ES Episode28

From Security Weekly Wiki
Jump to navigationJump to search

Episode Audio

Enterprise Security Announcements

"Quick announcement, ITProTV has updated their course library with new courses. Upcoming courses include Cybersecurity Analyst+, CCNA Cyber Ops, ITIL Operational Support and Analysis, Penetration Testing, Ethical Hacking v9. ITProTV is introducing a new membership level. All current Premium Members will be granted the highest membership level available, so ​sign up today! Visit​ and use code ​ ES30."

Enterprise Security News

  1. HP Debuts New Devices In Las Vegas - BizPlus
  2. FireMon Announces Future Support for Check Point R80 - FireMon
  3. Bitdefenders second Bitdefender Box sniffs your homes network to detect hackers | PCWorld
  4. BRIEF-Clearlake Capital to buy LANDESK | Reuters
  5. CIO-Asia - CIOs will thwart cybersecurity threats with behavioral analytics in 2017
  6. NGINX Gains in Netcraft December Web Server Survey

Technical Applications: Cyber Insurance

  • Let’s talk insurance… what it is, what it isn’t
  • Let’s talk about underwriting - and how that’s going to be weird for a while
  • And in your organization, are you even part of the conversation?
  • Should you be?
  • What are you covering, really?
  • Do you know the top claims last year?
  • How are they assessing you (think: third party risk)
  • What is reasonable? And are you meeting those standards?
  • We have little settled case law here - for good reasons

And then we can go deeper

  • Who should get cyber insurance?
- common coverage for all businesses, with the condition that premiums reflect actual risks. Small organizations making less than $1M in annual revenue have a higher percentage of being hacked
  • What are the risks that can be covered by a Cyber Liability Insurance Cover [CLIC]?
- data breach crisis management expenses covering: incident, the investigation, the remediation, data subject notification, call management, credit checking for affected users, legal costs and regulatory fines.
  • How to make sure that you have the right coverage with the right insurer
- make sure to understand the insurance policy jargon such as: “hackers”, “attacks” or “incidents” and “breach”

  • 5 Questions for your Potential Insurer
  1. Which devices must be encrypted? What about the data that is in the control of third-party service providers?
  2. What support is included in case of a data breach event?
  3. Are cyber incidents resulting from employees’ errors, negligence or maliciousness covered?
  4. What happens if an intrusion is detected at a later time?
  5. In which circumstances will a claim be refused based on the principles that insurance policies often stipulate that an organization must not be breaking the law?