
  3. Bitdefenders second Bitdefender Box sniffs your homes network to detect hackers | PCWorld
  4. BRIEF-Clearlake Capital to buy LANDESK | Reuters
  5. CIO-Asia - CIOs will thwart cybersecurity threats with behavioral analytics in 2017
  6. NGINX Gains in Netcraft December Web Server Survey

Technical Applications: Cyber Insurance

  • Let’s talk insurance… what it is, what it isn’t
  • Let’s talk about underwriting - and how that’s going to be weird for a while
  • And in your organization, are you even part of the conversation?
  • Should you be?
  • What are you covering, really?
  • Do you know the top claims last year?
  • How are they assessing you (think: third party risk)
  • What is reasonable? And are you meeting those standards?
  • We have little settled case law here - for good reasons

And then we can go deeper

  • Who should get cyber insurance?
- common coverage for all businesses, with the condition that premiums reflect actual risks. Small organizations making less than $1M in annual revenue have a higher percentage of being hacked
  • What are the risks that can be covered by a Cyber Liability Insurance Cover [CLIC]?
- data breach crisis management expenses covering: incident, the investigation, the remediation, data subject notification, call management, credit checking for affected users, legal costs and regulatory fines.
  • How to make sure that you have the right coverage with the right insurer
- make sure to understand the insurance policy jargon such as: “hackers”, “attacks” or “incidents” and “breach”

  • 5 Questions for your Potential Insurer
  1. Which devices must be encrypted? What about the data that is in the control of third-party service providers?
  2. What support is included in case of a data breach event?
  3. Are cyber incidents resulting from employees’ errors, negligence or maliciousness covered?
  4. What happens if an intrusion is detected at a later time?
  5. In which circumstances will a claim be refused based on the principles that insurance policies often stipulate that an organization must not be breaking the law?