Posted by:
admin
17 years, 1 month ago
One the comments on Emergent Chaos about my post Incentive plan for an information security team was from Andrew Jaquith of the Yankee Group:
The fallacy of this whole argument is that "average" losses cannot be applied to any particular incident. Losses are dominated by outliers. ALE is information security's spherical cow.I equated this to not saving for retirement because you might win the lottery. It occurred to me after reading Dark Day Planning: Insuring Against Data Loss that the real answer for Low Probability, High Impact events is insurance. I was even able to dig up some costs for the insurance in this Chronicle of Higher Education article (subscription required, but still in Google Cache:
Brokers say the price of cybercoverage depends on the size of a college's student body. Mr. Hallstrom estimates that a college with 20,000 students can get $3-million of cyberinsurance for about $50,000 a year.That seems like a pretty good deal to me.
Share on Twitter Share on Facebook