[Cisspstudy] cisspstudy Digest, Vol 16, Issue 4

Andrea Gatta andrea.gatta at gmail.com
Wed Oct 7 12:57:51 EDT 2009 

I believe that this is what the author of the original question has been
trying to confuse the heck out of the unlucky test taker.

I do see where you are coming from but it's a matter of fact that insurance
does not stop an incident from happening and is just looking at the
afterwards of the events so I won't say that technically speaking it can be
defined as a preventive control. In my eyes it can be at best a recovery or
a compensating control.

Here is an interesting discussion on the ISC2 forum:

http://blog.isc2.org/isc2_blog/2008/06/information-sec.html


Andrea


On Wed, Oct 7, 2009 at 5:34 PM, Smith, Luther B. <smithlb at mitre.org> wrote:

> RE:  Insurance
>
> All prior assessments are correct, but Insurance 'prevents' a financial
> loss to the insurance policy holder when an event occurs.
>
> R/
>
> -Butch Smith-
>
>
> -----Original Message-----
> From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org]
> On Behalf Of cisspstudy-request at cccure.org
> Sent: Wednesday, October 07, 2009 12:00 PM
> To: cisspstudy at cccure.org
> Subject: cisspstudy Digest, Vol 16, Issue 4
>
> Send cisspstudy mailing list submissions to
>        cisspstudy at cccure.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> or, via email, send a message with subject or body 'help' to
>        cisspstudy-request at cccure.org
>
> You can reach the person managing the list at
>        cisspstudy-owner at cccure.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisspstudy digest..."
>
>
> Today's Topics:
>
>   1. Re: Insurance Preventive Control (Andrea Gatta)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 7 Oct 2009 15:18:14 +0100
> From: Andrea Gatta <andrea.gatta at gmail.com>
> To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> Subject: Re: [Cisspstudy] Insurance Preventive Control
> Message-ID:
>        <89ab1b610910070718l7f01f82bh9954f26d1ea90b1 at mail.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> Another way to look at insurance in the context of the question would be in
> terms of what causes it: risk tranfer.
>
> Risk transfer does not address the ante but just the post of an
> event/incident. Moreover, the risk is still there with the insurer. To this
> end I can't see how insurance could be defined as preventive controls since
> it does not reduce the risk and does not stop the incident from happening.
>
> In case - I did found a number of references that classify insurance as a
> compensatory control.
>
> Andrea
>
> On Tue, Oct 6, 2009 at 9:55 PM, Andrea Gatta <andrea.gatta at gmail.com>
> wrote:
>
> > Just thinking loud - a preventive control avoids in part (mitigation) or
> > altogether an incident from happening.
> >
> > In the context of the question 'audit logs' is the only control which is
> > clearly not preventative in nature.
> >
> > it's a quite a long shot but a recovery control - 'insurance' in this
> case
> > - although not preventative in nature actually shares with preventative
> > controls the focus on complete or partial reduction of the damage so that
> it
> > will be as 'it has never happened'.
> >
> > In the context of the question 'insurance' is clearly a distractor which
> > introduces that uncertainty that usually causes me to 'overthink' big
> time
> > something that otherwise would be straightforward.
> >
> >
> > Andrea
> >
> > On Tue, Oct 6, 2009 at 6:09 PM, Holland, Brandon <hollandb at frmaint.com
> >wrote:
> >
> >>  Transcender:
> >>
> >> Which measure is NOT considered to be preventative in nature?
> >>
> >> Insurance
> >>
> >> Fire suppression systems
> >>
> >> Redundant communication links
> >>
> >> Audit Logs
> >>
> >> Ok, so I understand Audit Logs are NOT preventative? but how is
> insuranceconsidered preventative?
> >>
> >> Brandon Holland
> >>
> >> Army Fleet Support
> >>
> >> ITS | Network Services
> >>
> >> Ph:  598-0626
> >>
> >>
> >> _______________________________________________
> >> cisspstudy mailing list
> >> cisspstudy at cccure.org
> >> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >>
> >>
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20091007/09c0652b/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> End of cisspstudy Digest, Vol 16, Issue 4
> *****************************************
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20091007/8a1d2ff5/attachment.html>

More information about the cisspstudy mailing list